As used in this chapter, the term:
(1) “Agency data center” means agency space containing 10 or more physical or logical servers.
1(2) “Breach” means a confirmed event that compromises the confidentiality, integrity, or availability of information or data.
(3) “Business continuity plan” means a collection of procedures and information designed to keep an agency’s critical operations running during a period of displacement or interruption of normal operations.
(4) “Computing facility” or “agency computing facility” means agency space containing fewer than a total of 10 physical or logical servers, but excluding single, logical-server installations that exclusively perform a utility function such as file and print servers.
2(5) “Customer entity” means an entity that obtains services from the Agency for State Technology.
(6) “Department” means the Department of Management Services.
(7) “Disaster recovery” means the process, policies, procedures, and infrastructure related to preparing for and implementing recovery or continuation of an agency’s vital technology infrastructure after a natural or human-induced disaster.
(8) “Enterprise information technology service” means an information technology service that is used in all agencies or a subset of agencies and is established in law to be designed, delivered, and managed at the enterprise level.
(9) “Event” means an observable occurrence in a system or network.
(10) “Incident” means a violation or imminent threat of violation, whether such violation is accidental or deliberate, of information technology security policies, acceptable use policies, or standard security practices. An imminent threat of violation refers to a situation in which the state agency has a factual basis for believing that a specific incident is about to occur.
(11) “Information technology” means equipment, hardware, software, firmware, programs, systems, networks, infrastructure, media, and related material used to automatically, electronically, and wirelessly collect, receive, access, transmit, display, store, record, retrieve, analyze, evaluate, process, classify, manipulate, manage, assimilate, control, communicate, exchange, convert, converge, interface, switch, or disseminate information of any kind or form.
(12) “Information technology policy” means a definite course or method of action selected from among one or more alternatives that guide and determine present and future decisions.
(13) “Information technology resources” has the same meaning as provided in s. 119.011.
(14) “Information technology security” means the protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability, and confidentiality of data, information, and information technology resources.
(15) “Performance metrics” means the measures of an organization’s activities and performance.
(16) “Project” means an endeavor that has a defined start and end point; is undertaken to create or modify a unique product, service, or result; and has specific objectives that, when attained, signify completion.
(17) “Project oversight” means an independent review and analysis of an information technology project that provides information on the project’s scope, completion timeframes, and budget and that identifies and quantifies issues or risks affecting the successful and timely completion of the project.
(18) “Risk assessment” means the process of identifying security risks, determining their magnitude, and identifying areas needing safeguards.
(19) “Service level” means the key performance indicators (KPI) of an organization or service which must be regularly performed, monitored, and achieved.
2(20) “Service-level agreement” means a written contract between the Agency for State Technology and a customer entity which specifies the scope of services provided, service level, the duration of the agreement, the responsible parties, and agency assessment costs, which include administrative and data center costs. A service-level agreement is not a rule pursuant to chapter 120.
(21) “Stakeholder” means a person, group, organization, or state agency involved in or affected by a course of action.
(22) “Standards” means required practices, controls, components, or configurations established by an authority.
(23) “State agency” means any official, officer, commission, board, authority, council, committee, or department of the executive branch of state government; the Justice Administrative Commission; and the Public Service Commission. The term does not include university boards of trustees or state universities. As used in part I of this chapter, except as otherwise specifically provided, the term does not include the Department of Legal Affairs, the Department of Agriculture and Consumer Services, or the Department of Financial Services.
(24) “SUNCOM Network” means the state enterprise telecommunications system that provides all methods of electronic or optical telecommunications beyond a single building or contiguous building complex and used by entities authorized as network users under this part.
(25) “Telecommunications” means the science and technology of communication at a distance, including electronic systems used in the transmission or reception of information.
(26) “Threat” means any circumstance or event that has the potential to adversely impact a state agency’s operations or assets through an information system via unauthorized access, destruction, disclosure, or modification of information or denial of service.
(27) “Variance” means a calculated value that illustrates how far positive or negative a projection has deviated when measured against documented estimates within a project plan.
2(28) “Agency assessment” means the amount each customer entity must pay annually for services from the Agency for State Technology and includes administrative and data center services costs. 2Note.—
A. Section 58, ch. 2018-10, amended subsections (5) and (20) and added subsection (28) “[i]n order to implement Specific Appropriations 2911 through 2930 of the 2018-2019 General Appropriations Act.”
B. Section 61, ch. 2018-10, provides that “[t]he amendments made by this act to ss. 20.61, 282.0041, 282.0051, and 282.201, Florida Statutes, expire July 1, 2019, and the text of those sections shall revert to that in existence on June 30, 2018, except that any amendments to such text enacted other than by this act shall be preserved and continue to operate to the extent that such amendments are not dependent upon the portions of text which expire pursuant to this section.” Effective July 1, 2019, subsection (28) is deleted and subsections (5) and (20), as amended by s. 61, ch. 2018-10, will read:
(5) “Customer entity” means an entity that obtains services from the state data center.
* * * * *
(20) “Service-level agreement” means a written contract between the state data center and a customer entity which specifies the scope of services provided, service level, the duration of the agreement, the responsible parties, and service costs. A service-level agreement is not a rule pursuant to chapter 120.