Assembly BillNo. 1881

3

11545.  

(a) (1) There is in state government the Department
4of Technology within the Government Operations Agency. The
5Director of Technology shall be appointed by, and serve at the
6pleasure of, the Governor, subject to Senate confirmation. The
7Director of Technology shall supervise the Department of
8Technology and report directly to the Governor on issues relating
9to information technology.

10(2) Unless the context clearly requires otherwise, whenever the
11term “office of the State Chief Information Officer” or “California
12Technology Agency” appears in any statute, regulation, or contract,
13or any other code, it shall be construed to refer to the Department
14of Technology, and whenever the term “State Chief Information
15Officer” or “Secretary of California Technology” appears in any
16statute, regulation, or contract, or any other code, it shall be
17construed to refer to the Director of Technology.

18(3) The Director of Technology shall be the State Chief
19Information Officer.

20(b) The duties of the Director of Technology shall include, but
21are not limited to, all of the following:

22(1) Advising the Governor on the strategic management and
23direction of the state’s information technology resources.

24(2) Establishing and enforcing state information technology
25strategic plans, policies, standards, and enterprise architecture.
26This shall include the periodic review and maintenance of the
P3    1information technology sections of the State Administrative
2Manual, except for sections on information technology procurement
3procedures, and information technology fiscal policy. The Director
4of Technology shall consult with the Director of General Services,
5the Director of Finance, and other relevant agencies concerning
6policies and standards these agencies are responsible to issue as
7they relate to information technology.

8(3) Minimizing overlap, redundancy, and cost in state operations
9by promoting the efficient and effective use of information
10technology.

11(4) Providing technology direction to agency and department
12chief information officers to ensure the integration of statewide
13technology initiatives, compliance with information technology
14policies and standards, and the promotion of the alignment and
15effective management of information technology services. Nothing
16in this paragraph shall be deemed to limit the authority of a
17constitutional officer, cabinet agency secretary, or department
18director to establish programmatic priorities and business direction
19to the respective agency or department chief information officer.

20(5) Working to improve organizational maturity and capacity
21in the effective management of information technology.

22(6) Establishing performance management and improvement
23processes to ensure state information technology systems and
24services are efficient and effective.

25(7) Approving, suspending, terminating, and reinstating
26information technology projects.

27(8) Performing enterprise information technology functions and
28services, including, but not limited to, implementing Geographic
29Information Systems (GIS), shared services, applications, and
30program and project management activities in partnership with the
31 owning agency or department.

begin insert

32(9) Developing and tailoring baseline security controls for the
33state based on baseline security controls published by the National
34Institute of Standards and Technology (NIST). The Director of
35Technology shall review and revise the state baseline security
36controls whenever the NIST updates its baseline security controls
37but, in no event, less frequently than once every three years. State
38agencies shall comply with the state baseline security controls and
39shall not tailor their individual baseline security controls to fall
40below the state baseline security controls.

end insert

P4    1(c) The Director of Technology shall produce an annual
2information technology strategic plan that shall guide the
3acquisition, management, and use of information technology. State
4 agencies shall cooperate with the department in the development
5of this plan, as required by the Director of Technology.

6(1) Upon establishment of the information technology strategic
7plan, the Director of Technology shall take all appropriate and
8necessary steps to implement the plan, subject to any modifications
9and adjustments deemed necessary and reasonable.

10(2) The information technology strategic plan shall be submitted
11to the Joint Legislative Budget Committee by January 15 of every
12year.

13(d) The Director of Technology shall produce an annual
14information technology performance report that shall assess and
15measure the state’s progress toward enhancing information
16technology human capital management; reducing and avoiding
17costs and risks associated with the acquisition, development,
18implementation, management, and operation of information
19technology assets, infrastructure, and systems; improving energy
20efficiency in the use of information technology assets; enhancing
21the security, reliability, and quality of information technology
22networks, services, and systems;begin insert developing, tailoring, and
23complying with state baseline security controls;end insert and improving
24the information technology procurement process. The department
25shall establish those policies and procedures required to improve
26the performance of the state’s information technology program.

27(1) The department shall submit an information technology
28performance management framework to the Joint Legislative
29Budget Committee by May 15, 2009, accompanied by the most
30current baseline data for each performance measure or metric
31contained in the framework. The information technology
32performance management framework shall include the performance
33measures and targets that the department will utilize to assess the
34performance of, and measure the costs and risks avoided by, the
35state’s information technology program. The department shall
36provide notice to the Joint Legislative Budget Committee within
3730 days of making changes to the framework. This notice shall
38include the rationale for changes in specific measures or metrics.

P5    1(2) State agencies shall take all necessary steps to achieve the
2targets set forth by the department and shall report their progress
3to the department on a quarterly basis.

4(3) Notwithstanding Section 10231.5, the information
5technology performance report shall be submitted to the Joint
6Legislative Budget Committee by January 15 of every year. To
7enhance transparency, the department shall post performance
8targets and progress toward these targets on its public Internet Web
9site.

10(4) The department shall at least annually report to the Director
11of Finance cost savings and avoidances achieved through
12improvements to the way the state acquires, develops, implements,
13manages, and operates state technology assets, infrastructure, and
14systems. This report shall be submitted in a timeframe determined
15by the Department of Finance and shall identify the actual savings
16achieved by each office, department, and agency. Notwithstanding
17Section 10231.5, the department shall also, within 30 days, submit
18a copy of that report to the Joint Legislative Budget Committee,
19the Senate Committee on Appropriations, the Senate Committee
20on Budget and Fiscal Review, the Assembly Committee on
21Appropriations, and the Assembly Committee on Budget.

22(e) If the Governor’s Reorganization Plan No. 2 of 2012
23becomes effective, this section shall prevail over Section 186 of
24the Governor’s Reorganization Plan No. 2 of 2012, regardless of
25the dates on which this section and that plan take effect, and this
26section shall become operative on July 1, 2013.