Assembly BillNo. 1881

3

11545.  

(a) (1) There is in state government the Department
4of Technology within the Government Operations Agency. The
5Director of Technology shall be appointed by, and serve at the
6pleasure of, the Governor, subject to Senate confirmation. The
7Director of Technology shall supervise the Department of
8Technology and report directly to the Governor on issues relating
9to information technology.

10(2) Unless the context clearly requires otherwise, whenever the
11term “office of the State Chief Information Officer” or “California
12Technology Agency” appears in any statute, regulation, or contract,
13or any other code, it shall be construed to refer to the Department
14of Technology, and whenever the term “State Chief Information
15Officer” or “Secretary of California Technology” appears in any
16statute, regulation, or contract, or any other code, it shall be
17construed to refer to the Director of Technology.

18(3) The Director of Technology shall be the State Chief
19Information Officer.

20(b) The duties of the Director of Technology shall include, but
21are not limited to, all of the following:

22(1) Advising the Governor on the strategic management and
23direction of the state’s information technology resources.

24(2) Establishing and enforcing state information technology
25strategic plans, policies, standards, and enterprise architecture.
26This shall include the periodic review and maintenance of the
27information technology sections of the State Administrative
28Manual, except for sections on information technology procurement
29procedures, and information technology fiscal policy. The Director
P3    1of Technology shall consult with the Director of General Services,
2the Director of Finance, and other relevant agencies concerning
3policies and standards these agencies are responsible to issue as
4they relate to information technology.

5(3) Minimizing overlap, redundancy, and cost in state operations
6by promoting the efficient and effective use of information
7technology.

8(4) Providing technology direction to agency and department
9chief information officers to ensure the integration of statewide
10technology initiatives, compliance with information technology
11policies and standards, and the promotion of the alignment and
12effective management of information technology services. Nothing
13in this paragraph shall be deemed to limit the authority of a
14constitutional officer, cabinet agency secretary, or department
15director to establish programmatic priorities and business direction
16to the respective agency or department chief information officer.

17(5) Working to improve organizational maturity and capacity
18in the effective management of information technology.

19(6) Establishing performance management and improvement
20processes to ensure state information technology systems and
21services are efficient and effective.

22(7) Approving, suspending, terminating, and reinstating
23information technology projects.

24(8) Performing enterprise information technology functions and
25services, including, but not limited to, implementing Geographic
26Information Systems (GIS), shared services, applications, and
27program and project management activities in partnership with the
28 owning agency or department.

29(9) Developing and tailoring baseline security controls for the
30state based onbegin insert emerging industry standards andend insert baseline security
31controls published by the National Institute of Standards and
32Technology (NIST). The Director of Technology shall review and
33revise the state baseline security controls whenever the NIST
34updates its baseline security controlsbegin insert or advancing industry
35standards warrantend insert but, in no event, less frequently than once every
36begin delete three years.end deletebegin insert year.end insert State agencies shall comply with the state
37baseline security controls and shall not tailor their individual
38baseline security controls to fall below the state baseline security
39controls.

P4    1(c) The Director of Technology shall produce an annual
2information technology strategic plan that shall guide the
3acquisition, management, and use of information technology. State
4 agencies shall cooperate with the department in the development
5of this plan, as required by the Director of Technology.

6(1) Upon establishment of the information technology strategic
7plan, the Director of Technology shall take all appropriate and
8necessary steps to implement the plan, subject to any modifications
9and adjustments deemed necessary and reasonable.

10(2) The information technology strategic plan shall be submitted
11to the Joint Legislative Budget Committee by January 15 of every
12year.

13(d) The Director of Technology shall produce an annual
14information technology performance report that shall assess and
15measure the state’s progress toward enhancing information
16technology human capital management; reducing and avoiding
17costs and risks associated with the acquisition, development,
18implementation, management, and operation of information
19technology assets, infrastructure, and systems; improving energy
20efficiency in the use of information technology assets; enhancing
21the security, reliability, and quality of information technology
22networks, services, and systems; developing, tailoring, and
23complying with state baseline security controls; and improving
24the information technology procurement process. The department
25shall establish those policies and procedures required to improve
26the performance of the state’s information technology program.

27(1) The department shall submit an information technology
28performance management framework to the Joint Legislative
29Budget Committee by May 15, 2009, accompanied by the most
30current baseline data for each performance measure or metric
31contained in the framework. The information technology
32performance management framework shall include the performance
33measures and targets that the department will utilize to assess the
34performance of, and measure the costs and risks avoided by, the
35state’s information technology program. The department shall
36provide notice to the Joint Legislative Budget Committee within
3730 days of making changes to the framework. This notice shall
38include the rationale for changes in specific measures or metrics.

P5    1(2) State agencies shall take all necessary steps to achieve the
2targets set forth by the department and shall report their progress
3to the department on a quarterly basis.

4(3) Notwithstanding Section 10231.5, the information
5technology performance report shall be submitted to the Joint
6Legislative Budget Committee by January 15 of every year. To
7enhance transparency, the department shall post performance
8targets and progress toward these targets on its public Internet Web
9site.

10(4) The department shall at least annually report to the Director
11of Finance cost savings and avoidances achieved through
12improvements to the way the state acquires, develops, implements,
13manages, and operates state technology assets, infrastructure, and
14systems. This report shall be submitted in a timeframe determined
15by the Department of Finance and shall identify the actual savings
16achieved by each office, department, and agency. Notwithstanding
17Section 10231.5, the department shall also, within 30 days, submit
18a copy of that report to the Joint Legislative Budget Committee,
19the Senate Committee on Appropriations, the Senate Committee
20on Budget and Fiscal Review, the Assembly Committee on
21Appropriations, and the Assembly Committee on Budget.

22(e) If the Governor’s Reorganization Plan No. 2 of 2012
23becomes effective, this section shall prevail over Section 186 of
24the Governor’s Reorganization Plan No. 2 of 2012, regardless of
25the dates on which this section and that plan take effect, and this
26section shall become operative on July 1, 2013.