In September, a host of new tech-centric legislation will take effect in the Lone Star State.
A host of new tech-centric legislation is poised to take effect in Texas next month.
With a heavy focus on IT in the Legislature's 84th session, Texas lawmakers and Gov. Greg Abbott have paved the way for a slew of new bills that range from the management of legacy systems, contracting and procurement to the creation of a state data coordinator.
In a webinar facilitated by the state’s Department of Information Resources (DIR), department heads discussed the legislation, effective dates and what the new rules will mean for agencies throughout the state.
House Bill 1 – Riders within this legislation set a number of requirements for agencies looking to replace IT and consolidate their server technology. These requirements include:
Article IX, Section 9.04 requires agencies that receive appropriations for IT to perform cost-benefit analysis between lease and purchase options. The language also requires agencies to comply with Data Center Services’ requirements and participate in DIR bulk IT purchases. The legislation gives the DIR authority to require participation in the bulk purchases. The DIR will be responsible for reporting bulk purchase cost savings to the Legislative Budget Board (LBB).
Article IX, Section 9.09 addresses the requirements for agencies participating in Data Center Services (DCS) programs to report quarterly to the LBB. Additionally, DIR would be responsible for delivering a statewide quarterly progress report on server consolidation efforts within DCS.
Article IX, Section 9.10 requires DIR to prioritize and report the state agencies cybersecurity and legacy systems modernizations for funding consideration. The report to LBB is due in 2016.
Article IX, Section 9.11 requires agencies to coordinate security standards through DIR when making information security-related purchases. The language would give DIR the authority to require some agencies to participate in information security-related bulk purchasing efforts.
Senate Bill 20 – State Contracting and Procurement Changes
SB 20 changes the state’s Statement of Work (SOW) review requirements relating to DIR cooperative contracts and policies, as well as purchasing thresholds. Under the legislation, SOWs greater than $50,000 must now be reviewed by DIR prior to being sent to vendors and must also receive a final signature from the agency, according to Director of Technology Sourcing Office Grace Windbigler. The service categories impacted by this bill include cloud services, deliverables-based IT services, managed services for IT (seat management), and IT security services.
The bill also changes the SOW threshold requirements: SOWs under $50,000 require solicitation of one vendor in a commodity category; SOWs between $50,000 and $150,000 require that three vendors be solicited; SOWs in the range of $150,000 to $1 million require that an agency solicit six vendors or, if fewer than six exist on DIR's contracts in that category, as many vendors as possible. For SOWs greater than $1 million, agencies must post their own solicitation for award. These changes go into effect Sept. 1, 2015. Windbigler said the initial review process is expected to take 30 days, but efforts will be made to reduce agency wait time.
Senate Bill 34 – Overall State Information Security
This piece of legislation obligates DIR to evaluate and report on the overall information security posture of systems to state leadership. The report will be based on legislation (SB 1597) from the 83rd session, which required that security plans be submitted by the various agencies to DIR for review.
House Bill 855 – Internet Browser and Compatibility
This bill centers on state website compatibility with popular browsers and wireless or mobile devices. Under this legislation, DIR is tasked with identifying the most commonly used Web browsers and optimizing state portals to better fit access needs and habits of the public. Officials are discussing deadlines for these efforts but have not settled on a solid date, according to Director of Technology Planning, Policy and Governance Deborah Hujar.
Senate Bill 1844 – Interagency Data Coordination and Transparency Commission
Senate Bill 1844 deals with the Interagency Data Coordination and Transparency Commission. The commission is tasked with the study and review of the public data structure, classification, sharing and reporting protocols of state agencies. This commission will likely work closely with the newly created State Data Coordinator (HB 1912). The commission may be responsible for the collection and posting of data from state agencies to an open-source portal for public consumption. The commission will have to report on its findings Sept. 1, 2016.
Senate Bill 1877 – Data Use Agreements
Under this new rule, agencies would be required to establish data use agreements for employees who handle sensitive information, as well as implement cybersecurity awareness training. This bill charges DIR to assess whether the individual data use agreements of various agencies are in keeping with current state information security standards.
Senate Bill 1878 – Feasibility Study Additional Sensitive Data Control and Security
Focused on certain electronic information stored by the state, this bill directs DIR to conduct a study on the feasibility of implementing new identification and access requirements. Chief Information Security Officer Eddie Block said the study will weigh the benefits of a several identity management options including federated and central repository approaches. Block said he would ultimately like to provide a recommendation to the state legislature. A report is required by Nov. 30, 2016.
House Bill 1890 – Legacy System Study Recommendations
This legislation makes way for the development of modernization strategies for the state’s legacy information systems. A pilot program to determine the viability of implementing shared reporting and business analytics statewide is also part of this bill.
House Bill 1912 – Statewide Data Coordinator
House Bill 1912 creates the new role of Statewide Data Coordinator within DIR. The position will be responsible for the oversight of the control and security of information, promoting information sharing between agencies, reducing information collection costs and developing implementing best practices. The coordinator will likely work closely with the Interagency Data Coordination and Transparency Commission (SB 1844).
House Bill 2000 – DIR Cooperative Contracts Customer Base
“This [bill] expands the customer base of the DIR cooperative contracts program," Windbigler said. "Currently our contracts serve Texas state agencies, higher education, K-12, the cities and counties in Texas, assistance organizations and out of state customers. This bill adds five new customers.”
Under the legislation, private schools, private or independent higher education institutions, volunteer fire departments, the Lower Colorado River Authority and the Electric Reliability Council of Texas will be included under the DIR contract customer base.
Editor's Note: This story has been updated to reflect clarifications from the Texas Department of Information Resources.