Outside Section 22
Data Current as of: 7/10/2014
The General Laws are hereby amended by inserting after chapter 7C the following chapter:-
MASSACHUSETTS OFFICE OF INFORMATION TECHNOLOGY
Section 1. As used in this chapter, the following words shall, unless the context clearly requires otherwise, have the following meanings:-
"Chief information officer" or "CIO", the chief information officer of the Massachusetts office of information technology.
"Director", the director of information technology of an executive office established pursuant to section 2 of chapter 6A.
"Deputy director", the director of information technology of a state agency.
"Information technology" or "IT", hardware, software, telecommunications equipment and related services designed for the storage, manipulation and retrieval of data by electronic or mechanical means including, but not limited to, personal computers, mainframes, wide and local area networks, servers, mobile or portable computers, peripheral equipment, telephones, wireless communications, handheld devices, cloud-based application and platform services, public safety radio services, facsimile machines, data centers, dedicated training facilities and switching facilities.
"Office", the Massachusetts office of information technology.
"State agency", a legal entity of state government established by the general court as an agency, board, bureau, commission, council, department, office or division of the commonwealth with a specific mission and which is subject to the control of the governor or whose administration has been solely appointed by the governor.
Section 2. There shall be a Massachusetts office of information technology within the executive office for administration and finance. The office shall be administered by the chief information officer who shall be appointed by the secretary of administration and finance, with the approval of the governor and who shall serve as the chief information officer of the commonwealth and shall supervise all IT services of state agencies. All state agencies engaged in activities concerning information technology shall coordinate with the office on matters pertaining to contracting, operations, risk assessment, hiring, project management and procurement.
Section 3. The office shall have all powers necessary or convenient to carry out its duties including, but not limited to, the power to:
(i) establish bureaus and other functional units within the office and hire employees;
(ii) coordinate and centralize the management and operation of IT functions within state agencies;
(iii) coordinate with and provide assistance, advice and expertise in connection with business relationships between state agencies and private sector providers of information technology;
(iv) eliminate, where appropriate, duplication of duties and functions among IT personnel within state agencies;
(v) monitor trends and advances in information technology resources;
(vi) oversee and supervise the maintenance of information technology and the initiation of information technology updates or projects for state agencies;
(vii) initiate procurements of information technology resources for state agencies and enter into agreements or contracts in connection with such procurement on behalf of a state agency or other political subdivision of the commonwealth, if so authorized;
(viii) maintain a grant information page on the commonwealth's official website;
(ix) review and approve the information technology budget requests of a state agency and, in consultation with the directors, designate a state agency's IT spending priorities;
(x) implement standards for product or service specifications, characteristics or performance requirements of IT resources that increase efficiency and improve security and identify opportunities for cost savings within state agencies based on such standardization; and
(xi) establish special requirements for vendors of IT services to state agencies.
Section 4. There shall be a bureau of information security within the office under the supervision of a chief security officer who has expertise in security and risk management for communications and information resources. The chief security officer shall advise the CIO on preventing data loss and fraud and protecting privacy.
Section 5. There shall be a bureau of geographic information within the office which shall develop, maintain, update and distribute geographic information, technology, data and services for use by state agencies, municipalities and the public. The office shall coordinate all geographic information activities in state and local government and shall collect, manage and distribute geographic information maintained by state agencies and local government agencies. The office shall also provide technical services related to geographic information to state agencies and municipalities. The CIO shall set standards for the acquisition, management and reporting of geographical information and for the acquisition, creation or use of applications employing such information by any state agency and the reporting of such information by municipalities.
Section 6. (a) The secretary of each executive office established pursuant to section 2 of chapter 6A shall, in consultation with and approval by the CIO, appoint a director of information technology of the executive office who shall report directly to the secretary and the CIO. Each director of information technology shall manage all information technology operations within the executive office and supervise all information technology personnel. Each director shall be responsible for evaluating the present and future information technology needs of agencies within their respective executive offices. A director, in consultation with and with the approval of the CIO, may designate a deputy director of information technology for an agency within the director's executive office.
(b) The CIO and the director shall jointly identify the positions and functions affiliated with the management and administration of an executive office's information technology resources and enterprises that shall be centralized within the executive office. Each director shall develop an IT strategic plan for the executive office that shall be approved by the CIO that sets forth: (i) operational and project priorities; (ii) budgets; (iii) planned procurements; (iv) efficiency goals; (v) security initiatives; and (vi) staffing plans.
(c) The CIO shall hold quarterly meetings with all directors and shall conduct annual compliance reviews across the executive offices to ensure full compliance with statutes, regulations, policies, standards and contractual obligations related to information technology and security.
Section 7. (a) The CIO, in consultation with the operational services division, shall determine and set a minimum financial threshold above which any proposed IT expenditure by a state agency shall be reviewed and approved by the office.The CIO may suspend an expenditure related to IT until approval has been granted by the office.
(b) All state agency contracts for IT shall require the approval of the CIO. The CIO may negotiate state agency IT contracts and amendments to existing contracts entered into by a state agency for information technology services in order to expand the scope of the contract, extend the term of the contract, improve delivery of services under the contract or to safeguard information from threats to cyber security. The office shall review long-term contracts for information technology services on a quarterly basis to ensure that services delivered pursuant to those contracts are provided in a timely and cost-effective manner to the commonwealth. If the CIO determines that information technology services under any such contract could be improved, the office shall consult and negotiate with each agency and contractor who is a party to the existing contract to obtain terms and conditions more favorable to the commonwealth.
(c) For IT projects that exceed $20,000,000, are self-financing or present a unique set of challenges due to interagency collaboration, federal participation or private investment, the CIO shall establish a project oversight committee that shall develop criteria and benchmarks to evaluate the project and advise the CIO as to whether the project is accomplishing its objectives. A committee established pursuant to this section may include members from the private sector; provided, however, that members shall have no financial interest in the project overseen by the committee.
Section 8. Through interagency service agreements, the office may consult and provide services to municipalities, constitutional officers, the judiciary, the legislature, institutions of higher education, authorities, quasi-public corporations and other political subdivisions of the commonwealth as well as other states of the United States if the provision of these services to other states will decrease the costs or improve the efficiency of the service provided by the office to the commonwealth. The office shall consult with the division of local services in the department of revenue to identify ways to better assist municipalities and regional entities in procuring and developing information technology services.
Section 9. The office shall develop a statewide information technology plan that shall identify the immediate needs of information technology among state agencies as well as long-term investments in information technology that should be considered by the commonwealth. The plan shall be updated annually and shall be published on the website of the commonwealth.