11545. (a) (1) There is in state government the California
Technology Agency. The Secretary of California Technology shall be
appointed by, and serve at the pleasure of, the Governor, subject to
Senate confirmation. The Secretary of California Technology shall
supervise the California Technology Agency and be a member of the
Governor's cabinet.
(2) Unless the context clearly requires otherwise, whenever the
term "office of the State Chief Information Officer" appears in any
statute, regulation, or contract, it shall be construed to refer to
the California Technology Agency, and whenever the term "State Chief
Information Officer" appears in any statute, regulation, or contract,
it shall be construed to refer to the Secretary of California
Technology.
(b) The duties of the Secretary of California Technology shall
include, but are not limited to, all of the following:
(1) Advising the Governor on the strategic management and
direction of the state's information technology resources.
(2) Establishing and enforcing state information technology
strategic plans, policies, standards, and enterprise architecture.
This shall include the periodic review and maintenance of the
information technology sections of the State Administrative Manual,
except for sections on information technology procurement procedures,
and information technology fiscal policy. The Secretary of
California Technology shall consult with the Director of General
Services, the Director of Finance, and other relevant agencies
concerning policies and standards these agencies are responsible to
issue as they relate to information technology.
(3) Minimizing overlap, redundancy, and cost in state operations
by promoting the efficient and effective use of information
technology.
(4) Providing technology direction to agency and department chief
information officers to ensure the integration of statewide
technology initiatives, compliance with information technology
policies and standards, and the promotion of the alignment and
effective management of information technology services. Nothing in
this paragraph shall be deemed to limit the authority of a
constitutional officer, cabinet agency secretary, or department
director to establish programmatic priorities and business direction
to the respective agency or department chief information officer.
(5) Working to improve organizational maturity and capacity in the
effective management of information technology.
(6) Establishing performance management and improvement processes
to ensure state information technology systems and services are
efficient and effective.
(7) Approving, suspending, terminating, and reinstating
information technology projects.
(8) Performing enterprise information technology functions and
services, including, but not limited to, implementing Geographic
Information Systems (GIS), shared services, applications, and program
and project management activities in partnership with the owning
agency or department.
(c) The Secretary of California Technology shall produce an annual
information technology strategic plan that shall guide the
acquisition, management, and use of information technology. State
agencies shall cooperate with the agency in the development of this
plan, as required by the Secretary of California Technology.
(1) Upon establishment of the information technology strategic
plan, the Secretary of California Technology shall take all
appropriate and necessary steps to implement the plan, subject to any
modifications and adjustments deemed necessary and reasonable.
(2) The information technology strategic plan shall be submitted
to the Joint Legislative Budget Committee by January 15 of every
year.
(d) The Secretary of California Technology shall produce an annual
information technology performance report that shall assess and
measure the state's progress toward enhancing information technology
human capital management; reducing and avoiding costs associated with
the acquisition, development, implementation, management, and
operation of information technology assets, infrastructure, and
systems; improving energy efficiency in the use of information
technology assets; enhancing the security, reliability, and quality
of information technology networks, services, and systems; and
improving the information technology procurement process. The agency
shall establish those policies and procedures required to improve the
performance of the state's information technology program.
(1) The agency shall submit an information technology performance
management framework to the Joint Legislative Budget Committee by May
15, 2009, accompanied by the most current baseline data for each
performance measure or metric contained in the framework. The
information technology performance management framework shall include
the performance measures and targets that the agency will utilize to
assess the performance of the state's information technology
program. The agency shall provide notice to the Joint Legislative
Budget Committee within 30 days of making changes to the framework.
This notice shall include the rationale for changes in specific
measures or metrics.
(2) State agencies shall take all necessary steps to achieve the
targets set forth by the agency and shall report their progress to
the agency on a quarterly basis.
(3) The information technology performance report shall be
submitted to the Joint Legislative Budget Committee by January 15 of
every year. To enhance transparency, the agency shall post
performance targets and progress toward these targets on its public
Internet Web site.
(4) The agency shall at least annually report to the Director of
Finance cost savings achieved through improvements to the way the
state acquires, develops, implements, manages, and operates state
technology assets, infrastructure, and systems. This report shall be
submitted in a timeframe determined by the Department of Finance and
shall identify the actual savings achieved by each office,
department, and agency.
11546. (a) The California Technology Agency shall be responsible
for the approval and oversight of information technology projects,
which shall include, but are not limited to, all of the following:
(1) Establishing and maintaining a framework of policies,
procedures, and requirements for the initiation, approval,
implementation, management, oversight, and continuation of
information technology projects.
(2) Evaluating information technology projects based on the
business case justification, resources requirements, proposed
technical solution, project management, oversight and risk mitigation
approach, and compliance with statewide strategies, policies, and
procedures. Projects shall continue to be funded through the
established Budget Act process.
(3) Consulting with agencies during initial project planning to
ensure that project proposals are based on well-defined programmatic
needs, clearly identify programmatic benefits, and consider feasible
alternatives to address the identified needs and benefits consistent
with statewide strategies, policies, and procedures.
(4) Consulting with agencies prior to project initiation to review
the project governance and management framework to ensure that it is
best designed for success and will serve as a resource for agencies
throughout the project implementation.
(5) Requiring agencies to provide information on information
technology projects including, but not limited to, all of the
following:
(A) The degree to which the project is within approved scope,
cost, and schedule.
(B) Project issues, risks, and corresponding mitigation efforts.
(C) The current estimated schedule and costs for project
completion.
(6) Requiring agencies to perform remedial measures to achieve
compliance with approved project objectives. These remedial measures
may include, but are not limited to, any of the following:
(A) Independent assessments of project activities, the cost of
which shall be funded by the agency administering the project.
(B) Establishing remediation plans.
(C) Securing appropriate expertise, the cost of which shall be
funded by the agency administering the project.
(D) Requiring additional project reporting.
(E) Requiring approval to initiate any action identified in the
approved project schedule.
(7) Suspending, reinstating, or terminating information technology
projects. The agency shall notify the Joint Legislative Budget
Committee of any project suspension, reinstatement, and termination
within 30 days of that suspension, reinstatement, or termination.
(8) Establishing restrictions or other controls to mitigate
nonperformance by agencies, including, but not limited to, any of the
following:
(A) The restriction of future project approvals pending
demonstration of successful correction of the identified performance
failure.
(B) The revocation or reduction of authority for state agencies to
initiate information technology projects or acquire information
technology or telecommunications goods or services.
(b) The California Technology Agency shall have the authority to
delegate to another agency any authority granted under this section
based on its assessment of the agency's project management, project
oversight, and project performance.
11546.1. The California Technology Agency shall improve the
governance and implementation of information technology by
standardizing reporting relationships, roles, and responsibilities
for setting information technology priorities.
(a) (1) Each state agency shall have a chief information officer
who is appointed by the head of the state agency, or by the head's
designee, subject to the approval of the California Technology
Agency.
(2) A chief information officer appointed under this subdivision
shall do all of the following:
(A) Oversee the information technology portfolio and information
technology services within his or her state agency through the
operational oversight of information technology budgets of
departments, boards, bureaus, and offices within the state agency.
(B) Develop the enterprise architecture for his or her state
agency, subject to the review and approval of the California
Technology Agency, to rationalize, standardize, and consolidate
information technology applications, assets, infrastructure, data,
and procedures for all departments, boards, bureaus, and offices
within the state agency.
(C) Ensure that all departments, boards, bureaus, and offices
within the state agency are in compliance with the state information
technology policy.
(b) (1) Each state entity shall have a chief information officer
who is appointed by the head of the state entity.
(2) A chief information officer appointed under this subdivision
shall do all of the following:
(A) Supervise all information technology and telecommunications
activities within his or her state entity, including, but not limited
to, information technology, information security, and
telecommunications personnel, contractors, systems, assets, projects,
purchases, and contracts.
(B) Ensure the entity conforms with state information technology
and telecommunications policy and enterprise architecture.
(c) Each state agency shall have an information security officer
appointed by the head of the state agency, or the head's designee,
subject to the approval by the California Technology Agency. The
state agency's information security officer appointed under this
subdivision shall report to the state agency's chief information
officer.
(d) Each state entity shall have an information security officer
who is appointed by the head of the state entity. An information
security officer shall report to the chief information officer of his
or her state entity. The California Technology Agency shall develop
specific qualification criteria for an information security officer.
If a state entity cannot fund a position for an information security
officer, the entity's chief information officer shall perform the
duties assigned to the information security officer. The chief
information officer shall coordinate with the California Technology
Agency for any necessary support.
(e) (1) For purposes of this section, "state agency" means the
Business, Transportation and Housing Agency, Department of
Corrections and Rehabilitation, Department of Veterans Affairs, State
and Consumer Services Agency, Natural Resources Agency, California
Health and Human Services Agency, California Environmental Protection
Agency, Labor and Workforce Development Agency, and Department of
Food and Agriculture.
(2) For purposes of this section, "state entity" means an entity
within the executive branch that is under the direct authority of the
Governor, including, but not limited to, all departments, boards,
bureaus, commissions, councils, and offices that are not defined as a
"state agency" pursuant to paragraph (1).
(f) A state entity that is not defined under subdivision (e) may
voluntarily comply with any of the requirements of Sections 11546.2
and 11546.3 and may request assistance from the California Technology
Agency to do so.
11546.2. On or before February 1, 2011, and annually thereafter,
each state agency and state entity subject to Section 11546.1, shall
submit, as instructed by the California Technology Agency, a summary
of its actual and projected information technology and
telecommunications costs, including personnel, for the immediately
preceding fiscal year and current fiscal year, showing current
expenses and projected expenses for the current fiscal year, in a
format prescribed by the California Technology Agency in order to
capture statewide information technology expenditures.
11546.3. (a) (1) A chief information officer appointed under
Section 11546.1 shall develop a plan to leverage cost-effective
strategies to reduce the total amount of energy utilized by
information technology and telecommunications equipment of the
officer's agency or entity, as the case may be, in support of the
statewide effort to reduce energy consumption by 20 percent below the
2009 baseline by July 1, 2011, and by 30 percent below the 2009
baseline by July 1, 2012.
(2) A chief information officer appointed under Section 11546.1
shall report the progress toward the energy reduction targets in
paragraph (1) to the California Technology Agency on a quarterly
basis beginning in January 2011. The California Technology Agency
shall include the quarterly reports on its Internet Web site.
(b) (1) A state agency or entity subject to Section 11546.1 shall
do all of the following:
(A) Comply with the policies of the California Technology Agency
to reduce the total amount of office square footage currently
utilized for data centers by the agency or entity, as the case may
be, in support of the statewide effort to reduce energy consumption
by 50 percent below the 2009 baseline by July 2011.
(B) Host all mission critical and public-facing applications and
server refreshes in a Tier III or equivalent data center, as
designated by the California Technology Agency.
(C) Close any existing data centers or server rooms that house
nonnetwork equipment by June 2013. On or before July 2011, transition
plans, in accordance with guidance provided by the California
Technology Agency, shall be submitted to the California Technology
Agency.
(D) Be in migration from its existing network services to the
California Government Network by no later than July 2011.
(E) Report to the California Technology Agency on the progress
toward the targets listed in this subdivision on a quarterly basis,
beginning in January 2011.
(2) The California Technology Agency shall include the quarterly
reports required by subparagraph (E) of paragraph (1) on its Internet
Web site.
(c) (1) A state agency or entity subject to Section 11546.1 shall
do both of the following:
(A) Be in migration to the state shared e-mail solution by no
later than June 2011.
(B) Report to the California Technology Agency on the progress
toward the target listed in subparagraph (A) on a quarterly basis,
beginning in April 2011.
(2) The California Technology Agency shall include the quarterly
reports required by subparagraph (B) of paragraph (1) on its Internet
Web site.
11546.4. Notwithstanding any other law, any service contract
proposed to be entered into by an agency that would not otherwise be
subject to review, approval, or oversight by the office of the State
Chief Information Officer but that contains an information technology
component that would be subject to oversight by the office of the
State Chief Information Officer if it was a separate information
technology project, shall be subject to review, approval, and
oversight by the office of the State Chief Information Officer as set
forth in Section 11546.
11546.5. Notwithstanding any other provision of law, all employees
of the California Technology Agency shall be designated as excluded
from collective bargaining pursuant to subdivision (b) of Section
3527, except for employees of the Office of Technology Services and
employees of the Public Safety Communications Division who are not
otherwise excluded from collective bargaining.
11546.6. (a) The State Chief Information Officer shall require
fingerprint images and associated information from an employee,
prospective employee, contractor, subcontractor, volunteer, or vendor
whose duties include, or would include, working on data center,
telecommunications, or network operations, engineering, or security
with access to confidential or sensitive information and data on the
network or computing infrastructure.
(b) The fingerprint images and associated information described in
subdivision (a) shall be furnished to the Department of Justice for
the purpose of obtaining information as to the existence and nature
of any of the following:
(1) A record of state or federal convictions and the existence and
nature of state or federal arrests for which the person is free on
bail or on his or her own recognizance pending trial or appeal.
(2) Being convicted of, or pleading nolo contendere to, a crime,
or having committed an act involving dishonesty, fraud, or deceit, if
the crime or act is substantially related to the qualifications,
functions, or duties of a person employed by the state in accordance
with this provision.
(3) Any conviction or arrest, for which the person is free on bail
or on his or her own recognizance pending trial or appeal, with a
reasonable nexus to the information or data to which the employee
shall have access.
(c) Requests for federal criminal offender record information
received by the Department of Justice pursuant to this section shall
be forwarded to the Federal Bureau of Investigation by the Department
of Justice.
(d) The Department of Justice shall respond to the State Chief
Information Officer with information as provided under subdivision
(p) of Section 11105 of the Penal Code.
(e) The State Chief Information Officer shall request subsequent
arrest notifications from the Department of Justice as provided under
Section 11105.2 of the Penal Code.
(f) The Department of Justice may assess a fee sufficient to cover
the processing costs required under this section, as authorized
pursuant to subdivision (e) of Section 11105 of the Penal Code.
(g) If an individual described in subdivision (a) is rejected as a
result of information contained in the Department of Justice or
Federal Bureau of Investigation criminal offender record information
response, the individual shall receive a copy of the response record
from the State Chief Information Officer.
(h) The State Chief Information Officer shall develop a written
appeal process for an individual described in subdivision (a) who is
determined ineligible for employment because of his or her Department
of Justice or Federal Bureau of Investigation criminal offender
record. Individuals shall not be found to be ineligible for
employment pursuant to this section until the appeal process is in
place.
(i) When considering the background information received pursuant
to this section, the State Chief Information Officer shall take under
consideration any evidence of rehabilitation, including
participation in treatment programs, as well as the age and specifics
of the offense.
11547. The Department of Finance shall perform fiscal oversight of
the state's information technology projects. This oversight shall
consist of a determination of the availability of project funding
from appropriate sources, and project consistency with state fiscal
policy. Projects shall continue to be funded through the established
Budget Act process.
11548. This chapter shall not apply to the State Compensation
Insurance Fund, the Legislature, or the Legislative Data Center in
the Legislative Counsel Bureau.
11548.5. This chapter shall remain in effect only until January 1,
2015, and as of that date is repealed, unless a later enacted
statute, that is enacted before January 1, 2015, deletes or extends
that date.
11545. (a) (1) There is in state government the California
Technology Agency. The Secretary of California Technology shall be
appointed by, and serve at the pleasure of, the Governor, subject to
Senate confirmation. The Secretary of California Technology shall
supervise the California Technology Agency and be a member of the
Governor's cabinet.
(2) Unless the context clearly requires otherwise, whenever the
term "office of the State Chief Information Officer" appears in any
statute, regulation, or contract, it shall be construed to refer to
the California Technology Agency, and whenever the term "State Chief
Information Officer" appears in any statute, regulation, or contract,
it shall be construed to refer to the Secretary of California
Technology.
(b) The duties of the Secretary of California Technology shall
include, but are not limited to, all of the following:
(1) Advising the Governor on the strategic management and
direction of the state's information technology resources.
(2) Establishing and enforcing state information technology
strategic plans, policies, standards, and enterprise architecture.
This shall include the periodic review and maintenance of the
information technology sections of the State Administrative Manual,
except for sections on information technology procurement procedures,
and information technology fiscal policy. The Secretary of
California Technology shall consult with the Director of General
Services, the Director of Finance, and other relevant agencies
concerning policies and standards these agencies are responsible to
issue as they relate to information technology.
(3) Minimizing overlap, redundancy, and cost in state operations
by promoting the efficient and effective use of information
technology.
(4) Providing technology direction to agency and department chief
information officers to ensure the integration of statewide
technology initiatives, compliance with information technology
policies and standards, and the promotion of the alignment and
effective management of information technology services. Nothing in
this paragraph shall be deemed to limit the authority of a
constitutional officer, cabinet agency secretary, or department
director to establish programmatic priorities and business direction
to the respective agency or department chief information officer.
(5) Working to improve organizational maturity and capacity in the
effective management of information technology.
(6) Establishing performance management and improvement processes
to ensure state information technology systems and services are
efficient and effective.
(7) Approving, suspending, terminating, and reinstating
information technology projects.
(8) Performing enterprise information technology functions and
services, including, but not limited to, implementing Geographic
Information Systems (GIS), shared services, applications, and program
and project management activities in partnership with the owning
agency or department.
(c) The Secretary of California Technology shall produce an annual
information technology strategic plan that shall guide the
acquisition, management, and use of information technology. State
agencies shall cooperate with the agency in the development of this
plan, as required by the Secretary of California Technology.
(1) Upon establishment of the information technology strategic
plan, the Secretary of California Technology shall take all
appropriate and necessary steps to implement the plan, subject to any
modifications and adjustments deemed necessary and reasonable.
(2) The information technology strategic plan shall be submitted
to the Joint Legislative Budget Committee by January 15 of every
year.
(d) The Secretary of California Technology shall produce an annual
information technology performance report that shall assess and
measure the state's progress toward enhancing information technology
human capital management; reducing and avoiding costs associated with
the acquisition, development, implementation, management, and
operation of information technology assets, infrastructure, and
systems; improving energy efficiency in the use of information
technology assets; enhancing the security, reliability, and quality
of information technology networks, services, and systems; and
improving the information technology procurement process. The agency
shall establish those policies and procedures required to improve the
performance of the state's information technology program.
(1) The agency shall submit an information technology performance
management framework to the Joint Legislative Budget Committee by May
15, 2009, accompanied by the most current baseline data for each
performance measure or metric contained in the framework. The
information technology performance management framework shall include
the performance measures and targets that the agency will utilize to
assess the performance of the state's information technology
program. The agency shall provide notice to the Joint Legislative
Budget Committee within 30 days of making changes to the framework.
This notice shall include the rationale for changes in specific
measures or metrics.
(2) State agencies shall take all necessary steps to achieve the
targets set forth by the agency and shall report their progress to
the agency on a quarterly basis.
(3) The information technology performance report shall be
submitted to the Joint Legislative Budget Committee by January 15 of
every year. To enhance transparency, the agency shall post
performance targets and progress toward these targets on its public
Internet Web site.
(4) The agency shall at least annually report to the Director of
Finance cost savings achieved through improvements to the way the
state acquires, develops, implements, manages, and operates state
technology assets, infrastructure, and systems. This report shall be
submitted in a timeframe determined by the Department of Finance and
shall identify the actual savings achieved by each office,
department, and agency.
11546. (a) The California Technology Agency shall be responsible
for the approval and oversight of information technology projects,
which shall include, but are not limited to, all of the following:
(1) Establishing and maintaining a framework of policies,
procedures, and requirements for the initiation, approval,
implementation, management, oversight, and continuation of
information technology projects.
(2) Evaluating information technology projects based on the
business case justification, resources requirements, proposed
technical solution, project management, oversight and risk mitigation
approach, and compliance with statewide strategies, policies, and
procedures. Projects shall continue to be funded through the
established Budget Act process.
(3) Consulting with agencies during initial project planning to
ensure that project proposals are based on well-defined programmatic
needs, clearly identify programmatic benefits, and consider feasible
alternatives to address the identified needs and benefits consistent
with statewide strategies, policies, and procedures.
(4) Consulting with agencies prior to project initiation to review
the project governance and management framework to ensure that it is
best designed for success and will serve as a resource for agencies
throughout the project implementation.
(5) Requiring agencies to provide information on information
technology projects including, but not limited to, all of the
following:
(A) The degree to which the project is within approved scope,
cost, and schedule.
(B) Project issues, risks, and corresponding mitigation efforts.
(C) The current estimated schedule and costs for project
completion.
(6) Requiring agencies to perform remedial measures to achieve
compliance with approved project objectives. These remedial measures
may include, but are not limited to, any of the following:
(A) Independent assessments of project activities, the cost of
which shall be funded by the agency administering the project.
(B) Establishing remediation plans.
(C) Securing appropriate expertise, the cost of which shall be
funded by the agency administering the project.
(D) Requiring additional project reporting.
(E) Requiring approval to initiate any action identified in the
approved project schedule.
(7) Suspending, reinstating, or terminating information technology
projects. The agency shall notify the Joint Legislative Budget
Committee of any project suspension, reinstatement, and termination
within 30 days of that suspension, reinstatement, or termination.
(8) Establishing restrictions or other controls to mitigate
nonperformance by agencies, including, but not limited to, any of the
following:
(A) The restriction of future project approvals pending
demonstration of successful correction of the identified performance
failure.
(B) The revocation or reduction of authority for state agencies to
initiate information technology projects or acquire information
technology or telecommunications goods or services.
(b) The California Technology Agency shall have the authority to
delegate to another agency any authority granted under this section
based on its assessment of the agency's project management, project
oversight, and project performance.
11546.1. The California Technology Agency shall improve the
governance and implementation of information technology by
standardizing reporting relationships, roles, and responsibilities
for setting information technology priorities.
(a) (1) Each state agency shall have a chief information officer
who is appointed by the head of the state agency, or by the head's
designee, subject to the approval of the California Technology
Agency.
(2) A chief information officer appointed under this subdivision
shall do all of the following:
(A) Oversee the information technology portfolio and information
technology services within his or her state agency through the
operational oversight of information technology budgets of
departments, boards, bureaus, and offices within the state agency.
(B) Develop the enterprise architecture for his or her state
agency, subject to the review and approval of the California
Technology Agency, to rationalize, standardize, and consolidate
information technology applications, assets, infrastructure, data,
and procedures for all departments, boards, bureaus, and offices
within the state agency.
(C) Ensure that all departments, boards, bureaus, and offices
within the state agency are in compliance with the state information
technology policy.
(b) (1) Each state entity shall have a chief information officer
who is appointed by the head of the state entity.
(2) A chief information officer appointed under this subdivision
shall do all of the following:
(A) Supervise all information technology and telecommunications
activities within his or her state entity, including, but not limited
to, information technology, information security, and
telecommunications personnel, contractors, systems, assets, projects,
purchases, and contracts.
(B) Ensure the entity conforms with state information technology
and telecommunications policy and enterprise architecture.
(c) Each state agency shall have an information security officer
appointed by the head of the state agency, or the head's designee,
subject to the approval by the California Technology Agency. The
state agency's information security officer appointed under this
subdivision shall report to the state agency's chief information
officer.
(d) Each state entity shall have an information security officer
who is appointed by the head of the state entity. An information
security officer shall report to the chief information officer of his
or her state entity. The California Technology Agency shall develop
specific qualification criteria for an information security officer.
If a state entity cannot fund a position for an information security
officer, the entity's chief information officer shall perform the
duties assigned to the information security officer. The chief
information officer shall coordinate with the California Technology
Agency for any necessary support.
(e) (1) For purposes of this section, "state agency" means the
Business, Transportation and Housing Agency, Department of
Corrections and Rehabilitation, Department of Veterans Affairs, State
and Consumer Services Agency, Natural Resources Agency, California
Health and Human Services Agency, California Environmental Protection
Agency, Labor and Workforce Development Agency, and Department of
Food and Agriculture.
(2) For purposes of this section, "state entity" means an entity
within the executive branch that is under the direct authority of the
Governor, including, but not limited to, all departments, boards,
bureaus, commissions, councils, and offices that are not defined as a
"state agency" pursuant to paragraph (1).
(f) A state entity that is not defined under subdivision (e) may
voluntarily comply with any of the requirements of Sections 11546.2
and 11546.3 and may request assistance from the California Technology
Agency to do so.
11546.2. On or before February 1, 2011, and annually thereafter,
each state agency and state entity subject to Section 11546.1, shall
submit, as instructed by the California Technology Agency, a summary
of its actual and projected information technology and
telecommunications costs, including personnel, for the immediately
preceding fiscal year and current fiscal year, showing current
expenses and projected expenses for the current fiscal year, in a
format prescribed by the California Technology Agency in order to
capture statewide information technology expenditures.
11546.3. (a) (1) A chief information officer appointed under
Section 11546.1 shall develop a plan to leverage cost-effective
strategies to reduce the total amount of energy utilized by
information technology and telecommunications equipment of the
officer's agency or entity, as the case may be, in support of the
statewide effort to reduce energy consumption by 20 percent below the
2009 baseline by July 1, 2011, and by 30 percent below the 2009
baseline by July 1, 2012.
(2) A chief information officer appointed under Section 11546.1
shall report the progress toward the energy reduction targets in
paragraph (1) to the California Technology Agency on a quarterly
basis beginning in January 2011. The California Technology Agency
shall include the quarterly reports on its Internet Web site.
(b) (1) A state agency or entity subject to Section 11546.1 shall
do all of the following:
(A) Comply with the policies of the California Technology Agency
to reduce the total amount of office square footage currently
utilized for data centers by the agency or entity, as the case may
be, in support of the statewide effort to reduce energy consumption
by 50 percent below the 2009 baseline by July 2011.
(B) Host all mission critical and public-facing applications and
server refreshes in a Tier III or equivalent data center, as
designated by the California Technology Agency.
(C) Close any existing data centers or server rooms that house
nonnetwork equipment by June 2013. On or before July 2011, transition
plans, in accordance with guidance provided by the California
Technology Agency, shall be submitted to the California Technology
Agency.
(D) Be in migration from its existing network services to the
California Government Network by no later than July 2011.
(E) Report to the California Technology Agency on the progress
toward the targets listed in this subdivision on a quarterly basis,
beginning in January 2011.
(2) The California Technology Agency shall include the quarterly
reports required by subparagraph (E) of paragraph (1) on its Internet
Web site.
(c) (1) A state agency or entity subject to Section 11546.1 shall
do both of the following:
(A) Be in migration to the state shared e-mail solution by no
later than June 2011.
(B) Report to the California Technology Agency on the progress
toward the target listed in subparagraph (A) on a quarterly basis,
beginning in April 2011.
(2) The California Technology Agency shall include the quarterly
reports required by subparagraph (B) of paragraph (1) on its Internet
Web site.
11546.4. Notwithstanding any other law, any service contract
proposed to be entered into by an agency that would not otherwise be
subject to review, approval, or oversight by the office of the State
Chief Information Officer but that contains an information technology
component that would be subject to oversight by the office of the
State Chief Information Officer if it was a separate information
technology project, shall be subject to review, approval, and
oversight by the office of the State Chief Information Officer as set
forth in Section 11546.
11546.5. Notwithstanding any other provision of law, all employees
of the California Technology Agency shall be designated as excluded
from collective bargaining pursuant to subdivision (b) of Section
3527, except for employees of the Office of Technology Services and
employees of the Public Safety Communications Division who are not
otherwise excluded from collective bargaining.
11546.6. (a) The State Chief Information Officer shall require
fingerprint images and associated information from an employee,
prospective employee, contractor, subcontractor, volunteer, or vendor
whose duties include, or would include, working on data center,
telecommunications, or network operations, engineering, or security
with access to confidential or sensitive information and data on the
network or computing infrastructure.
(b) The fingerprint images and associated information described in
subdivision (a) shall be furnished to the Department of Justice for
the purpose of obtaining information as to the existence and nature
of any of the following:
(1) A record of state or federal convictions and the existence and
nature of state or federal arrests for which the person is free on
bail or on his or her own recognizance pending trial or appeal.
(2) Being convicted of, or pleading nolo contendere to, a crime,
or having committed an act involving dishonesty, fraud, or deceit, if
the crime or act is substantially related to the qualifications,
functions, or duties of a person employed by the state in accordance
with this provision.
(3) Any conviction or arrest, for which the person is free on bail
or on his or her own recognizance pending trial or appeal, with a
reasonable nexus to the information or data to which the employee
shall have access.
(c) Requests for federal criminal offender record information
received by the Department of Justice pursuant to this section shall
be forwarded to the Federal Bureau of Investigation by the Department
of Justice.
(d) The Department of Justice shall respond to the State Chief
Information Officer with information as provided under subdivision
(p) of Section 11105 of the Penal Code.
(e) The State Chief Information Officer shall request subsequent
arrest notifications from the Department of Justice as provided under
Section 11105.2 of the Penal Code.
(f) The Department of Justice may assess a fee sufficient to cover
the processing costs required under this section, as authorized
pursuant to subdivision (e) of Section 11105 of the Penal Code.
(g) If an individual described in subdivision (a) is rejected as a
result of information contained in the Department of Justice or
Federal Bureau of Investigation criminal offender record information
response, the individual shall receive a copy of the response record
from the State Chief Information Officer.
(h) The State Chief Information Officer shall develop a written
appeal process for an individual described in subdivision (a) who is
determined ineligible for employment because of his or her Department
of Justice or Federal Bureau of Investigation criminal offender
record. Individuals shall not be found to be ineligible for
employment pursuant to this section until the appeal process is in
place.
(i) When considering the background information received pursuant
to this section, the State Chief Information Officer shall take under
consideration any evidence of rehabilitation, including
participation in treatment programs, as well as the age and specifics
of the offense.
11547. The Department of Finance shall perform fiscal oversight of
the state's information technology projects. This oversight shall
consist of a determination of the availability of project funding
from appropriate sources, and project consistency with state fiscal
policy. Projects shall continue to be funded through the established
Budget Act process.
11548. This chapter shall not apply to the State Compensation
Insurance Fund, the Legislature, or the Legislative Data Center in
the Legislative Counsel Bureau.
11548.5. This chapter shall remain in effect only until January 1,
2015, and as of that date is repealed, unless a later enacted
statute, that is enacted before January 1, 2015, deletes or extends
that date.
11545. (a) (1) There is in state government the California
Technology Agency. The Secretary of California Technology shall be
appointed by, and serve at the pleasure of, the Governor, subject to
Senate confirmation. The Secretary of California Technology shall
supervise the California Technology Agency and be a member of the
Governor's cabinet.
(2) Unless the context clearly requires otherwise, whenever the
term "office of the State Chief Information Officer" appears in any
statute, regulation, or contract, it shall be construed to refer to
the California Technology Agency, and whenever the term "State Chief
Information Officer" appears in any statute, regulation, or contract,
it shall be construed to refer to the Secretary of California
Technology.
(b) The duties of the Secretary of California Technology shall
include, but are not limited to, all of the following:
(1) Advising the Governor on the strategic management and
direction of the state's information technology resources.
(2) Establishing and enforcing state information technology
strategic plans, policies, standards, and enterprise architecture.
This shall include the periodic review and maintenance of the
information technology sections of the State Administrative Manual,
except for sections on information technology procurement procedures,
and information technology fiscal policy. The Secretary of
California Technology shall consult with the Director of General
Services, the Director of Finance, and other relevant agencies
concerning policies and standards these agencies are responsible to
issue as they relate to information technology.
(3) Minimizing overlap, redundancy, and cost in state operations
by promoting the efficient and effective use of information
technology.
(4) Providing technology direction to agency and department chief
information officers to ensure the integration of statewide
technology initiatives, compliance with information technology
policies and standards, and the promotion of the alignment and
effective management of information technology services. Nothing in
this paragraph shall be deemed to limit the authority of a
constitutional officer, cabinet agency secretary, or department
director to establish programmatic priorities and business direction
to the respective agency or department chief information officer.
(5) Working to improve organizational maturity and capacity in the
effective management of information technology.
(6) Establishing performance management and improvement processes
to ensure state information technology systems and services are
efficient and effective.
(7) Approving, suspending, terminating, and reinstating
information technology projects.
(8) Performing enterprise information technology functions and
services, including, but not limited to, implementing Geographic
Information Systems (GIS), shared services, applications, and program
and project management activities in partnership with the owning
agency or department.
(c) The Secretary of California Technology shall produce an annual
information technology strategic plan that shall guide the
acquisition, management, and use of information technology. State
agencies shall cooperate with the agency in the development of this
plan, as required by the Secretary of California Technology.
(1) Upon establishment of the information technology strategic
plan, the Secretary of California Technology shall take all
appropriate and necessary steps to implement the plan, subject to any
modifications and adjustments deemed necessary and reasonable.
(2) The information technology strategic plan shall be submitted
to the Joint Legislative Budget Committee by January 15 of every
year.
(d) The Secretary of California Technology shall produce an annual
information technology performance report that shall assess and
measure the state's progress toward enhancing information technology
human capital management; reducing and avoiding costs associated with
the acquisition, development, implementation, management, and
operation of information technology assets, infrastructure, and
systems; improving energy efficiency in the use of information
technology assets; enhancing the security, reliability, and quality
of information technology networks, services, and systems; and
improving the information technology procurement process. The agency
shall establish those policies and procedures required to improve the
performance of the state's information technology program.
(1) The agency shall submit an information technology performance
management framework to the Joint Legislative Budget Committee by May
15, 2009, accompanied by the most current baseline data for each
performance measure or metric contained in the framework. The
information technology performance management framework shall include
the performance measures and targets that the agency will utilize to
assess the performance of the state's information technology
program. The agency shall provide notice to the Joint Legislative
Budget Committee within 30 days of making changes to the framework.
This notice shall include the rationale for changes in specific
measures or metrics.
(2) State agencies shall take all necessary steps to achieve the
targets set forth by the agency and shall report their progress to
the agency on a quarterly basis.
(3) The information technology performance report shall be
submitted to the Joint Legislative Budget Committee by January 15 of
every year. To enhance transparency, the agency shall post
performance targets and progress toward these targets on its public
Internet Web site.
(4) The agency shall at least annually report to the Director of
Finance cost savings achieved through improvements to the way the
state acquires, develops, implements, manages, and operates state
technology assets, infrastructure, and systems. This report shall be
submitted in a timeframe determined by the Department of Finance and
shall identify the actual savings achieved by each office,
department, and agency.
11546. (a) The California Technology Agency shall be responsible
for the approval and oversight of information technology projects,
which shall include, but are not limited to, all of the following:
(1) Establishing and maintaining a framework of policies,
procedures, and requirements for the initiation, approval,
implementation, management, oversight, and continuation of
information technology projects.
(2) Evaluating information technology projects based on the
business case justification, resources requirements, proposed
technical solution, project management, oversight and risk mitigation
approach, and compliance with statewide strategies, policies, and
procedures. Projects shall continue to be funded through the
established Budget Act process.
(3) Consulting with agencies during initial project planning to
ensure that project proposals are based on well-defined programmatic
needs, clearly identify programmatic benefits, and consider feasible
alternatives to address the identified needs and benefits consistent
with statewide strategies, policies, and procedures.
(4) Consulting with agencies prior to project initiation to review
the project governance and management framework to ensure that it is
best designed for success and will serve as a resource for agencies
throughout the project implementation.
(5) Requiring agencies to provide information on information
technology projects including, but not limited to, all of the
following:
(A) The degree to which the project is within approved scope,
cost, and schedule.
(B) Project issues, risks, and corresponding mitigation efforts.
(C) The current estimated schedule and costs for project
completion.
(6) Requiring agencies to perform remedial measures to achieve
compliance with approved project objectives. These remedial measures
may include, but are not limited to, any of the following:
(A) Independent assessments of project activities, the cost of
which shall be funded by the agency administering the project.
(B) Establishing remediation plans.
(C) Securing appropriate expertise, the cost of which shall be
funded by the agency administering the project.
(D) Requiring additional project reporting.
(E) Requiring approval to initiate any action identified in the
approved project schedule.
(7) Suspending, reinstating, or terminating information technology
projects. The agency shall notify the Joint Legislative Budget
Committee of any project suspension, reinstatement, and termination
within 30 days of that suspension, reinstatement, or termination.
(8) Establishing restrictions or other controls to mitigate
nonperformance by agencies, including, but not limited to, any of the
following:
(A) The restriction of future project approvals pending
demonstration of successful correction of the identified performance
failure.
(B) The revocation or reduction of authority for state agencies to
initiate information technology projects or acquire information
technology or telecommunications goods or services.
(b) The California Technology Agency shall have the authority to
delegate to another agency any authority granted under this section
based on its assessment of the agency's project management, project
oversight, and project performance.
11546.1. The California Technology Agency shall improve the
governance and implementation of information technology by
standardizing reporting relationships, roles, and responsibilities
for setting information technology priorities.
(a) (1) Each state agency shall have a chief information officer
who is appointed by the head of the state agency, or by the head's
designee, subject to the approval of the California Technology
Agency.
(2) A chief information officer appointed under this subdivision
shall do all of the following:
(A) Oversee the information technology portfolio and information
technology services within his or her state agency through the
operational oversight of information technology budgets of
departments, boards, bureaus, and offices within the state agency.
(B) Develop the enterprise architecture for his or her state
agency, subject to the review and approval of the California
Technology Agency, to rationalize, standardize, and consolidate
information technology applications, assets, infrastructure, data,
and procedures for all departments, boards, bureaus, and offices
within the state agency.
(C) Ensure that all departments, boards, bureaus, and offices
within the state agency are in compliance with the state information
technology policy.
(b) (1) Each state entity shall have a chief information officer
who is appointed by the head of the state entity.
(2) A chief information officer appointed under this subdivision
shall do all of the following:
(A) Supervise all information technology and telecommunications
activities within his or her state entity, including, but not limited
to, information technology, information security, and
telecommunications personnel, contractors, systems, assets, projects,
purchases, and contracts.
(B) Ensure the entity conforms with state information technology
and telecommunications policy and enterprise architecture.
(c) Each state agency shall have an information security officer
appointed by the head of the state agency, or the head's designee,
subject to the approval by the California Technology Agency. The
state agency's information security officer appointed under this
subdivision shall report to the state agency's chief information
officer.
(d) Each state entity shall have an information security officer
who is appointed by the head of the state entity. An information
security officer shall report to the chief information officer of his
or her state entity. The California Technology Agency shall develop
specific qualification criteria for an information security officer.
If a state entity cannot fund a position for an information security
officer, the entity's chief information officer shall perform the
duties assigned to the information security officer. The chief
information officer shall coordinate with the California Technology
Agency for any necessary support.
(e) (1) For purposes of this section, "state agency" means the
Business, Transportation and Housing Agency, Department of
Corrections and Rehabilitation, Department of Veterans Affairs, State
and Consumer Services Agency, Natural Resources Agency, California
Health and Human Services Agency, California Environmental Protection
Agency, Labor and Workforce Development Agency, and Department of
Food and Agriculture.
(2) For purposes of this section, "state entity" means an entity
within the executive branch that is under the direct authority of the
Governor, including, but not limited to, all departments, boards,
bureaus, commissions, councils, and offices that are not defined as a
"state agency" pursuant to paragraph (1).
(f) A state entity that is not defined under subdivision (e) may
voluntarily comply with any of the requirements of Sections 11546.2
and 11546.3 and may request assistance from the California Technology
Agency to do so.
11546.2. On or before February 1, 2011, and annually thereafter,
each state agency and state entity subject to Section 11546.1, shall
submit, as instructed by the California Technology Agency, a summary
of its actual and projected information technology and
telecommunications costs, including personnel, for the immediately
preceding fiscal year and current fiscal year, showing current
expenses and projected expenses for the current fiscal year, in a
format prescribed by the California Technology Agency in order to
capture statewide information technology expenditures.
11546.3. (a) (1) A chief information officer appointed under
Section 11546.1 shall develop a plan to leverage cost-effective
strategies to reduce the total amount of energy utilized by
information technology and telecommunications equipment of the
officer's agency or entity, as the case may be, in support of the
statewide effort to reduce energy consumption by 20 percent below the
2009 baseline by July 1, 2011, and by 30 percent below the 2009
baseline by July 1, 2012.
(2) A chief information officer appointed under Section 11546.1
shall report the progress toward the energy reduction targets in
paragraph (1) to the California Technology Agency on a quarterly
basis beginning in January 2011. The California Technology Agency
shall include the quarterly reports on its Internet Web site.
(b) (1) A state agency or entity subject to Section 11546.1 shall
do all of the following:
(A) Comply with the policies of the California Technology Agency
to reduce the total amount of office square footage currently
utilized for data centers by the agency or entity, as the case may
be, in support of the statewide effort to reduce energy consumption
by 50 percent below the 2009 baseline by July 2011.
(B) Host all mission critical and public-facing applications and
server refreshes in a Tier III or equivalent data center, as
designated by the California Technology Agency.
(C) Close any existing data centers or server rooms that house
nonnetwork equipment by June 2013. On or before July 2011, transition
plans, in accordance with guidance provided by the California
Technology Agency, shall be submitted to the California Technology
Agency.
(D) Be in migration from its existing network services to the
California Government Network by no later than July 2011.
(E) Report to the California Technology Agency on the progress
toward the targets listed in this subdivision on a quarterly basis,
beginning in January 2011.
(2) The California Technology Agency shall include the quarterly
reports required by subparagraph (E) of paragraph (1) on its Internet
Web site.
(c) (1) A state agency or entity subject to Section 11546.1 shall
do both of the following:
(A) Be in migration to the state shared e-mail solution by no
later than June 2011.
(B) Report to the California Technology Agency on the progress
toward the target listed in subparagraph (A) on a quarterly basis,
beginning in April 2011.
(2) The California Technology Agency shall include the quarterly
reports required by subparagraph (B) of paragraph (1) on its Internet
Web site.
11546.4. Notwithstanding any other law, any service contract
proposed to be entered into by an agency that would not otherwise be
subject to review, approval, or oversight by the office of the State
Chief Information Officer but that contains an information technology
component that would be subject to oversight by the office of the
State Chief Information Officer if it was a separate information
technology project, shall be subject to review, approval, and
oversight by the office of the State Chief Information Officer as set
forth in Section 11546.
11546.5. Notwithstanding any other provision of law, all employees
of the California Technology Agency shall be designated as excluded
from collective bargaining pursuant to subdivision (b) of Section
3527, except for employees of the Office of Technology Services and
employees of the Public Safety Communications Division who are not
otherwise excluded from collective bargaining.
11546.6. (a) The State Chief Information Officer shall require
fingerprint images and associated information from an employee,
prospective employee, contractor, subcontractor, volunteer, or vendor
whose duties include, or would include, working on data center,
telecommunications, or network operations, engineering, or security
with access to confidential or sensitive information and data on the
network or computing infrastructure.
(b) The fingerprint images and associated information described in
subdivision (a) shall be furnished to the Department of Justice for
the purpose of obtaining information as to the existence and nature
of any of the following:
(1) A record of state or federal convictions and the existence and
nature of state or federal arrests for which the person is free on
bail or on his or her own recognizance pending trial or appeal.
(2) Being convicted of, or pleading nolo contendere to, a crime,
or having committed an act involving dishonesty, fraud, or deceit, if
the crime or act is substantially related to the qualifications,
functions, or duties of a person employed by the state in accordance
with this provision.
(3) Any conviction or arrest, for which the person is free on bail
or on his or her own recognizance pending trial or appeal, with a
reasonable nexus to the information or data to which the employee
shall have access.
(c) Requests for federal criminal offender record information
received by the Department of Justice pursuant to this section shall
be forwarded to the Federal Bureau of Investigation by the Department
of Justice.
(d) The Department of Justice shall respond to the State Chief
Information Officer with information as provided under subdivision
(p) of Section 11105 of the Penal Code.
(e) The State Chief Information Officer shall request subsequent
arrest notifications from the Department of Justice as provided under
Section 11105.2 of the Penal Code.
(f) The Department of Justice may assess a fee sufficient to cover
the processing costs required under this section, as authorized
pursuant to subdivision (e) of Section 11105 of the Penal Code.
(g) If an individual described in subdivision (a) is rejected as a
result of information contained in the Department of Justice or
Federal Bureau of Investigation criminal offender record information
response, the individual shall receive a copy of the response record
from the State Chief Information Officer.
(h) The State Chief Information Officer shall develop a written
appeal process for an individual described in subdivision (a) who is
determined ineligible for employment because of his or her Department
of Justice or Federal Bureau of Investigation criminal offender
record. Individuals shall not be found to be ineligible for
employment pursuant to this section until the appeal process is in
place.
(i) When considering the background information received pursuant
to this section, the State Chief Information Officer shall take under
consideration any evidence of rehabilitation, including
participation in treatment programs, as well as the age and specifics
of the offense.
11547. The Department of Finance shall perform fiscal oversight of
the state's information technology projects. This oversight shall
consist of a determination of the availability of project funding
from appropriate sources, and project consistency with state fiscal
policy. Projects shall continue to be funded through the established
Budget Act process.
11548. This chapter shall not apply to the State Compensation
Insurance Fund, the Legislature, or the Legislative Data Center in
the Legislative Counsel Bureau.
11548.5. This chapter shall remain in effect only until January 1,
2015, and as of that date is repealed, unless a later enacted
statute, that is enacted before January 1, 2015, deletes or extends
that date.
