Joint Technology Committee. The bill modifies the laws that
create the joint technology committee (JTC), the Colorado cybersecurity council (council), and the office of information technology (office), to reflect the current information technology (IT) environment and direction in the state.
Joint technology committee.Section 1 of the bill updates
definitions used by the JTC to be consistent with the definitions used by the office.
Current law specifies the powers and duties of the JTC. Section 2
allows the JTC to request information and presentations regarding data privacy and data security, specifies that the JTC oversees any state agency that has been delegated IT functions by the office, and makes other modifications to make the provisions governing the JTC and the office consistent. Colorado cybersecurity council. Current law creates the council
to develop cybersecurity policies and guidance and to coordinate with the legislative and judicial branches regarding cybersecurity issues. Sections 3 and 4 specify additional functions of the council, modify the composition of the council, and allow the council to coordinate with other entities regarding cybersecurity. Office of information technology. Current law contains multiple
definitions sections that apply to the office. Section 5 consolidates all of the definitions that apply to the office into one section and updates some definitions to align with best practices and industry standards. Section 6 relocates provisions of current law regarding the
information technology revolving fund and the coordination of the statewide geographic information system.
Current law specifies the roles and responsibilities of the office. Section 7 repeals and reenacts the law and defines the office's roles and responsibilities in connection with IT.
Current law specifies the responsibilities of state agencies
regarding IT. Section 8 adds additional responsibilities when a state agency undertakes a major IT project, when a state agency is the business owner of an IT system, and when the office is involved in a state agency's IT project only as a party to the contract. Section 8 also authorizes the office to delegate an IT function to a state agency and specifies procedures and requirements that the office and the state agency are required to follow when such delegation occurs.
Current law describes the duties and responsibilities of the chief
information officer (CIO). Section 9 repeals and reenacts the current provisions in law and updates the duties and responsibilities of the CIO. Section 10 relocates current law that authorizes the revisor of
statutes to change certain statutory references in connection with the creation of the office. Sections 11 and 12 update the timelines and dates for the
development of IT security plans and certain required reports regarding those plans for state agencies, institutions of higher education, and the legislative branch.
Current law creates an interdepartmental data protocol that governs
data-sharing among state agencies. Section 13 repeals and reenacts current law and specifies requirements of the office and the government data advisory board regarding the creation of a data-sharing and privacy master plan and additional requirements for when a state agency shares personal identifying information with another state agency. Section 14 updates the office's annual reporting requirement to the
general assembly regarding IT asset inventory. Sections 15 through 20 make conforming amendments, and section 21 repeals obsolete provisions regarding the consolidation of IT functions to the office, the transfer of employees and officers to the office, the creation of a work eligibility verification portal, the creation and implementation of the Colorado financial reporting system, and a reporting requirement on the transfer of IT infrastructure ownership. Section 21 also repeals provisions regarding the statewide communications and information infrastructure that are incorporated into other provisions of law.
