42.726 Roles, duties, and permissible activities for Commonwealth Office of Technology -- Duties of Archives and Records Commission and Department for Libraries and Archives not affected -- Annual report concerning security breaches.

KY Rev Stat § 42.726 (2019) (N/A)
Copy with citation
Copy as parenthetical citation

42.726 Roles, duties, and permissible activities for Commonwealth Office of Technology -- Duties of Archives and Records Commission and Department for Libraries and Archives not affected -- Annual report concerning security breaches. (1) The Commonwealth Office of Technology shall be the lead organizational entity within the executive branch regarding delivery of information technology services, including application development and delivery, and shall serve as the single information technology authority for the Commonwealth. (2) The roles and duties of the Commonwealth Office of Technology shall include but not be limited to: (a) Providing technical support and services to all executive agencies of state government in the application of information technology; (b) Assuring compatibility and connectivity of Kentucky's information systems; (c) Developing strategies and policies to support and promote the effective applications of information technology within state government as a means of saving money, increasing employee productivity, and improving state services to the public, including electronic public access to information of the Commonwealth; (d) Developing, implementing, and managing strategic information technology directions, standards, and enterprise architecture, including implementing necessary management processes to assure full compliance with those directions, standards, and architecture; (e) Promoting effective and efficient design and operation of all major information resources management processes for executive branch agencies, including improvements to work processes; (f) Developing, implementing, and maintaining the technology infrastructure of the Commonwealth and all related support staff, planning, administration, asset management, and procurement for all executive branch cabinets and agencies except: 1. Agencies led by a statewide elected official; 2. 3. 4. 5. 6. 7. 8. The nine (9) public institutions of postsecondary education; The Department of Education's services provided to local school districts; The Kentucky Retirement Systems and the Teachers' Retirement System; The Kentucky Housing Corporation; The Kentucky Lottery Corporation; The Kentucky Higher Education Student Loan Corporation; and The Kentucky Higher Education Assistance Authority; (g) Facilitating and fostering applied research in emerging technologies that offer the Commonwealth innovative business solutions; (h) Reviewing and overseeing large or complex information technology projects and systems for compliance with statewide strategies, policies, and standards, including alignment with the Commonwealth's business goals, investment, and other risk management policies. The executive director is authorized to grant or withhold approval to initiate these projects; (i) Integrating information technology resources to provide effective and supportable information technology applications in the Commonwealth; (j) Establishing a central statewide geographic information clearinghouse to maintain map inventories, information on current and planned geographic information systems applications, information on grants available for the acquisition or enhancement of geographic information resources, and a directory of geographic information resources available within the state or from the federal government; (k) Coordinating multiagency including overseeing the development and maintenance of statewide base maps and geographic information systems; technology projects, information (l) Providing access to both consulting and technical assistance, and education and training, on the application and use of information technologies to state and local agencies; (m) In cooperation with other agencies, evaluating, participating in pilot studies, and making recommendations on information technology hardware and software; (n) Providing staff support and technical assistance to the Geographic Information Advisory Council and the Kentucky Information Technology Advisory Council; (o) Overseeing the development of a statewide geographic information plan with input from the Geographic Information Advisory Council; (p) Developing for state executive branch agencies a coordinated security framework and model governance structure relating to the privacy and confidentiality of personal information collected and stored by state executive branch agencies, including but not limited to: 1. 2. 3. 4. Identification of key infrastructure components and how to secure them; Establishment of a common benchmark that measures the effectiveness of security, including continuous monitoring and automation of defenses; Implementation of vulnerability assessments; scanning and other security Provision of training, orientation programs, and other communications that increase awareness of the importance of security among agency employees responsible for personal information; and 5. Development of and making available a cyber security incident response plan and procedure; and (q) Preparing proposed legislation and funding proposals for the General Assembly that will further solidify coordination and expedite implementation of information technology systems. (3) The Commonwealth Office of Technology may: (a) Provide general consulting services, technical training, and support for generic software applications, upon request from a local government, if the executive director finds that the requested services can be rendered within the established terms of the federally approved cost allocation plan; (b) Promulgate administrative regulations in accordance with KRS Chapter 13A necessary for the implementation of KRS 42.720 to 42.742, 45.253, 171.420, 186A.040, 186A.285, and 194A.146; (c) Solicit, receive, and consider proposals from any state agency, federal agency, local government, university, nonprofit organization, private person, or corporation; (d) Solicit and accept money by grant, gift, donation, bequest, legislative appropriation, or other conveyance to be held, used, and applied in accordance with KRS 42.720 to 42.742, 45.253, 171.420, 186A.040, 186A.285, and 194A.146; (e) Make and enter into memoranda of agreement and contracts necessary or incidental to the performance of duties and execution of its powers, including, but not limited to, agreements or contracts with the United States, other state agencies, and any governmental subdivision of the Commonwealth; (f) Accept grants from the United States government and its agencies and instrumentalities, and from any source, other than any person, firm, or corporation, or any director, officer, or agent thereof that manufactures or sells information resources technology equipment, goods, or services. To these ends, the Commonwealth Office of Technology shall have the power to comply with those conditions and execute those agreements that are necessary, convenient, or desirable; and (g) Purchase interest in contractual services, rentals of all types, supplies, materials, equipment, and other services to be used in the research and development of beneficial applications of information resources technologies. Competitive bids may not be required for: 1. New and emerging technologies as approved by the executive director or her or his designee; or 2. Related professional, technical, or scientific services, but contracts shall be submitted in accordance with KRS 45A.690 to 45A.725. (4) Nothing in this section shall be construed to alter or diminish the provisions of KRS 171.410 to 171.740 or the authority conveyed by these statutes to the Archives and Records Commission and the Department for Libraries and Archives. (5) The Commonwealth Office of Technology shall, on or before October 1 of each year, submit to the Legislative Research Commission a report in accordance with KRS 57.390 detailing: (a) Any security breaches that occurred within organizational units of the executive branch of state government during the prior fiscal year that required notification to the Commonwealth Office of Technology under KRS 61.932; (b) Actions taken to resolve the security breach, and to prevent additional security breaches in the future; (c) A general description of what actions are taken as a matter of course to protect personal data from security breaches; and (d) Any quantifiable financial impact to the agency reporting a security breach. Effective: July 14, 2018 History: Amended 2018 Ky. Acts ch. 78, sec. 3, effective July 14, 2018. -- Amended 2014 Ky. Acts ch. 74, sec. 6, effective January 1, 2015; ch. 89, sec. 11, effective July 15, 2014; and ch. 138, sec. 4, effective July 15, 2014. -- Amended 2012 Ky. Acts ch. 69, sec. 9, effective July 12, 2012. -- Repealed, reenacted, and amended 2009 Ky. Acts ch. 12, sec. 5, effective June 25, 2009. -- Amended 2006 Ky. Acts ch. 193, sec. 10, effective July 12, 2006. -- Amended 2005 Ky. Acts ch. 85, sec. 30, effective June 20, 2005; and ch. 99, sec. 4, effective June 20, 2005. -- Created 2000 Ky. Acts ch. 506, sec. 4, effective July 14, 2000; and ch. 536, sec. 4, effective July 14, 2000. Formerly codified as KRS 11.507. 2018-2020 Budget Reference. See State/Executive Branch Budget, 2019 Ky. Acts ch. 193, Section 5., 2., (6) at 1107. Legislative Research Commission Note (1/1/2015). 2014 Ky. Acts ch. 74, sec. 10 provided that "the provisions of this Act shall not impact the provisions of KRS 61.870 to 61.884." That proviso applies to this statute as amended in Section 6 of that Act.