Section 1 [Definitions] defines “cloud computing” through a reference to a publication of the U.S. Department of Commerce. The publication defines “cloud computing” as follows:
Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model is composed of five essential characteristics, three service models, and four deployment models [that are described in the publication].
Section 2 [Cloud Computing Services] requires the chief information officer to review cloud computing when evaluating information and communications projects proposed by agencies. Requires the chief information officer to report periodically to the governor and legislature on the consideration of cloud computing service options. The report must provide examples of projects where cloud computing saved money or provided other benefits.
Section 3 [Technology Infrastructure Inventory; Security Risk Assessment]
Subdivision 1 [Inventory required] modifies the requirements for what must be included in a biennial inventory by the chief information officer.
Subdivision 2 [Risk assessment] requires the chief information officer to conduct a risk assessment of information technology systems and services. Specifies the information that must be included in the risk assessment, with exceptions for information classified as “security information” under the Data Practices Act.
Subdivision 3 [Reports required] adds the risk assessment to a requirement to report the inventory to the legislature, identifies the legislative members to whom the report must be provided, and moves the deadline to October 1.
Section 4 [Completion of Information Technology Consolidation; Surcharge and Suspension of Services for Noncompliant Agencies; Strategic Workplan]
Subdivision 1 [Consolidation required; state agency surcharge] sets a deadline for consolidation of agency information technology under the Office of MN.IT Services. Establishes consequences for failure to consolidate by the deadline. MN.IT must impose a surcharge on billings and must suspend work on projects for an agency with information technology systems that have not been fully integrated into the statewide consolidate system. Amounts collected on the surcharge are deposited in the general fund and used for agencies that have consolidated.
Subdivision 2 [Strategic workplan] requires the chief information officer to prepare a strategic workplan by August 1, 2019, for consolidation, with measurable benchmark goals and deadlines. The benchmark goals must include strategies for implementing the cloud computing review required in section 2. The benchmark goals must also include other tools to provide secure and cost-effective services to agencies and other end-users.
Subdivision 3 [Progress reports] requires the chief information officer to provide the workplan to the legislature by September 1, 2019, and to provide quarterly progress reports on progress toward benchmark goals, and an identification of agencies subject to the surcharge for failing to consolidate. Requires the chairs of certain legislative committees to convene a public hearing within 30 days of receipt of each report to discuss its contents. Requires the chief information officer to appear at each hearing and answer questions from members.
|