Bill Text: IA SSB3182 | 2019-2020 | 88th General Assembly | Introduced

Iowa Senate Study Bill 3182 (Prior Session Legislation)

Introduced

Bill Title: A bill for an act relating to the office of the chief information officer, including procurement preferences and a report detailing state information technology assets.

Spectrum: Committee Bill

Status: (Introduced - Dead) 2020-02-19 - Committee report approving bill, renumbered as SF 2349. [SSB3182 Detail]

Download: Iowa-2019-SSB3182-Introduced.html

Senate Study Bill 3182 - Introduced SENATE FILE _____ BY (PROPOSED COMMITTEE ON COMMERCE BILL BY CHAIRPERSON DAWSON) A BILL FOR An Act relating to the office of the chief information officer, 1 including procurement preferences and a report detailing 2 state information technology assets. 3 BE IT ENACTED BY THE GENERAL ASSEMBLY OF THE STATE OF IOWA: 4 TLSB 6344XC (5) 88 ja/rn

S.F. _____ Section 1. Section 8B.1, Code 2020, is amended by adding the 1 following new subsection: 2 NEW SUBSECTION . 2A. “Cloud computing” means the same as 3 defined in the United States national institute of standards 4 and technology’s special publication 800-145. 5 Sec. 2. Section 8B.9, subsection 6, Code 2020, is amended 6 to read as follows: 7 6. Beginning October 1, 2019, a quarterly report regarding 8 the status of technology upgrades or enhancements for state 9 agencies, submitted to the general assembly and to the 10 chairpersons and ranking members of the senate and house 11 committees on appropriations. The quarterly report shall 12 also include a listing of state agencies coordinating or 13 working with the office , and a listing of state agencies not 14 coordinating or working with the office , and the information 15 required by section 8B.24, subsection 5A, paragraph “b” . 16 Sec. 3. Section 8B.24, Code 2020, is amended by adding the 17 following new subsection: 18 NEW SUBSECTION . 5A. a. The office shall, when feasible, 19 procure from providers that meet or exceed applicable state 20 and federal laws, regulations, and standards for information 21 technology, third-party cloud computing solutions and other 22 information technology and related services that are not hosted 23 on premises by the state. 24 b. If the office determines it is not feasible to procure 25 third-party cloud computing solutions or other information 26 technology and related services pursuant to paragraph “a” , and 27 if on-premises technology upgrades or new applications to be 28 housed on-premises are proposed, the office shall include all 29 of the following in the report required pursuant to section 30 8B.9, subsection 6: 31 (1) An explanation as to why a cloud computing deployment 32 was not feasible. 33 (2) Whether the application can be deployed using a hybrid 34 or containerized approach to minimize on-premise costs. 35 -1- LSB 6344XC (5) 88 ja/rn 1/ 4

S.F. _____ (3) Compliance frameworks that require the application to 1 be hosted on-premises. 2 c. The office shall contract with multiple third-party 3 commercial cloud computing service providers and shall 4 encourage state agencies and departments to work with at 5 least three third-party commercial cloud service providers to 6 mitigate the risks associated with numerous state agencies and 7 departments becoming dependent on the services of a single 8 commercial cloud service provider. 9 d. The control and ownership of state data stored with cloud 10 computing service providers shall remain with the state. The 11 office shall ensure the portability of state data stored with 12 cloud computing service providers. 13 Sec. 4. Section 8B.24, subsection 6, Code 2020, is amended 14 to read as follows: 15 6. The office shall adopt rules pursuant to chapter 17A to 16 implement the procurement methods and procedures provided for 17 in subsections 2 through 5 5A . 18 Sec. 5. INVENTORY OF INFORMATION TECHNOLOGY ASSETS, CURRENT 19 CLOUD COMPUTING ADOPTION, AND CLOUD COMPUTING MIGRATION PLAN 20 —— REPORT. By November 1, 2020, the office of the chief 21 information officer, in collaboration with other state agencies 22 and departments, shall provide a report to the general assembly 23 that includes all of the following: 24 1. An inventory of all state information technology 25 applications, and the percentage of the information technology 26 applications that are cloud-based applications. 27 2. Recommendations regarding state information technology 28 applications that should migrate to cloud-based applications. 29 Each such recommendation shall include a description of 30 workloads and information technology applications that are best 31 suited to migrate to cloud-based applications given all of the 32 following considerations: 33 a. Whether the information technology application has 34 underlying storage, networks, or infrastructure that supports 35 -2- LSB 6344XC (5) 88 ja/rn 2/ 4

S.F. _____ another information technology application, and whether the 1 information technology application is supported by another 2 information technology application. 3 b. How critical the information technology application is 4 to the mission of the state agency or department. 5 c. The difficulty of migrating the information technology 6 application to a cloud-based application. 7 d. The total cost of ownership of the target environment in 8 which the information technology application shall operate if 9 migrated to a cloud-based application. 10 EXPLANATION 11 The inclusion of this explanation does not constitute agreement with 12 the explanation’s substance by the members of the general assembly. 13 This bill relates to the office of the chief information 14 officer, including procurement preferences and a report 15 detailing state information technology assets. 16 The bill defines “cloud computing” by reference to the 17 United States national institute of standards and technology’s 18 special publication 800-145, which defines the term as a model 19 for enabling ubiquitous, convenient, on-demand network access 20 to a shared pool of configurable computing resources that can 21 be rapidly provisioned and released with minimal management 22 effort or service provider interaction. 23 Current law requires the office to submit a quarterly report 24 regarding the status of technology upgrades or enhancements for 25 state agencies. The bill requires this report to also include 26 information related to the office’s determination that it was 27 not feasible to procure a cloud computing solution, including 28 an explanation as to why a cloud computing deployment was not 29 feasible, whether the application can be deployed using a 30 hybrid or containerized approach to minimize on-premise costs, 31 and compliance frameworks that require the application to be 32 hosted on-premises. 33 The bill requires the office to, when feasible, procure 34 third-party cloud computing solutions and other information 35 -3- LSB 6344XC (5) 88 ja/rn 3/ 4

S.F. _____ technology and related services that are not hosted on premises 1 by the state from providers that meet or exceed applicable 2 state and federal laws, regulations, and standards for 3 information technology. 4 The bill provides the office shall contract with multiple 5 third-party commercial cloud computing service providers. 6 The bill also encourages state agencies and departments to 7 work with at least three third-party commercial cloud service 8 providers. 9 The bill establishes that control and ownership of state 10 data stored with cloud computing service providers shall remain 11 with the state. The bill requires the office to ensure the 12 portability of state data stored with cloud computing service 13 providers. 14 The bill requires the office to provide a report to the 15 general assembly by November 1, 2020, that includes an 16 inventory of all state information technology applications, 17 and recommendations regarding state information technology 18 applications that should migrate to cloud-based applications. 19 -4- LSB 6344XC (5) 88 ja/rn 4/ 4