Bill Text: IL HB5093 | 2017-2018 | 100th General Assembly | Engrossed
NOTE: There are more recent revisions of this legislation. Read Latest Draft
Bill Title: Creates the Illinois Information Security Improvement Act. Creates the Office of the Statewide Chief Information Security Officer within the Department of Innovation and Technology. Provides for the duties and powers of the Office. Creates the position of Statewide Chief Information Security Officer to serve as the head of the Office. Provides for the qualifications, powers, and duties of the Statewide Chief Information Security Officer, and for the appointment of the Statewide Chief Information Security Officer by the Secretary of Innovation and Technology. Defines terms. Effective January 1, 2019.
Spectrum: Bipartisan Bill
Status: (Passed) 2019-01-04 - Public Act . . . . . . . . . 100-1169 [HB5093 Detail]
Download: Illinois-2017-HB5093-Engrossed.html
Bill Title: Creates the Illinois Information Security Improvement Act. Creates the Office of the Statewide Chief Information Security Officer within the Department of Innovation and Technology. Provides for the duties and powers of the Office. Creates the position of Statewide Chief Information Security Officer to serve as the head of the Office. Provides for the qualifications, powers, and duties of the Statewide Chief Information Security Officer, and for the appointment of the Statewide Chief Information Security Officer by the Secretary of Innovation and Technology. Defines terms. Effective January 1, 2019.
Spectrum: Bipartisan Bill
Status: (Passed) 2019-01-04 - Public Act . . . . . . . . . 100-1169 [HB5093 Detail]
Download: Illinois-2017-HB5093-Engrossed.html
| |||||||
| |||||||
| |||||||
1 | AN ACT concerning government.
| ||||||
2 | Be it enacted by the People of the State of Illinois,
| ||||||
3 | represented in the General Assembly:
| ||||||
4 | Section 5. If and only if House Bill 5611 of the 100th | ||||||
5 | General Assembly becomes law in the form in which it passed the | ||||||
6 | House on April 23, 2018, then the Department of Innovation and | ||||||
7 | Technology Act is amended by changing Sections 1-5 and 1-30 as | ||||||
8 | follows:
| ||||||
9 | (100HB5611eng, Sec. 1-5)
| ||||||
10 | Sec. 1-5. Definitions. In this Act: | ||||||
11 | "Bureau of Communications and Computer Services" means the | ||||||
12 | Bureau of Communications and Computer Services, also known as | ||||||
13 | the Bureau of Information and Communication Services, created | ||||||
14 | by rule (2 Illinois Administrative Code 750.40) within the | ||||||
15 | Department of Central Management Services. | ||||||
16 | "Client agency" means each transferring agency, or its | ||||||
17 | successor. When applicable, "client agency" may also include | ||||||
18 | any other public agency to which the Department provides | ||||||
19 | service to the extent specified in an interagency contract with | ||||||
20 | the public agency "Client agency" also includes each other | ||||||
21 | public agency to which the Department provides service . | ||||||
22 | "Dedicated unit" means the dedicated bureau, division, | ||||||
23 | office, or other unit within a transferring agency that is |
| |||||||
| |||||||
1 | responsible for the information technology functions of the | ||||||
2 | transferring agency. For the Office of the Governor, "dedicated | ||||||
3 | unit" means the Information Technology Office, also known as | ||||||
4 | the Office of the Chief Information Officer. For the Department | ||||||
5 | of Central Management Services, "dedicated unit" means the | ||||||
6 | Bureau of Communications and Computer Services, also known as | ||||||
7 | the Bureau of Information and Communication Services. | ||||||
8 | "Department" means the Department of Innovation and | ||||||
9 | Technology. | ||||||
10 | "Information technology" means technology, infrastructure, | ||||||
11 | equipment, systems, software, networks, and processes used to | ||||||
12 | create, send, receive, and store electronic or digital | ||||||
13 | information, including, without limitation, computer systems | ||||||
14 | and telecommunication services and systems. "Information | ||||||
15 | technology" shall be construed broadly to incorporate future | ||||||
16 | technologies (such as sensors and balanced private hybrid or | ||||||
17 | public cloud posture tailored to the mission of the agency) | ||||||
18 | that change or supplant those in effect as of the effective | ||||||
19 | date of this Act. | ||||||
20 | "Information technology functions" means the development, | ||||||
21 | procurement, installation, retention, maintenance, operation, | ||||||
22 | possession, storage, and related functions of all information | ||||||
23 | technology. | ||||||
24 | "Information Technology Office" means the Information | ||||||
25 | Technology Office, also known as the Office of the Chief | ||||||
26 | Information Officer, within the Office of the Governor, created |
| |||||||
| |||||||
1 | by Executive Order 1999-05, or its successor. | ||||||
2 | "Legacy information technology division" means any | ||||||
3 | division, bureau, or other unit of a transferring agency which | ||||||
4 | has responsibility for information technology functions for | ||||||
5 | the agency prior to the transfer of those functions to the | ||||||
6 | Department, including, without limitation, the Bureau of | ||||||
7 | Communications and Computer Services. | ||||||
8 | "Secretary" means the Secretary of Innovation and | ||||||
9 | Technology. | ||||||
10 | "State agency" means each State agency, department, board, | ||||||
11 | and commission directly responsible to the Governor. | ||||||
12 | "Transferring agency" means the Department on Aging; the | ||||||
13 | Departments of Agriculture, Central Management Services, | ||||||
14 | Children and Family Services, Commerce and Economic | ||||||
15 | Opportunity, Corrections, Employment Security, Financial and | ||||||
16 | Professional Regulation, Healthcare and Family Services, Human | ||||||
17 | Rights, Human Services, Insurance, Juvenile Justice, Labor, | ||||||
18 | Lottery, Military Affairs, Natural Resources, Public Health, | ||||||
19 | Revenue, State Police, Transportation, and Veterans' Affairs; | ||||||
20 | the Capital Development Board; the Deaf and Hard of Hearing | ||||||
21 | Commission; the Environmental Protection Agency; the | ||||||
22 | Governor's Office of Management and Budget; the Guardianship | ||||||
23 | and Advocacy Commission; the Historic Preservation Agency; the | ||||||
24 | Illinois Arts Council; the Illinois Council on Developmental | ||||||
25 | Disabilities; the Illinois Emergency Management Agency; the | ||||||
26 | Illinois Gaming Board; the Illinois Health Information |
| |||||||
| |||||||
1 | Exchange Authority; the Illinois Liquor Control Commission; | ||||||
2 | the Illinois Student Assistance Commission; the Illinois | ||||||
3 | Technology Office; the Office of the State Fire Marshal; and | ||||||
4 | the Prisoner Review Board. "Transferring agency" does not | ||||||
5 | include a State constitutional office, the Office of the | ||||||
6 | Executive Inspector General, or any office of the legislative | ||||||
7 | or judicial branches of State government.
| ||||||
8 | (Source: 100HB5611eng, Sec. 1-5.)
| ||||||
9 | (100HB5611eng, Sec. 1-30)
| ||||||
10 | Sec. 1-30. Information technology. | ||||||
11 | (a) The Secretary shall be the Chief Information Officer | ||||||
12 | for the State and the steward of State data with respect to | ||||||
13 | those agencies under the jurisdiction of the Governor. It shall | ||||||
14 | be the duty of the Department and the policy of the State of | ||||||
15 | Illinois to manage or delegate the management of the | ||||||
16 | procurement, retention, installation, maintenance, and | ||||||
17 | operation of all information technology used by client | ||||||
18 | agencies, so as to achieve maximum economy consistent with | ||||||
19 | development of appropriate and timely information in a form | ||||||
20 | suitable for management analysis, in a manner that provides for | ||||||
21 | adequate security protection and back-up facilities for that | ||||||
22 | equipment, the establishment of bonding requirements, and a | ||||||
23 | code of conduct for all information technology personnel to | ||||||
24 | ensure the privacy of information technology information as | ||||||
25 | provided by law. |
| |||||||
| |||||||
1 | (b) The Department shall be responsible for providing the | ||||||
2 | Governor with timely, comprehensive, and meaningful | ||||||
3 | information pertinent to the formulation and execution of | ||||||
4 | fiscal policy. In performing this responsibility the | ||||||
5 | Department shall have the power to do the following: | ||||||
6 | (1) Control the procurement, retention, installation, | ||||||
7 | maintenance, and operation, as specified by the | ||||||
8 | Department, of information technology equipment used by | ||||||
9 | client agencies in such a manner as to achieve maximum | ||||||
10 | economy and provide appropriate assistance in the | ||||||
11 | development of information suitable for management | ||||||
12 | analysis. | ||||||
13 | (2) Establish principles and standards of information | ||||||
14 | technology-related reporting by client agencies and | ||||||
15 | priorities for completion of research by those agencies in | ||||||
16 | accordance with the requirements for management analysis | ||||||
17 | specified by the Department. | ||||||
18 | (3) Establish charges for information technology and | ||||||
19 | related services requested by client agencies and rendered | ||||||
20 | by the Department. The Department is likewise empowered to | ||||||
21 | establish prices or charges for all information technology | ||||||
22 | reports purchased by agencies and individuals not | ||||||
23 | connected with State government. | ||||||
24 | (4) Instruct all client agencies to report regularly to | ||||||
25 | the Department, in the manner the Department may prescribe, | ||||||
26 | their usage of information technology, the cost incurred, |
| |||||||
| |||||||
1 | the information produced, and the procedures followed in | ||||||
2 | obtaining the information. All client agencies shall | ||||||
3 | request from the Department assistance and consultation in | ||||||
4 | securing any necessary information technology to support | ||||||
5 | their requirements. | ||||||
6 | (5) Examine the accounts and information | ||||||
7 | technology-related data of any organization, body, or | ||||||
8 | agency receiving appropriations from the General Assembly, | ||||||
9 | except for a State constitutional office , the Office of the | ||||||
10 | Executive Inspector General, or any office of the | ||||||
11 | legislative or judicial branches of State government . For a | ||||||
12 | State constitutional office , the Office of the Executive | ||||||
13 | Inspector General, or any office of the legislative or | ||||||
14 | judicial branches of State government , the Department | ||||||
15 | shall have the power to examine the accounts and | ||||||
16 | information technology-related data of the State | ||||||
17 | constitutional office , the Office of the Executive | ||||||
18 | Inspector General, or any office of the legislative or | ||||||
19 | judicial branches of State government when requested by | ||||||
20 | those offices that office . | ||||||
21 | (6) Install and operate a modern information | ||||||
22 | technology system utilizing equipment adequate to satisfy | ||||||
23 | the requirements for analysis and review as specified by | ||||||
24 | the Department. Expenditures for information technology | ||||||
25 | and related services rendered shall be reimbursed by the | ||||||
26 | recipients. The reimbursement shall be determined by the |
| |||||||
| |||||||
1 | Department as amounts sufficient to reimburse the | ||||||
2 | Technology Management Revolving Fund for expenditures | ||||||
3 | incurred in rendering the services. | ||||||
4 | (c) In addition to the other powers and duties listed in | ||||||
5 | subsection (b), the Department shall analyze the present and | ||||||
6 | future aims, needs, and requirements of information | ||||||
7 | technology, research, and planning in order to provide for the | ||||||
8 | formulation of overall policy relative to the use of | ||||||
9 | information technology and related equipment by the State of | ||||||
10 | Illinois. In making this analysis, the Department shall | ||||||
11 | formulate a master plan for information technology, utilizing | ||||||
12 | information technology most advantageously, and advising | ||||||
13 | whether information technology should be leased or purchased by | ||||||
14 | the State. The Department shall prepare and submit interim | ||||||
15 | reports of meaningful developments and proposals for | ||||||
16 | legislation to the Governor on or before January 30 each year. | ||||||
17 | The Department shall engage in a continuing analysis and | ||||||
18 | evaluation of the master plan so developed, and it shall be the | ||||||
19 | responsibility of the Department to recommend from time to time | ||||||
20 | any needed amendments and modifications of any master plan | ||||||
21 | enacted by the General Assembly. | ||||||
22 | (d) The Department may make information technology and the | ||||||
23 | use of information technology available to units of local | ||||||
24 | government, elected State officials, State educational | ||||||
25 | institutions, the judicial branch, the legislative branch, and | ||||||
26 | all other governmental units of the State requesting them. The |
| |||||||
| |||||||
1 | Department shall establish prices and charges for the | ||||||
2 | information technology so furnished and for the use of the | ||||||
3 | information technology. The prices and charges shall be | ||||||
4 | sufficient to reimburse the cost of furnishing the services and | ||||||
5 | use of information technology. | ||||||
6 | (e) The Department may establish standards to provide | ||||||
7 | consistency in the operation and use of information technology.
| ||||||
8 | (Source: 100HB5611eng, Sec. 1-30.)
|