MISSISSIPPI LEGISLATURE

2026 Regular Session

To: Technology; Accountability, Efficiency, Transparency

By: Representative Ford (73rd)

House Bill 1724

AN ACT TO CREATE THE STATEWIDE INFORMATION TECHNOLOGY OPTIMIZATION PROGRAM TO PROVIDE FOR THE COORDINATED PLANNING, DEVELOPMENT, IMPLEMENTATION AND OVERSIGHT OF ENTERPRISE INFORMATION TECHNOLOGY ARCHITECTURE FOR ALL STATE AGENCIES; TO AUTHORIZE THE MISSISSIPPI DEPARTMENT OF INFORMATION TECHNOLOGY SERVICES WITH CERTAIN POWERS AND DUTIES TO IMPLEMENT THE PROGRAM; TO REQUIRE AGENCIES TO COMPLY WITH THE PHASED IMPLEMENTATION OF THE PROGRAM; TO CREATE THE IT OPTIMIZATION FUND IN THE STATE TREASURY FOR FUNDS MADE AVAILABLE FOR THE PURPOSES OF THE PROGRAM; TO AMEND SECTIONS 25-41-17 AND 25-61-11.2, MISSISSIPPI CODE OF 1972, TO PROVIDE THAT RECORDS CREATED AND MEETINGS OCCURRING PURSUANT TO THE PROVISIONS OF THIS ACT THAT CONTAIN SENSITIVE INFORMATION ARE NOT SUBJECT TO THE OPEN MEETINGS AND PUBLIC RECORDS REQUIREMENTS OF THIS STATE; TO BRING FORWARD SECTION 25-53-5, MISSISSIPPI CODE OF 1972, FOR THE PURPOSE OF POSSIBLE AMENDMENT; AND FOR RELATED PURPOSES.

     BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF MISSISSIPPI:

     SECTION 1.  The Statewide Information Technology Optimization Program is created and shall provide for the coordinated planning, development, implementation and oversight of enterprise information technology architecture for all state agencies for all information technology as defined under Section 25-53-3 and governed by Chapter 53, Title 25, Mississippi Code of 1972.  The program shall establish statewide information technology architecture standards, ensure alignment of agency technology plans with statewide enterprise objectives, support efficient and secure information technology investments, increase shared information technology, and reduce unnecessary duplication of systems, services and resources across state government. 

     SECTION 2.  For purposes of this act, the following terms have the meanings as defined in this section, unless the context clearly indicates otherwise:

          (a)  "Information technology enterprise application portfolio" means the statewide inventory and analysis of information technology systems and applications operated by state agencies.

          (b)  "Information technology enterprise architecture" means the framework used to manage and align the business processes, information systems, data and other technology infrastructure of state government with statewide information technology strategic goals.

          (c)  "Information technology enterprise architecture review" means the review conducted by ITS under paragraph (e) of Section 3 of this act to determine whether proposed agency information technology investments comply with statewide information technology enterprise architecture standards.

          (d)  All other terms have the meaning as provided in Section 25-53-3.

          (e)  Any use of the term "architecture" in this act applies only to information technology and does not mean the practice of architecture as provided in Chapter 1, Title 73, Mississippi Code of 1972.

     SECTION 3.  The Mississippi Department of Information Technology Services (ITS), in collaboration with all state agencies, shall provide centralized management and coordination of the statewide information technology enterprise architecture, as defined solely by ITS.  ITS is authorized to exercise all powers necessary to effectuate the purposes of this act and the program, including, but not limited to, the following powers and duties:

          (a)  Serve as the sole authority for defining the statewide information technology enterprise architecture, including the enterprise business architecture, data and information architecture, application architecture, technology and infrastructure architecture, cloud architecture and security architecture;

          (b)  Develop, maintain and publish statewide enterprise information technology architecture standards, policies, principles and guidelines to be implemented by all state agencies to the extent that they apply;

          (c)  Develop and maintain a statewide enterprise information technology application portfolio, including application inventory, lifecycle status, technical dependencies, costs, security requirements and integration mappings for all systems operated by state agencies;

          (d)  In addition to technology plans, review and evaluate agency information technology strategies and road maps to ensure they align with statewide enterprise information technology architecture standards and statewide strategic technology goals and objectives;

          (e)  Conduct an Information Technology Enterprise Architecture Review in accordance with ITS published policies, rules or regulations of proposed agency information technology acquisitions, projects, systems or services prior to procurement or implementation to ensure compliance with statewide standards, avoid duplication, promote interoperability and ensure alignment with the Strategic Master Plan for information technology;

          (f)  Identify and recommend to the board of ITS opportunities for enterprise information technology services, system consolidation, shared platform adoption, cloud modernization and reduction of redundant or obsolete systems; 

          (g)  Collaborate with the Office of the Chief Information Security Officer to ensure that all information technology enterprise architecture standards incorporate statewide cybersecurity requirements;

          (h)  Ensure, as applicable, that information technology enterprise architecture requirements and standards are incorporated as minimum requirements in all solicitations for the procurement of data, information technology systems, software, telecommunications, cloud services and related services;

          (i)  Provide guidance and technical assistance to agencies for planning and implementing technology solutions that comply with enterprise architecture requirements, as appropriate;

          (j)  Prepare and submit periodic reports on information technology enterprise architecture compliance, statewide technology alignment and modernization opportunities to the board of ITS, the Chief Information Officer (CIO) Council and the committee chairs of the House and Senate Technology Committees; and

          (k)  Promulgate policies, rules and regulations necessary to effectuate the purposes of this act.

     SECTION 4.  Each state agency's executive director or agency head shall:

          (a)  Align, as applicable, the agency's technology plans, investments and systems with the statewide information technology enterprise architecture standards established by ITS;

          (b)  Participate, to the fullest extent feasible, in the Statewide Information Technology Optimization Program and use enterprise services and shared platforms in lieu of standalone or duplicative systems specific to the agency;

          (c)  Submit all proposed information technology projects, acquisitions or system changes to ITS for review before any solicitation, procurement, contract amendment or implementation, as determined by ITS; 

          (d)  Provide timely, complete and accurate information for inclusion in the statewide information technology enterprise application portfolio;

          (e)  Develop or adopt, implement and maintain internal agency information technology architecture guidelines that support the statewide enterprise architecture standards; and

          (f)  Ensure that all solicitations, contracts, amendments and technology initiatives undertaken by the agency incorporate and comply with statewide information technology enterprise architecture requirements.

     The provisions of this act shall be implemented in phases according to timelines established by ITS, and all state agencies must comply with the requirements of this act in accordance with the timelines established by ITS.

     SECTION 5.  (1)  The Statewide Information Technology Optimization Program shall be managed by ITS and externally supported by the CIO Council.  The CIO Council shall provide guidance on statewide enterprise architecture standards, identify shared opportunities, support interagency collaboration and provide recommendations on information technology enterprise architecture compliance and exceptions.  The board of ITS shall provide statutory oversight of statewide information technology policies, standards, planning and procurements. 

     (2)  The following entities may use any information technology acquisition made on behalf of or by ITS for purposes of shared use in accordance with ITS rules and procedures: state agencies, public and private institutions of higher learning, local political subdivisions of the state, including governing authorities, and junior and community colleges.

     SECTION 6.  ITS is authorized to develop and implement an internship, fellowship, or other related programs for the purposes of strengthening a network of professionals committed to ITS' mission as provided in Miss. Code Ann. Section 25-53-1 et seq., and by fostering innovation and supporting research and practice in the field of information technology in Mississippi state government.

     SECTION 7.  (1)  There is created in the State Treasury a special fund to be known as the IT Optimization Fund, and monies designated to the fund shall be used for the for the purposes of the Statewide Information Technology Optimization Program.  Unexpended amounts remaining in the special fund at the end of a fiscal year shall not lapse into the State General Fund, and any interest earned on amounts in the special fund shall be deposited to the credit of the special fund.  ITS may receive donations, grants and other funding from any public or private source made available to support its mission, and any funds donated or received for this purpose shall be deposited in the IT Optimization Fund.

     (2)  All funds designated by agencies for procurement of information technology provided by ITS to its customers for shared use shall be paid into Mississippi Department of Information Technology Services Revolving Fund, which shall be used by ITS for payment to vendors for hardware, software or services acquired.  Payments due from such agency be paid, transferred or allocated into the revolving fund pursuant to a schedule established by ITS.  In the event such sums are not paid by the defined payment period and upon notification by ITS, the Executive Director of the Department of Finance and Administration shall issue a requisition for a warrant to draw such amount as may be due from any funds appropriated for the use of the agency that has failed to make the payment as agreed.

     SECTION 8.  Section 25-41-17, Mississippi Code of 1972, is amended as follows:

     25-41-17.  (1)  The provisions of this chapter shall not apply to chance meetings or social gatherings of members of a public body.

     (2)  The provisions of this chapter shall not apply to meetings that occur pursuant to Sections 1 through 7 of this act that contain sensitive information related to security, infrastructure or statewide information technology architecture.

     SECTION 9.  Section 25-61-11.2, Mississippi Code of 1972, is amended as follows:

     25-61-11.2.  The following information technology (IT) records shall be exempt from the Mississippi Public Records Act of 1983:

          (a)  IT infrastructure details, including network architecture, schematics, and IT system designs;

          (b)  Source code;

          (c)  Detailed hardware and software inventories;

          (d)  Security plans;

          (e)  Vulnerability reports;

          (f)  Security risk assessment details;

          (g)  Security compliance reports;

          (h)  Authentication credentials;

          (i)  Security policies and processes;

          (j)  Security incident reports; * * *and

          (k)  Any audit, assessment, compliance report, work papers or any combination of these that if disclosed could allow unauthorized access to the state's IT assets * * *.; and

          (l)  Records and documentation generated pursuant to Sections 1 through 7 of this act that contain sensitive information related to security, infrastructure or statewide information technology architecture.

     SECTION 10.  Section 25-53-5, Mississippi Code of 1972, is brought forward as follows:

     25-53-5.  The authority shall have the following powers, duties, and responsibilities:

          (a)  The authority shall provide for the development of plans for the efficient acquisition and utilization of information technology by all agencies of state government, and provide for their implementation.  In so doing, the authority may use the ITS' staff, at the discretion of the executive director of the authority, or the authority may contract for the services of qualified consulting firms in the field of information technology and utilize the service of such consultants as may be necessary for such purposes.

          (b)  The authority shall immediately institute procedures for carrying out the purposes of this chapter and supervise the efficient execution of the powers and duties of the executive director of the ITS.  In the execution of its functions under this chapter, the authority shall maintain as a paramount consideration the successful internal organization and operation of the several agencies so that efficiency existing therein shall not be adversely affected or impaired.  In executing its functions in relation to the institutions of higher learning and junior colleges in the state, the authority shall take into consideration the special needs of such institutions in relation to the fields of teaching and scientific research.

          (c)  The authority shall adopt rules, regulations, and procedures governing the acquisition of information technology which shall, to the fullest extent practicable, ensure the maximum of competition between all manufacturers of supplies or equipment or services.  In the writing of specifications, in the making of contracts relating to the acquisition of such information technology, and in the performance of its other duties the authority shall provide for the maximum compatibility of all information systems hereafter installed or utilized by all state agencies and may require the use of common computer languages where necessary to accomplish the purposes of this chapter.  The authority may establish by regulation and charge reasonable fees on a nondiscriminatory basis for the furnishing to bidders of copies of bid specifications and other documents issued by the authority.

          (d)  The authority shall adopt rules and regulations governing the sharing with, or the sale or lease of information technology services to any nonstate agency or person.  Such regulations shall provide that any such sharing, sale or lease shall be restricted in that same shall be accomplished only where such services are not readily available otherwise within the state, and then only at a charge to the user not less than the prevailing rate of charge for similar services by private enterprise within this state.

          (e)  The authority may, in its discretion, establish a special technical advisory committee or committees to study and make recommendations on matters within the competence of the authority as the authority may see fit.  Persons serving on any such committees shall be entitled to receive their actual and necessary expenses actually incurred in the performance of such duties, together with mileage as provided by law for state employees, provided the same has been authorized by a resolution duly adopted by the authority and entered on its minutes prior to the performance of such duties.  For the purposes of this paragraph, such committee meetings are exempt from the requirements of Sections 25-41-1 through 25-41-17.

          (f)  The authority may provide for the development and require the adoption of standardized computer programs and may provide for the dissemination of information to and the establishment of training programs for the personnel of the various information technology centers of state agencies and personnel of the agencies utilizing the services thereof.

          (g)  The authority shall adopt reasonable rules and regulations requiring the reporting to the authority through the office of executive director of such information as may be required for carrying out the purposes of this chapter and may also establish such reasonable procedures to be followed in the presentation of bills for payment under the terms of all contracts for the acquisition of information technology now or hereafter in force as may be required by the authority or by the executive director in the execution of their powers and duties.

          (h)  The authority shall require such adequate documentation of information technology procedures utilized by the various state agencies and may require the establishment of such organizational structures within state agencies relating to information technology operations as may be necessary to effectuate the purposes of this chapter.

          (i)  The authority may adopt such further reasonable rules and regulations as may be necessary to fully implement the purposes of this chapter.  All rules and regulations adopted by the authority shall be published in readily accessible form to all affected state agencies, and to all current suppliers of computer equipment and services to the state, and to all prospective suppliers requesting the same.  Such rules and regulations shall be kept current, be periodically revised, and copies thereof shall be available at all times for inspection by the public at reasonable hours in the offices of the authority.  Whenever possible no rule, regulation or any proposed amendment to such rules and regulations shall be finally adopted or enforced until copies of the proposed rules and regulations have been published.

          (j)  The authority shall establish rules and regulations which shall provide for the submission of all contracts proposed to be executed by the executive director for information technology, including cloud computing, to the authority for approval before final execution, and the authority may provide that such contracts involving the expenditure of less than such specified amount as may be established by the authority may be finally executed by the executive director without first obtaining such approval by the authority.

          (k)  The authority is authorized to consider new technologies, such as cloud computing, to purchase, lease, or rent information technology and to operate that information technology when in its opinion such operation will provide maximum efficiency and economy in the functions of any such agency or agencies.

          (l)  Upon the request of the governing body of a political subdivision or instrumentality, the authority shall assist the political subdivision or instrumentality in its development of plans for the efficient acquisition and utilization of information technology.  An appropriate fee shall be charged the political subdivision by the authority for such assistance.

          (m)  The authority shall adopt rules and regulations governing the protest procedures to be followed by any actual or prospective bidder, offerer or contractor who is aggrieved in connection with the solicitation or award of a contract for the acquisition of information technology.  Such rules and regulations shall prescribe the manner, time and procedure for making protests and may provide that a protest not timely filed shall be summarily denied.  The authority may require the protesting party, at the time of filing the protest, to post a bond, payable to the state, in an amount that the authority determines sufficient to cover any expense or loss incurred by the state; however, in no event may the amount of the bond required exceed a reasonable estimate of the total project cost.  The authority, in its discretion, also may prohibit any prospective bidder, offerer or contractor who is a party to any protest or litigation involving any such contract with the state, the authority or any agency of the state to participate in any other such bid, offer or contract, or to be awarded any such contract, during the pendency of the protest or litigation.

          (n)  The authority shall make a report in writing to the Legislature each year in the month of January.  Such report shall contain a full and detailed account of the work of the authority for the preceding year as specified in Section 25-53-29(3).

     All acquisitions of information technology involving the expenditure of funds in excess of the dollar amount established in Section 31-7-13(c), or rentals or leases in excess of the dollar amount established in Section 31-7-13(c) for the term of the contract, shall be based upon bid.  The authority may reserve the right to reject any or all bids, and if all bids are rejected, the authority may negotiate a contract within the limitations of the specifications so long as the terms of any such negotiated contract are equal to or better than the lowest bidder, and so long as the total cost to the State of Mississippi does not exceed the lowest bid.  If the authority accepts one (1) of such bids, it shall be that which is the lowest and best.  The provisions of this paragraph shall not apply to acquisitions of information technology equipment and services made by the Mississippi Department of Health and the Mississippi Department of Revenue for the purposes of implementing, administering and enforcing the provisions of the Mississippi Medical Cannabis Act by June 30, 2024.

          (o)  When applicable, the authority may procure information technology in accordance with the law or regulations, or both, which govern the Bureau of Purchasing of the Office of General Services or which govern the Mississippi Department of Information Technology Services procurement of information technology.

          (p)  The authority is authorized to purchase, lease, or rent information technology for the purpose of establishing pilot projects to investigate emerging technologies.  These acquisitions shall be limited to new technologies and shall be limited to an amount set by annual appropriation of the Legislature.  These acquisitions shall be exempt from the advertising and bidding requirement.

          (q)  To promote the maximum use and benefit from technology and services now in operation or which will in the future be placed in operation and to identify opportunities, minimize duplication, reduce costs and improve the efficiency of providing common technology services the authority is authorized to:

              (i)  Enter into master agreements for information technology, including cloud computing, available for shared use by state agencies, institutions of higher learning and governing authorities; and

              (ii)  Enter into contracts for the acquisition of information technology, including cloud computing, that have been acquired by other entities, located within or outside of the State of Mississippi, so long as it is determined by the authority to be in the best interest of the state.  The acquisitions provided in this paragraph (q) shall be exempt from the advertising and bidding requirements of Sections 25-53-1 et seq. and 31-7-1 et seq.

          (r)  All fees collected by the Mississippi Department of Information Technology Services shall be deposited into the Mississippi Department of Information Technology Services Revolving Fund unless otherwise specified by the Legislature.

          (s)  The authority shall work closely with the council to bring about effective coordination of policies, standards and procedures relating to procurement of remote sensing and geographic information systems (GIS) resources.

          (t)  The authority shall manage one or more State Data Centers to provide information technology services on a cost-sharing basis.  In determining the appropriate services to be provided through the State Data Center, the authority should consider those services that:

              (i)  Result in savings to the state as a whole;

              (ii)  Improve and enhance the security and reliability of the state's information and business systems; and

              (iii)  Optimize the efficient use of the state's information technology assets, including, but not limited to, promoting partnerships with the state institutions of higher learning and community colleges to capitalize on advanced information technology resources.

          (u)  The authority shall oversee the Mississippi Statewide Data Exchange, ensuring compliance with the requirements of Section 25-53-281.  The Department of Information Technology Services shall have the authority to promulgate rules and regulations necessary to develop, implement and oversee the Mississippi Statewide Data Exchange.  The department shall engage with state agencies and other stakeholders to identify data-sharing opportunities and address potential barriers.  Additionally, the department shall establish a Chief Information Officer (CIO) Council, composed of information technology leadership from state agencies, to provide strategic oversight, promote interoperability and recommend policies to enhance the effectiveness and security of statewide data-sharing initiatives.

          (v)  The authority shall increase federal participation in the cost of the State Data Center to the extent provided by law and its shared technology infrastructure through providing such shared services to agencies that receive federal funds.  With regard to state institutions of higher learning and community colleges, the authority may provide shared services when mutually agreeable, following a determination by both the authority and the Board of Trustees of State Institutions of Higher Learning or the Mississippi Community College Board, as the case may be, that the sharing of services is mutually beneficial.

          (w)  The authority, in its discretion, may require new or replacement agency business applications to be hosted at the State Data Center.  With regard to state institutions of higher learning and community colleges, the authority and the Board of Trustees of State Institutions of Higher Learning or the Mississippi Community College Board, as the case may be, may agree that institutions of higher learning or community colleges may utilize business applications that are hosted at the State Data Center, following a determination by both the authority and the applicable board that the hosting of those applications is mutually beneficial.  In addition, the authority may establish partnerships to capitalize on the advanced technology resources of the Board of Trustees of State Institutions of Higher Learning or the Mississippi Community College Board, following a determination by both the authority and the applicable board that such a partnership is mutually beneficial.

          (x)  The authority shall provide a periodic update regarding reform-based information technology initiatives to the Chairmen of the House and Senate Accountability, Efficiency and Transparency Committees.

     From and after July 1, 2018, the expenses of this agency shall be defrayed by appropriation from the State General Fund.  In addition, in order to receive the maximum use and benefit from information technology and services, expenses for the provision of statewide shared services that facilitate cost-effective information technology shall be defrayed by pass-through funding and shall be deposited into the Mississippi Department of Information Technology Services Revolving Fund unless otherwise specified by the Legislature.  These funds shall only be utilized to pay the actual costs incurred by the Mississippi Department of Information Technology Services for providing these shared services to state agencies.  Furthermore, state agencies shall work in full cooperation with the Board of the Mississippi Department of Information Technology Services to identify information technology to minimize duplication, reduce costs, and improve the efficiency of providing common technology services across agency boundaries.

     SECTION 11.  This act shall take effect and be in force from and after July 1, 2026.