Code Section Group

Government Code - GOV

TITLE 2. GOVERNMENT OF THE STATE OF CALIFORNIA [8000 - 22980]

  ( Title 2 enacted by Stats. 1943, Ch. 134. )

DIVISION 3. EXECUTIVE DEPARTMENT [11000 - 15986]

  ( Division 3 added by Stats. 1945, Ch. 111. )

PART 1. STATE DEPARTMENTS AND AGENCIES [11000 - 11898]

  ( Part 1 added by Stats. 1945, Ch. 111. )

CHAPTER 5.6. Department of Technology [11545 - 11548]
  ( Heading of Chapter 5.6 amended by Stats. 2014, Ch. 391, Sec. 2. )

11545.
  

(a) (1) There is in state government the Department of Technology within the Government Operations Agency. The Director of Technology shall be appointed by, and serve at the pleasure of, the Governor, subject to Senate confirmation. The Director of Technology shall supervise the Department of Technology and report directly to the Governor on issues relating to information technology.

(2) Unless the context clearly requires otherwise, whenever the term “office of the State Chief Information Officer” or “California Technology Agency” appears in any statute, regulation, or contract, or any other code, it shall be construed to refer to the Department of Technology, and whenever the term “State Chief Information Officer” or “Secretary of California Technology” appears in any statute, regulation, or contract, or any other code, it shall be construed to refer to the Director of Technology.

(3) The Director of Technology shall be the State Chief Information Officer.

(b) The duties of the Director of Technology shall include, but are not limited to, all of the following:

(1) Advising the Governor on the strategic management and direction of the state’s information technology resources.

(2) Establishing and enforcing state information technology strategic plans, policies, standards, and enterprise architecture. This shall include the periodic review and maintenance of the information technology sections of the State Administrative Manual and procurement procedures related to information technology projects, except for sections on information technology fiscal policy. The Director of Technology shall consult with the Director of General Services, the Director of Finance, and other relevant agencies concerning policies and standards these agencies are responsible to issue that relate to information technology.

(3) Minimizing overlap, redundancy, and cost in state information technology operations by promoting the efficient and effective use of information technology.

(4) Providing technology direction to agency and department chief information officers to ensure the integration of statewide technology initiatives, compliance with information technology policies and standards, and the promotion of the alignment and effective management of information technology services. This paragraph does not limit the authority of a constitutional officer, cabinet agency secretary, or department director to establish programmatic priorities and business direction to the respective agency or department chief information officer.

(5) Working to improve organizational maturity and capacity in the effective management of information technology.

(6) Establishing performance management and improvement processes to ensure state information technology systems and services are efficient and effective.

(7) Approving, suspending, terminating, and reinstating information technology projects.

(8) Performing enterprise information technology functions and services, including, but not limited to, implementing Geographic Information Systems (GIS), shared services, applications, and program and project management activities in partnership with the owning agency or department.

(c) The Director of Technology shall produce an annual information technology strategic plan that shall guide the acquisition, management, and use of information technology. State agencies shall cooperate with the department in the development of this plan, as required by the Director of Technology.

(1) Upon establishment of the information technology strategic plan, the Director of Technology shall take all appropriate and necessary steps to implement the plan, subject to any modifications and adjustments deemed necessary and reasonable.

(2) The information technology strategic plan shall be submitted to the Joint Legislative Budget Committee by January 15 of every year.

(d) The Director of Technology shall produce an annual information technology performance report that shall assess and measure the state’s progress toward enhancing its information technology program for human capital management; reducing and avoiding costs and risks associated with the acquisition, development, implementation, management, and operation of information technology assets, infrastructure, and systems; improving energy efficiency in the use of information technology assets; enhancing the security, reliability, and quality of information technology networks, services, and systems; and improving the information technology procurement process. This report shall also include cost savings and avoidances achieved through improvements to the way the state acquires, develops, implements, manages, and operates state technology assets, infrastructure, and systems. The department shall establish those policies and procedures required to improve the performance of the state’s information technology program.

(1) The department shall maintain an information technology performance management framework that includes the performance measures and targets that the department will utilize to assess the performance of, and measure the costs and risks avoided by, the state’s information technology program.

(2) State agencies shall take all necessary steps to achieve the targets set forth by the department and shall report their progress to the department on a quarterly basis.

(3) Notwithstanding Section 10231.5, the information technology performance report shall be submitted to the Joint Legislative Budget Committee, including any changes, by January 15 of every year. To enhance transparency, the department shall post performance targets and progress toward these targets on its public Internet Web site.

(e) If the Governor’s Reorganization Plan No. 2 of 2012 becomes effective, this section shall prevail over Section 186 of the Governor’s Reorganization Plan No. 2 of 2012, regardless of the dates on which this section and that plan take effect, and this section shall become operative on July 1, 2013.

(Amended by Stats. 2017, Ch. 193, Sec. 1. (AB 475) Effective January 1, 2018.)

11546.
  

(a) The Department of Technology shall be responsible for the approval and oversight of information technology projects, which shall include, but are not limited to, all of the following:

(1) Establishing and maintaining a framework of policies, procedures, and requirements for the initiation, approval, implementation, management, oversight, and continuation of information technology projects. Unless otherwise required by law, a state department shall not procure oversight services of information technology projects without the approval of the Department of Technology.

(2) Evaluating information technology projects based on the business case justification, resources requirements, proposed technical solution, project management, oversight and risk mitigation approach, and compliance with statewide strategies, policies, and procedures. Projects shall continue to be funded through the established Budget Act process.

(3) Consulting with agencies during initial project planning to ensure that project proposals are based on well-defined programmatic needs, clearly identify programmatic benefits, and consider feasible alternatives to address the identified needs and benefits consistent with statewide strategies, policies, and procedures.

(4) Consulting with agencies prior to project initiation to review the project governance and management framework to ensure that it is best designed for success and will serve as a resource for agencies throughout the project implementation.

(5) Requiring agencies to provide information on information technology projects including, but not limited to, all of the following:

(A) The degree to which the project is within approved scope, cost, and schedule.

(B) Project issues, risks, and corresponding mitigation efforts.

(C) The current estimated schedule and costs for project completion.

(6) Requiring agencies to perform remedial measures to achieve compliance with approved project objectives. These remedial measures may include, but are not limited to, any of the following:

(A) Independent assessments of project activities, the cost of which shall be funded by the agency administering the project.

(B) Establishing remediation plans.

(C) Securing appropriate expertise, the cost of which shall be funded by the agency administering the project.

(D) Requiring additional project reporting.

(E) Requiring approval to initiate any action identified in the approved project schedule.

(7) Suspending, reinstating, or terminating information technology projects. The Department of Technology shall notify the Joint Legislative Budget Committee of any project suspension, reinstatement, and termination within 30 days of that suspension, reinstatement, or termination.

(8) Establishing restrictions or other controls to mitigate nonperformance by agencies, including, but not limited to, any of the following:

(A) The restriction of future project approvals pending demonstration of successful correction of the identified performance failure.

(B) The revocation or reduction of authority for state agencies to initiate information technology projects or acquire information technology or telecommunications goods or services.

(b) The Department of Technology shall have the authority to delegate to another agency any authority granted under this section based on its assessment of the agency’s project management, project oversight, and project performance.

(Amended by Stats. 2013, Ch. 353, Sec. 77. (SB 820) Effective September 26, 2013. Operative July 1, 2013, by Sec. 129 of Ch. 353.)

11546.1.
  

The Department of Technology shall improve the governance and implementation of information technology by standardizing reporting relationships, roles, and responsibilities for setting information technology priorities.

(a) (1) Each state agency shall have a chief information officer who is appointed by the head of the state agency, or by the head’s designee, subject to the approval of the Department of Technology.

(2) A chief information officer appointed under this subdivision shall do all of the following:

(A) Oversee the information technology portfolio and information technology services within his or her state agency through the operational oversight of information technology budgets of departments, boards, bureaus, and offices within the state agency.

(B) Develop the enterprise architecture for his or her state agency, subject to the review and approval of the Department of Technology, to rationalize, standardize, and consolidate information technology applications, assets, infrastructure, data, and procedures for all departments, boards, bureaus, and offices within the state agency.

(C) Ensure that all departments, boards, bureaus, and offices within the state agency are in compliance with the state information technology policy.

(b) (1) Each state entity shall have a chief information officer who is appointed by the head of the state entity.

(2) A chief information officer appointed under this subdivision shall do all of the following:

(A) Supervise all information technology and telecommunications activities within his or her state entity, including, but not limited to, information technology, information security, and telecommunications personnel, contractors, systems, assets, projects, purchases, and contracts.

(B) Ensure the entity conforms with state information technology and telecommunications policy and enterprise architecture.

(c) Each state agency shall have an information security officer appointed by the head of the state agency, or the head’s designee, subject to the approval by the Department of Technology. The state agency’s information security officer appointed under this subdivision shall report to the state agency’s chief information officer.

(d) Each state entity shall have an information security officer who is appointed by the head of the state entity. An information security officer shall report to the chief information officer of his or her state entity. The Department of Technology shall develop specific qualification criteria for an information security officer. If a state entity cannot fund a position for an information security officer, the entity’s chief information officer shall perform the duties assigned to the information security officer. The chief information officer shall coordinate with the Department of Technology for any necessary support.

(e) (1) For purposes of this section, “state agency” means the Transportation Agency, Department of Corrections and Rehabilitation, Department of Veterans Affairs, Business, Consumer Services, and Housing Agency, Natural Resources Agency, California Health and Human Services Agency, California Environmental Protection Agency, Labor and Workforce Development Agency, and Department of Food and Agriculture.

(2) For purposes of this section, “state entity” means an entity within the executive branch that is under the direct authority of the Governor, including, but not limited to, all departments, boards, bureaus, commissions, councils, and offices that are not defined as a “state agency” pursuant to paragraph (1).

(f) A state entity that is not defined under subdivision (e) may voluntarily comply with any of the requirements of Sections 11546.2 and 11546.3 and may request assistance from the Department of Technology to do so.

(Amended by Stats. 2012, Ch. 147, Sec. 9. (SB 1039) Effective January 1, 2013. Operative July 1, 2013, by Sec. 23 of Ch. 147.)

11546.2.
  

(a) On or before February 1 of every year, each state agency and state entity subject to Section 11546.1, shall submit, as instructed by the Department of Technology, a summary of its actual and projected information technology and telecommunications costs, including, but not limited to, personnel, for the immediately preceding fiscal year and current fiscal year, showing current expenses and projected expenses for the current fiscal year, in a format prescribed by the Department of Technology in order to capture statewide information technology expenditures.

(b) On or before February 1 of every year, each state agency and state entity subject to Section 11546.1 shall submit, as instructed and in a format prescribed by the Department of Technology, a summary of its actual and projected information security costs, including, but not limited to, personnel, for the immediately preceding fiscal year and current fiscal year, showing current expenses and projected expenses for the current fiscal year, in order to capture statewide information security expenditures, including the expenditure of federal grant funds for information security purposes.

(Amended by Stats. 2017, Ch. 193, Sec. 2. (AB 475) Effective January 1, 2018.)

11546.3.
  

(a) (1) A chief information officer appointed under Section 11546.1 shall develop a plan to leverage cost-effective strategies to reduce the total amount of energy utilized by information technology and telecommunications equipment of the officer’s agency or entity, as the case may be, in support of the statewide effort to reduce energy consumption by 20 percent below the 2009 baseline by July 1, 2011, and by 30 percent below the 2009 baseline by July 1, 2012.

(2) A chief information officer appointed under Section 11546.1 shall report the progress toward the energy reduction targets in paragraph (1) to the Department of Technology on a quarterly basis beginning in January 2011. The Department of Technology shall include the quarterly reports on its Internet Web site.

(b) (1) A state agency or entity subject to Section 11546.1 shall do all of the following:

(A) Comply with the policies of the Department of Technology to reduce the total amount of office square footage currently utilized for data centers by the agency or entity, as the case may be, in support of the statewide effort to reduce energy consumption by 50 percent below the 2009 baseline by July 2011.

(B) Host all mission critical and public-facing applications and server refreshes in a Tier III or equivalent data center, as designated by the Department of Technology.

(C) Close any existing data centers or server rooms that house nonnetwork equipment by June 2013. On or before July 2011, transition plans, in accordance with guidance provided by the Department of Technology, shall be submitted to the Department of Technology.

(D) Be in migration from its existing network services to the California Government Network by no later than July 2011.

(E) Report to the Department of Technology on the progress toward the targets listed in this subdivision on a quarterly basis, beginning in January 2011.

(2) The Department of Technology shall include the quarterly reports required by subparagraph (E) of paragraph (1) on its Internet Web site.

(c) (1) A state agency or entity subject to Section 11546.1 shall do both of the following:

(A) Be in migration to the state shared email solution by no later than June 2011.

(B) Report to the Department of Technology on the progress toward the target listed in subparagraph (A) on a quarterly basis, beginning in April 2011.

(2) The Department of Technology shall include the quarterly reports required by subparagraph (B) of paragraph (1) on its Internet Web site.

(Amended by Stats. 2013, Ch. 352, Sec. 237. (AB 1317) Effective September 26, 2013. Operative July 1, 2013, by Sec. 543 of Ch. 352.)

11546.4.
  

Notwithstanding any other law, any service contract proposed to be entered into by an agency that would not otherwise be subject to review, approval, or oversight by the Department of Technology but that contains an information technology component that would be subject to oversight by the Department of Technology if it was a separate information technology project, shall be subject to review, approval, and oversight by the Department of Technology as set forth in Section 11546.

(Amended by Stats. 2013, Ch. 352, Sec. 238. (AB 1317) Effective September 26, 2013. Operative July 1, 2013, by Sec. 543 of Ch. 352.)

11546.5.
  

Notwithstanding any other law, all employees of the Department of Technology shall be designated as excluded from collective bargaining pursuant to subdivision (b) of Section 3527, except for employees of the Office of Technology Services and employees of the Public Safety Communications Division who are not otherwise excluded from collective bargaining.

(Amended by Stats. 2013, Ch. 352, Sec. 239. (AB 1317) Effective September 26, 2013. Operative July 1, 2013, by Sec. 543 of Ch. 352.)

11546.6.
  

(a) The Director of Technology shall require fingerprint images and associated information from an employee, prospective employee, contractor, subcontractor, volunteer, or vendor whose duties include, or would include, working on data center, telecommunications, or network operations, engineering, or security with access to confidential or sensitive information and data on the network or computing infrastructure.

(b) The fingerprint images and associated information described in subdivision (a) shall be furnished to the Department of Justice for the purpose of obtaining information as to the existence and nature of any of the following:

(1) A record of state or federal convictions and the existence and nature of state or federal arrests for which the person is free on bail or on his or her own recognizance pending trial or appeal.

(2) Being convicted of, or pleading nolo contendere to, a crime, or having committed an act involving dishonesty, fraud, or deceit, if the crime or act is substantially related to the qualifications, functions, or duties of a person employed by the state in accordance with this provision.

(3) Any conviction or arrest, for which the person is free on bail or on his or her own recognizance pending trial or appeal, with a reasonable nexus to the information or data to which the employee shall have access.

(c) Requests for federal criminal offender record information received by the Department of Justice pursuant to this section shall be forwarded to the Federal Bureau of Investigation by the Department of Justice.

(d) The Department of Justice shall respond to the Director of Technology with information as provided under subdivision (p) of Section 11105 of the Penal Code.

(e) The Director of Technology shall request subsequent arrest notifications from the Department of Justice as provided under Section 11105.2 of the Penal Code.

(f) The Department of Justice may assess a fee sufficient to cover the processing costs required under this section, as authorized pursuant to subdivision (e) of Section 11105 of the Penal Code.

(g) If an individual described in subdivision (a) is rejected as a result of information contained in the Department of Justice or Federal Bureau of Investigation criminal offender record information response, the individual shall receive a copy of the response record from the Director of Technology.

(h) The Director of Technology shall develop a written appeal process for an individual described in subdivision (a) who is determined ineligible for employment because of his or her Department of Justice or Federal Bureau of Investigation criminal offender record. Individuals shall not be found to be ineligible for employment pursuant to this section until the appeal process is in place.

(i) When considering the background information received pursuant to this section, the Director of Technology shall take under consideration any evidence of rehabilitation, including participation in treatment programs, as well as the age and specifics of the offense.

(Amended by Stats. 2013, Ch. 352, Sec. 240. (AB 1317) Effective September 26, 2013. Operative July 1, 2013, by Sec. 543 of Ch. 352.)

11546.7.
  

(a) Before July 1, 2019, and before July 1 biennially thereafter, the director of each state agency or state entity, as defined in subdivision (e) of Section 11546.1, and each chief information officer appointed under Section 11546.1, shall post on the home page of the state agency’s or state entity’s Internet Web site a signed certification from the state agency’s or state entity’s director and chief information officer that they have determined that the Internet Web site is in compliance with Sections 7405 and 11135, and the Web Content Accessibility Guidelines 2.0, or a subsequent version, published by the Web Accessibility Initiative of the World Wide Web Consortium at a minimum Level AA success criteria.

(b) The Director of Technology shall create a standard form that each state agency’s or state entity’s chief information officer shall use to determine whether the state agency’s or state entity’s Internet Web site is in compliance with the accessibility standards specified in subdivision (a).

(Added by Stats. 2017, Ch. 780, Sec. 1. (AB 434) Effective January 1, 2018.)

11546.8.
  

(a) For the purpose of this chapter, “blockchain” means a mathematically secured, chronological, and decentralized ledger or database.

(b) This section shall remain in effect only until January 1, 2022, and as of that date is repealed, unless a later enacted statute, that is enacted before January 1, 2022, deletes or extends that date.

(Added by Stats. 2018, Ch. 875, Sec. 1. (AB 2658) Effective January 1, 2019. Repealed as of January 1, 2022, by its own provisions.)

11546.9.
  

(a) The Secretary of the Government Operations Agency shall appoint a blockchain working group and designate the chairperson of that group on or before July 1, 2019, to evaluate all of the following:

(1) The uses of blockchain in state government and California-based businesses.

(2) The risks, including privacy risks, associated with the use of blockchain by state government and California-based businesses.

(3) The benefits associated with the use of blockchain by state government and California-based businesses.

(4) The legal implications associated with the use of blockchain by state government and California-based businesses.

(5) The best practices for enabling blockchain technology to benefit the State of California, California-based businesses, and California residents.

(b) The working group shall consist of participants from all of the following:

(1) Three appointees from the technology industry.

(2) Three appointees from nontechnology-related industries.

(3) Three appointees with a background in law chosen in consultation with the Judicial Council.

(4) Two appointees representing privacy organizations.

(5) Two appointees representing consumer organizations.

(6) The State Chief Information Officer, or his or her designee.

(7) The Director of Finance, or his or her designee.

(8) The chief information officers of three other state agencies, departments, or commissions.

(9) One member of the Senate, appointed by the Senate Committee on Rules, and one member of the Assembly, appointed by the Speaker of the Assembly.

(c) The blockchain working group shall take input from a broad range of stakeholders with a diverse range of interests affected by state policies governing emerging technologies, privacy, business, the courts, the legal community, and state government.

(d) On or before July 1, 2020, the blockchain working group shall report to the Legislature on the potential uses, risks, and benefits of the use of blockchain technology by state government and California-based businesses.

(1) The working group’s report shall include recommendations for modifications to the definition of blockchain in Section 11546.8 and recommendations for amendments to other code sections that may be impacted by the deployment of blockchain.

(2) A report submitted pursuant to this subdivision shall be submitted in compliance with Section 9795 of the Government Code.

(e) The members of the working group shall serve without compensation, but shall be reimbursed for all necessary expenses actually incurred in the performance of their duties.

(f) This section shall remain in effect only until January 1, 2022, and as of that date is repealed, unless a later enacted statute, that is enacted before January 1, 2022, deletes or extends that date.

(Added by Stats. 2018, Ch. 875, Sec. 2. (AB 2658) Effective January 1, 2019. Repealed as of January 1, 2022, by its own provisions.)

11547.
  

The Department of Finance shall perform fiscal oversight of the state’s information technology projects. This oversight shall consist of a determination of the availability of project funding from appropriate sources, and project consistency with state fiscal policy. Projects shall continue to be funded through the established Budget Act process.

(Added by Stats. 2007, Ch. 183, Sec. 6. Effective January 1, 2008.)

11548.
  

This chapter shall not apply to the State Compensation Insurance Fund, the Legislature, or the Legislative Data Center in the Legislative Counsel Bureau.

(Added by Stats. 2007, Ch. 183, Sec. 6. Effective January 1, 2008.)

GOVGovernment Code - GOV