§ 9001C Intent and purpose.
The General Assembly finds and declares that the way it manages information technology will play a strong role in determining the future success of the State. Information technology resources in state government are valuable strategic assets belonging to the citizens of Delaware and must be managed accordingly. The development and implementation of a single, common, statewide technology direction is fundamental to every aspect of state government including strengthening economic development, expanding education opportunities and providing the most efficient delivery of services to the citizens of Delaware. The General Assembly further finds and declares there is a critical role of information and information systems in the provision of life, health, safety, and other crucial services to the citizens of the State of Delaware and there is a need to mitigate the risk posed to these services due to ever-evolving cybersecurity threats.
§ 9002C Establishment of the Department of Technology and Information.
A Department of Technology and Information is established within the Executive Department, and shall have the powers, duties and functions vested in the Department by this chapter.
§ 9003C Definitions.
For the purposes of this chapter:
(1) “Agency” or “state agency” includes every board, department, bureau, commission, person or group of persons or other authority created and now existing or hereafter to be created to execute, supervise, control or administer governmental functions under the laws of this State or to perform such other duties as may be prescribed or to whom any moneys are appropriated under any budget appropriation act or supplemental appropriation act or any other act which authorizes and requires any department to collect or use any taxes, fees, licenses, permits or other receipts for services or otherwise for the performance of any function of or related to or supported in whole or in part by the laws of this State, or created to administer any laws providing for the collection of taxes, fees, permits, licenses or other forms of receipts from any sources whatsoever for the use of the State or any agency of the State. “Agency” or “state agency” does not include the legislative and judicial branches of state government, any non-executive branch agencies of the government, or any university, or local education agencies.
(2) “CIO” means Chief Information Officer of the State.
(3) “Council” means Technology Investment Council.
(4) “Department” means the Department of Technology and Information.
(5) “State” means State of Delaware.
(6) “Technology” means the following resources and initiatives used to acquire, transport, process, analyze, store and disseminate information or data electronically:
a. Data centers, infrastructure, hardware, technology project management, telecommunications and networking, software applications, service desk, information security, data management, and database administration; and
b. Digital government and online initiatives.
§ 9004C General powers, duties and functions of the Department.
The Department, with the approval of the CIO, may enter into contracts with private entities to perform any of its enumerated duties that can be more efficiently performed in such manner. In addition, the Department of Technology and Information shall have the following powers, duties and functions:
(1) The powers and duties described in § 9001C of this title;
(2) Create, implement, and enforce statewide and agency technology solutions, policies, standards and guidelines, including as recommended by the Technology Investment Council on an ongoing basis and the CIO;
(3) Provide operations and production support to ensure the efficient and reliable operation of the State’s computer and telecommunications network;
(5) Evaluate the performance of technology systems and equipment;
(6) Provide analytical and programming support to maintain and upgrade existing technology systems, applications and programs;
(7) Provide management of technology facilities;
(8) Research all facets of technology systems that may have been or will be installed or are proposed to be installed, and all matters pertaining thereto, including:
a. Potential technology solutions of or with private entities; and
b. Review of systems and equipment installed or to be installed or of changes or additions in or to equipment in any of the state agencies, regardless of size or of the method or source of funding;
(9) Develop and coordinate new technology initiatives and establish statewide information systems and technology priorities for purposes of budgetary funding reviews by the Director of the Office of Management and Budget;
(10) Promote cooperation between all state agencies, in order that work may be done by one agency for another agency and equipment and/or technical personnel in one agency may be made available to another agency, and promote such improvements as may be necessary in joint or cooperative technology operations. The Chief Information Officer is authorized to purchase, lease or rent technology and related equipment in the name of the Department of Technology and Information and to operate the equipment in providing services to any or all state agencies. When, in the opinion of the Chief Information Officer, better and more efficient technology services can be performed, the Department may enter into lease or purchase agreements in the acquiring or the use of any technology equipment and use such equipment in a centralized statewide approach. When the Department acts in a centralized statewide approach, the cost of the operation shall be prorated among the state agencies benefiting from those services provided thereby. The Chief Information Officer shall decide on the number of data centers, including the size of each, and shall be empowered to pick the site or sites for the centers and the controlling agency. Any consolidated or cooperative plan approved by the Chief Information Officer shall be given effect;
(11) The Department of Technology and Information shall maintain as a paramount consideration the successful internal organization and duties of all state agencies so that efficiency existing in the agencies shall not be adversely affected or impaired by the decisions that are made;
(12) Provide consulting services to all agencies including, but not limited to, information technology planning, program budget planning for information technology initiatives, expertise in systems development life cycle methods, and access to technical information on emerging technologies;
(13) Provide staff support to the Technology Investment Council;
(14) Perform policies and procedures as directed by the CIO;
(15) Develop an acceptable use policy for e-mail communications for every state executive branch agency;
(16) Develop, coordinate, publish and administer a comprehensive state technology plan which shall provide for the centralization and joint use of existing and future communications systems, technology, equipment and services by state agencies;
(17) Develop, coordinate, publish and administer standards, policies and procedures for identifying, justifying and documenting technology requirements of state agencies;
(18) Establish and promulgate standards, policies, guidelines and procedures concerning the development, implementation, acquisition, and use of the State’s technology assets;
(19) Design, procure, install and maintain or, if appropriate, contract for the design, installation and maintenance of technology, equipment, and services for state agencies in accordance with the determinations directed by this subchapter;
(20) Perform periodic audits of the technology and activities of state agencies to ensure compliance with the policy and intent of this subchapter, and other applicable laws and regulations;
(21) Develop, coordinate, publish and administer policies and procedures for the submission of a statewide technology budget, which shall include all requirements of state agencies, including identification of business requirements by agency;
(22) Require that all state agencies having specific technology requirements related to business needs shall cooperate with and assist in the preparation of the statewide technology budget;
(23) Establish and coordinate a mechanism for a prorated chargeback process that aligns with the State’s annual budget process with the approval of the Director of the Office of Management and Budget and Controller General. The chargeback rate will cover all centralized technology services statewide;
(24) Assign an agency “technology coordinator” to each state agency. It is the intent of this subsection that such technology coordinators will act as the primary points of contact for appropriate communications between the Department and the state agencies, the State General Assembly, the State Judiciary, the State Department of Elections, the State Board of Education, the Office of the State Public Defender, the State Attorney General, the State Treasurer, the Auditor of Accounts, other elective offices, and the school districts; and
(25) Perform such other duties in connection with the technology activities of the state government as may be directed by the Governor, or the General Assembly, or as may be required by existing or future state or federal statute.
§ 9005C Communications powers, duties and functions [Transferred].
§ 9006C Requirements for agency technology projects.
(a) Within guidelines established by the Department of Technology and Information, no new technology project may be initiated by any agency unless covered by a formal project plan approved by the Department and agency head. Such plan will be in the form prescribed by the Chief Information Officer, but shall include in any case:
(1) A statement of work to be done, existing work to be modified or displaced;
(2) Total cost of system development and conversion effort including, but not limited to, systems analysis and programming costs, process reengineering, establishment of master files, testing, documentation, special equipment costs and all other costs, including full overhead;
(3) Savings or added operating costs that will result after conversion;
(4) Other advantages or reasons that justify the work;
(5) Source of funding of the work, including ongoing costs and staffing resources;
(6) Conformance with formal (or abbreviated, where applicable) information systems planning methodologies;
(7) Consideration of shared applications and data elements/bases;
(8) Consistency with budget submissions and planning components thereof; and
(9) End user and staff training as needed.
(b) No project is to be undertaken which is beyond the scope of work funded by the General Fund or a special fund. This paragraph applies to all technology performed by the Department of Technology and Information, an agency, or an outside contractor, and also applies to new technology programs or systems purchased or otherwise acquired and placed in use.
(c) All projects are to be authorized by the Chief Information Officer and the concerned agency head, or their designees, before work is begun, except such relatively minor feasibility work required to prepare the project.
(d) Management control and policy direction over all aspects of computerized data requirements definition, data acquisition, data storage and dissemination, data retention and data retirement standards shall be the sole province of the Department of Technology and Information.
(e) The creation and maintenance of statewide data dictionary in which each element of data is defined, collection responsibilities are affixed, and data access by legitimate users clearly defined, shall likewise be the responsibility of the Department of Technology and Information.
(f) To those ends, no agency shall:
(1) Claim unreasonable proprietary ownership of public domain information needed by another agency in the performance of its lawful duties, except as specifically excluded by law; or
(2) Create a computerized database outside of guidelines established by the Department of Technology and Information.
§ 9007C Chief Information Officer.
(a) The Administrator of the Department shall be the State’s CIO. The CIO shall be appointed by the Governor, with the advice and consent of the Senate, shall serve at the pleasure of the Governor, and receive a salary to be determined by the Governor and specified in the annual Operating Budget.
(b) In the event of a vacancy in the position of CIO, including the death, resignation, temporary incapacity, or removal of the CIO, and prior to the appointment of a successor, the Governor may appoint any qualified individual to serve as acting CIO.
§ 9008C Powers, duties and functions of the CIO.
The following shall be the responsibilities and functions of the CIO:
(1) To act as the head administrator of the Department and to ensure that Department carries out all of its statutory duties;
(2) To act as the Governor’s chief adviser on issues relating to technology;
(3) To serve as the Cabinet level executive for both the Department of Technology and Information;
(4) To develop partnerships with state agencies in executing agreed upon technology strategies, plans and projects by ensuring the timely delivery of quality technology solutions, products and services on a cost effective basis, including setting and maintaining appropriate standards and managing relationships with, and the performance of, selected third party technology vendors;
(5) To build, develop, motivate and retain a high performing team of technology professionals that will enable the State to achieve its technology vision, strategies and specific performance objectives;
(6) Supervise, direct and account for the administration and operation of the Department of Technology and Information and its subsections, facilities, functions and employees;
(7) Appoint personnel as may be necessary for the administration and operation of the Department of Technology and Information within such limitations as may be imposed by law;
(8) Establish, consolidate or abolish such sections within the Department of Technology and Information or transfer or combine the powers, duties and functions of the subsections within the Department of Technology and Information as the Chief Information Officer, with the approval of the Governor, may deem necessary, providing that all powers, duties and functions required and assigned by law to the Department of Technology and Information shall be provided for and maintained;
(9) Make and enter into any and all contracts, agreements or stipulations for equipment, facilities and support services, and retain, employ and contract for the services of private and public consultants, research and technical personnel and to procure by contract consulting, research, technical and other services and facilities from public and private agencies in this State and other states, whenever the same shall be deemed by the Chief Information Officer to be necessary in the performance of the functions of the Department of Technology and Information; and necessary legal services shall be provided pursuant to Chapter 25 of this title;
(10) Delegate any of the Chief Information Officer’s powers, duties or functions to a manager, except the power to remove employees of the Department of Technology and Information or to determine their compensation;
(11) Establish and promulgate such rules and regulations governing the services and programs of the Department of Technology and Information and such other rules and regulations governing the administration and operation of the Department of Technology and Information as may be deemed necessary by the Chief Information Officer and which are not inconsistent with the federal and state law;
(12) Maintain such facilities throughout the State as may be required for the effective and efficient operation of the Department of Technology and Information;
(13) Prepare a proposed budget for the operation of the Department of Technology and Information to be submitted for the consideration of the Director of the Office of Management and Budget, the Governor and the General Assembly as directed under this chapter;
(14) Coordinate the activities of the Department of Technology and Information with those of other state agencies concerned with the services provided; and
(15) Have any and all other powers and duties as are necessary to administer the powers, duties and functions of the Department of Technology and Information and implement the purposes of this subchapter.
§ 9009C Budgeting and financing.
The Chief Information Officer, in compliance with § 9008C(13) of this title, in cooperation with the internal program managers and office administrators, shall prepare a proposed budget for the operation of the Department of Technology and Information to be submitted for the consideration of the Director of the Office of Management and Budget, the Governor and the General Assembly. The Department of Technology and Information shall be operated within the limitation of the annual appropriation and any other funds appropriated by the General Assembly.
§ 9010C Exemptions from the merit system.
(a) All employees of the Department, including the CIO, shall be exempt from Chapter 59 of this title.
(b) The CIO, with the advice of the Secretary of the Department of Human Resources, shall create a compensation plan. Implementation of said plan shall be contingent upon approval by the Director of the Office of Management and Budget and Controller General. Any proposed compensation plan within the Department of Technology and Information should be unique to information technology employees working at the Department and consider all factors including areas requiring specialized skill sets and other elements of providing a comprehensive technology service organization. Such a plan may include competency-based pay, pay-for-performance and other components necessary to recruit and retain highly qualified information technology professionals to the State.
§ 9011C State information security requirements
The Department of Technology and Information shall have the power to:
(1) Develop and implement a comprehensive information security program that applies personnel, process, and technology controls to protect the State’s data, systems, and infrastructure, within the State’s computing environment and on partner systems. All systems that connect to the State network shall comply with the State Information Security Program;
(2) Identify and address information security risks to each state agency, to third-party providers, and to key supply chain partners, including an assessment of the extent to which information resources, processes, or technologies are vulnerable to unauthorized access or harm, including the extent to which the entity’s electronically stored information is vulnerable to unauthorized access, use, disclosure, disruption, modification, or destruction, and direct risk mitigation strategies, methods, and procedures to reduce those risks;
(3) Establish a central Security Operations Center (SOC) to direct statewide cyber defense and cyber threat mitigation. The SOC responsibilities shall include generating, collecting and analyzing security activity information to effectively identify and respond to cyber-attacks against the State;
(4) Implement technical compliance to state-owned technology as required by law. The Department may also implement technical compliance to state-owned technology that is recommended by private industry standards. The Department shall have the full cooperation of state agencies in identifying compliance requirements or industry standards; and
(5) Temporarily disrupt the exposure of an information system or information technology infrastructure that is owned, leased, outsourced, or shared by one or more state agencies in order to isolate the source of, or stop the spread of, an information security breach or other similar information security incident.
§ 9012C Information coordination [Repealed].
§ 9013C Technology Investment Council.
(a) There is hereby established a Technology Investment Council hereinafter referred to as the “Council”. The Council shall consist of 9 members as follows:
(1) The Chief Information Officer, who shall serve as Chair of the Council;
(2) The Chief Justice of the Supreme Court;
(3) The Controller General;
(4) The Secretary of Finance;
(5) The Director of the Office of Management and Budget;
(6) 4 Cabinet level members appointed by the Governor.
(b) Members serving by virtue of position may appoint their deputy or equivalent position to serve in their stead and at their pleasure.
(c) The Council shall meet at least quarterly.
(d) The Council may establish subcommittees as necessary to carry out business, responsibilities or assigned projects. Noncommittee members may participate in subcommittee meetings and work. The subcommittee members may reach out for assistance as needed to accomplish the assigned project.
§ 9014C Duties of the Technology Investment Council.
The duties of the Council are as follows:
(1) Adopt policies and procedures used to develop, review and annually update a statewide technology plan and provide it to the Governor and the Director of the Office of Management and Budget.
(2) By October 1 of each year, the Council shall provide the Governor and the Director of the Office of Management and Budget with a statewide technology plan. The plan shall discuss the State’s overall technology needs over a multi-year period and the potential budgetary implications of meeting those needs.
(3) By November 15 of each year, the Council shall make recommendations to the Director of the Office of Management and Budget regarding the funding of technology for the coming fiscal year. Prior to making its recommendations to the Director of the Office of Management and Budget, the Council shall confer with the Director of the Office of Management and Budget regarding the demands placed upon the state budget by nontechnology funding needs.
(4) Forward funding recommendations made pursuant to paragraph (3) of this section to the Governor in their entirety.
(5) Enforce active project management, review the progress of current projects to determine if they are on budget and have met their project milestones, and when necessary, recommend the termination of projects.
(7) Identify opportunities to leverage expertise in strategically important areas of information technology by partnering with private sector entities. Such opportunities shall be clearly set forth in the statewide technology plan called for in paragraph (2) of this section.
§ 9015C Misnomer of Department.
Any misnomer shall not defeat or annul any gift, grant, devise or bequest to the Department if it sufficiently appears by the will, conveyance or other writing that the party making the same intended to pass and convey thereby to the Department or to any commission, board, department, authority, council or agency, to which, by this chapter, the powers, duties and functions have been transferred to the Department, the estate or interest therein expressed or described.
§ 9016C Supremacy.
All other laws or parts of laws now in effect inconsistent with this chapter are hereby repealed, superseded, modified or amended so far as necessary to conform to and give full force and effect to this chapter.
§ 9016E State agency technology procurement and management.
(a) The Department shall establish statewide technology standards for use in the procurement process. Further, if the Department has entered into a statewide contract for technology services or resources, then that contract is mandatory use for state agencies.
(b) The Department of Technology and Information shall have the full cooperation of state agencies in developing and implementing the sharing of data and information throughout the executive branch.
(c) The Department of Technology and Information shall enter into and develop service level agreements necessary to ensure that the state agencies have full access to secure, reliable, and efficient technology services.
§ 9016F Reallocation of technology personnel and equipment from executive branch agencies [Expires Aug. 5, 2022].
(a) All employees in executive branch agencies who are currently engaged in the exercise and performance of the powers, duties, and functions, as defined in this title and who are determined by the CIO to be necessary for the exercise and performance of the powers, duties, and functions as defined in this title are hereby reallocated to the Department. In addition, all executive branch agency employees who are determined by the CIO to have been engaged in providing necessary administrative, technical, or other support functions as defined in this title are hereby reallocated to the Department. In order to facilitate this reallocation, all executive branch agencies shall work in cooperation with the CIO, the Secretary of the Department of Human Resources, and the Director of the Office of Management and Budget to develop a detailed plan of implementation to reallocate and centralize all agency employees referenced in this section to the Department. This plan shall include but not be limited to any budgetary, operational, and regulatory changes necessary to implement such a centralization as well as service level agreements with state agencies to ensure continued operations.
(b) All technology equipment in executive branch agencies that is currently engaged in the exercise and performance of the powers, duties, and functions, as defined in this title and that is determined by the CIO to be necessary for the exercise and performance of the powers, duties, and functions as defined in this title are hereby reallocated to the Department. In order to facilitate this reallocation, all executive branch agencies shall work in cooperation with the CIO and the Director of the Office of Management and Budget to develop a detailed plan of implementation to reallocate and centralize all executive branch agencies equipment referenced in this section to the Department. This plan shall include but not be limited to any budgetary, operational, and regulatory changes necessary to implement such a centralization as well as service level agreements with state agencies to ensure continued operations.