Okla. Stat. tit. 62, § 34.12
Duties of Information Services Division
Effective Jul 1, 2009Laws 1984, SB 401, c. 290, § 2, emerg. eff. July 1, 1984; Amended by Laws 1992, HB 2133, c. 268, § 5, eff. September 1, 1992; Amended by Laws 2001, HB 1214, c. 33, § 51, emerg. eff. July 1, 2001 (superseded document available); Amended by Laws 2005, HB 1862, c. 391, § 1, emerg. eff. July 1, 2005 (superseded document available); Amended by Laws 2006, HB 2935, c. 266, § 1, emerg. eff. July 1, 2006 (superseded document available); Renumbered from 62 O.S. § 41.5a by Laws 2009, HB 2015, c. 441, § 64, emerg. eff. July 1, 2009.
- A. The Information Services Division shall: 1. Coordinate information technology planning through analysis of the long-term information technology plans for each agency; 2. Develop a statewide information technology plan with annual modifications to include, but not be limited to, individual agency plans and information systems plans for the statewide electronic information technology function; 3. Establish and enforce minimum mandatory standards for: a. information systems planning, b. systems development methodology, c. documentation, d. hardware requirements and compatibility, e. operating systems compatibility, f. software and hardware acquisition, g. information security and internal controls, h. data base compatibility, and i. contingency planning and disaster recovery. The standards shall, upon adoption, be the minimum requirements applicable to all agencies. These standards shall be compatible with the standards established for the Oklahoma Government Telecommunications Network created in Section 41.5m of this title. Individual agency standards may be more specific than statewide requirements but shall in no case be less than the minimum mandatory standards. Where standards required of an individual agency of the state by agencies of the federal government are more strict than the state minimum standards, such federal requirements shall be applicable; 4. Develop and maintain applications for agencies not having the capacity to do so; 5. Operate an information technology service center to provide operations and hardware support for agencies requiring such services and for statewide systems; 6. Maintain a directory of the following which have a value of Five Hundred Dollars ($500.00) or more: application systems, systems software, hardware, internal and external information technology, communication or telecommunication equipment owned, leased, or rented for use in communication services for state government, including communication services provided as part of any other total system to be used by the state or any of its agencies, and studies and training courses in use by all agencies of the state; and facilitate the utilization of the resources by any agency having requirements which are found to be available within any agency of the state; 7. Assist agencies in the acquisition and utilization of information technology systems and hardware to effectuate the maximum benefit for the provision of services and accomplishment of the duties and responsibilities of agencies of the state; 8. Coordinate for the executive branch of state government agency information technology activities, encourage joint projects and common systems, and linking of agency systems through the review of agency plans, development of a statewide plan and its integration with the budget process to ensure that developments or acquisitions are consistent with statewide objectives and that proposed systems are justified and cost effective; 9. Develop performance reporting guidelines for information technology facilities and conduct an annual review to compare agency plans and budgets with results and expenditures; 10. Establish operations review procedures for information technology installations operated by agencies of the state for independent assessment of productivity, efficiency, cost effectiveness, and security; 11. Establish service center user charges for billing costs to agencies based on the use of all resources; 12. Provide system development and consultant support to state agencies on a contractual, cost reimbursement basis; and 13. In conjunction with the Oklahoma Office of Homeland Security, enforce the minimum information security and internal control standards established by the Information Services Division. An enforcement team consisting of the Director of the Information Services Division or a designee, a representative of the Oklahoma Office of Homeland Security, and a representative of the Oklahoma State Bureau of Investigation shall enforce the minimum information security and internal control standards. An agency that is not in compliance with the minimum information security and internal control standards shall be notified. The agency will be required to submit a plan for becoming compliant within a specified time period, based on the severity of the noncompliance. If the agency does not become compliant with the minimum information security and internal control standards within the specified time period, the enforcement team shall institute progressive actions as follows: a. if possible, extend the time period for becoming compliant, b. work with the agency to mitigate the noncompliance, c. notify the agency director, the Governor, the Speaker of the House of Representatives, and the President Pro Tempore of the Senate that the agency will be removed from the infrastructure of the state until the agency becomes compliant, d. notify the agency director, the Governor, the Speaker of the House of Representatives, and the President Pro Tempore of the Senate that the enforcement team will take control of the information technology function of the agency until the agency is compliant, and e. recommend to the Governor and the Legislature that the administration and management of the information technology function of the agency be transferred to another state agency. B. No agency of the executive branch of the state shall use state funds for or enter into any agreement for the acquisition of computer hardware, software or any contract for information technology services and equipment exceeding Twenty-five Thousand Dollars ($25,000.00) in value without written authorization of the Director of State Finance. The provisions of this subsection shall not be applicable to any member of The Oklahoma State System of Higher Education, any public elementary or secondary schools of the state, or any technology center school district as defined in Section 14-108 of Title 70 of the Oklahoma Statutes. C. The Office of State Finance and all agencies of the executive branch of the state shall not be required to disclose, directly or indirectly, any information of a state agency which is declared to be confidential or privileged by state or federal statute or the disclosure of which is restricted by agreement with the United States or one of its agencies, nor disclose information technology system details that may permit the access to confidential information or any information affecting personal security, personal identity, or physical security of state assets.
Laws 1984, SB 401, c. 290, § 2, emerg. eff. July 1, 1984; Amended by Laws 1992, HB 2133, c. 268, § 5, eff. September 1, 1992; Amended by Laws 2001, HB 1214, c. 33, § 51, emerg. eff. July 1, 2001 (superseded document available); Amended by Laws 2005, HB 1862, c. 391, § 1, emerg. eff. July 1, 2005 (superseded document available); Amended by Laws 2006, HB 2935, c. 266, § 1, emerg. eff. July 1, 2006 (superseded document available); Renumbered from 62 O.S. § 41.5a by Laws 2009, HB 2015, c. 441, § 64, emerg. eff. July 1, 2009.