2019 Kentucky Revised Statutes Chapter 42 - Finance and administration cabinet 42.726 Roles, duties, and permissible activities for Commonwealth Office of Technology -- Duties of Archives and Records Commission and Department for Libraries and Archives not affected -- Annual report concerning security breaches.
Download as PDF
42.726
Roles, duties, and permissible activities for Commonwealth Office of
Technology -- Duties of Archives and Records Commission and Department
for Libraries and Archives not affected -- Annual report concerning security
breaches.
(1)
(2)
The Commonwealth Office of Technology shall be the lead organizational entity
within the executive branch regarding delivery of information technology services,
including application development and delivery, and shall serve as the single
information technology authority for the Commonwealth.
The roles and duties of the Commonwealth Office of Technology shall include but
not be limited to:
(a) Providing technical support and services to all executive agencies of state
government in the application of information technology;
(b) Assuring compatibility and connectivity of Kentucky's information systems;
(c) Developing strategies and policies to support and promote the effective
applications of information technology within state government as a means of
saving money, increasing employee productivity, and improving state services
to the public, including electronic public access to information of the
Commonwealth;
(d) Developing, implementing, and managing strategic information technology
directions, standards, and enterprise architecture, including implementing
necessary management processes to assure full compliance with those
directions, standards, and architecture;
(e) Promoting effective and efficient design and operation of all major
information resources management processes for executive branch agencies,
including improvements to work processes;
(f) Developing, implementing, and maintaining the technology infrastructure of
the Commonwealth and all related support staff, planning, administration,
asset management, and procurement for all executive branch cabinets and
agencies except:
1.
Agencies led by a statewide elected official;
2.
The nine (9) public institutions of postsecondary education;
3.
The Department of Education's services provided to local school
districts;
4.
The Kentucky Retirement Systems and the Teachers' Retirement
System;
5.
The Kentucky Housing Corporation;
6.
The Kentucky Lottery Corporation;
7.
The Kentucky Higher Education Student Loan Corporation; and
8.
The Kentucky Higher Education Assistance Authority;
(g) Facilitating and fostering applied research in emerging technologies that offer
the Commonwealth innovative business solutions;
(h)
Reviewing and overseeing large or complex information technology projects
and systems for compliance with statewide strategies, policies, and standards,
including alignment with the Commonwealth's business goals, investment,
and other risk management policies. The executive director is authorized to
grant or withhold approval to initiate these projects;
(i) Integrating information technology resources to provide effective and
supportable information technology applications in the Commonwealth;
(j) Establishing a central statewide geographic information clearinghouse to
maintain map inventories, information on current and planned geographic
information systems applications, information on grants available for the
acquisition or enhancement of geographic information resources, and a
directory of geographic information resources available within the state or
from the federal government;
(k) Coordinating multiagency information technology projects, including
overseeing the development and maintenance of statewide base maps and
geographic information systems;
(l) Providing access to both consulting and technical assistance, and education
and training, on the application and use of information technologies to state
and local agencies;
(m) In cooperation with other agencies, evaluating, participating in pilot studies,
and making recommendations on information technology hardware and
software;
(n) Providing staff support and technical assistance to the Geographic Information
Advisory Council and the Kentucky Information Technology Advisory
Council;
(o) Overseeing the development of a statewide geographic information plan with
input from the Geographic Information Advisory Council;
(p) Developing for state executive branch agencies a coordinated security
framework and model governance structure relating to the privacy and
confidentiality of personal information collected and stored by state executive
branch agencies, including but not limited to:
1.
Identification of key infrastructure components and how to secure them;
2.
Establishment of a common benchmark that measures the effectiveness
of security, including continuous monitoring and automation of
defenses;
3.
Implementation of vulnerability scanning and other security
assessments;
4.
Provision of training, orientation programs, and other communications
that increase awareness of the importance of security among agency
employees responsible for personal information; and
5.
Development of and making available a cyber security incident response
plan and procedure; and
(q)
(3)
(4)
(5)
Preparing proposed legislation and funding proposals for the General
Assembly that will further solidify coordination and expedite implementation
of information technology systems.
The Commonwealth Office of Technology may:
(a) Provide general consulting services, technical training, and support for generic
software applications, upon request from a local government, if the executive
director finds that the requested services can be rendered within the
established terms of the federally approved cost allocation plan;
(b) Promulgate administrative regulations in accordance with KRS Chapter 13A
necessary for the implementation of KRS 42.720 to 42.742, 45.253, 171.420,
186A.040, 186A.285, and 194A.146;
(c) Solicit, receive, and consider proposals from any state agency, federal agency,
local government, university, nonprofit organization, private person, or
corporation;
(d) Solicit and accept money by grant, gift, donation, bequest, legislative
appropriation, or other conveyance to be held, used, and applied in accordance
with KRS 42.720 to 42.742, 45.253, 171.420, 186A.040, 186A.285, and
194A.146;
(e) Make and enter into memoranda of agreement and contracts necessary or
incidental to the performance of duties and execution of its powers, including,
but not limited to, agreements or contracts with the United States, other state
agencies, and any governmental subdivision of the Commonwealth;
(f) Accept grants from the United States government and its agencies and
instrumentalities, and from any source, other than any person, firm, or
corporation, or any director, officer, or agent thereof that manufactures or sells
information resources technology equipment, goods, or services. To these
ends, the Commonwealth Office of Technology shall have the power to
comply with those conditions and execute those agreements that are
necessary, convenient, or desirable; and
(g) Purchase interest in contractual services, rentals of all types, supplies,
materials, equipment, and other services to be used in the research and
development of beneficial applications of information resources technologies.
Competitive bids may not be required for:
1.
New and emerging technologies as approved by the executive director or
her or his designee; or
2.
Related professional, technical, or scientific services, but contracts shall
be submitted in accordance with KRS 45A.690 to 45A.725.
Nothing in this section shall be construed to alter or diminish the provisions of KRS
171.410 to 171.740 or the authority conveyed by these statutes to the Archives and
Records Commission and the Department for Libraries and Archives.
The Commonwealth Office of Technology shall, on or before October 1 of each
year, submit to the Legislative Research Commission a report in accordance with
KRS 57.390 detailing:
(a)
(b)
(c)
(d)
Any security breaches that occurred within organizational units of the
executive branch of state government during the prior fiscal year that required
notification to the Commonwealth Office of Technology under KRS 61.932;
Actions taken to resolve the security breach, and to prevent additional security
breaches in the future;
A general description of what actions are taken as a matter of course to protect
personal data from security breaches; and
Any quantifiable financial impact to the agency reporting a security breach.
Effective: July 14, 2018
History: Amended 2018 Ky. Acts ch. 78, sec. 3, effective July 14, 2018. -- Amended
2014 Ky. Acts ch. 74, sec. 6, effective January 1, 2015; ch. 89, sec. 11, effective July
15, 2014; and ch. 138, sec. 4, effective July 15, 2014. -- Amended 2012 Ky. Acts ch.
69, sec. 9, effective July 12, 2012. -- Repealed, reenacted, and amended 2009 Ky.
Acts ch. 12, sec. 5, effective June 25, 2009. -- Amended 2006 Ky. Acts ch. 193, sec.
10, effective July 12, 2006. -- Amended 2005 Ky. Acts ch. 85, sec. 30, effective June
20, 2005; and ch. 99, sec. 4, effective June 20, 2005. -- Created 2000 Ky. Acts ch.
506, sec. 4, effective July 14, 2000; and ch. 536, sec. 4, effective July 14, 2000.
Formerly codified as KRS 11.507.
2018-2020 Budget Reference. See State/Executive Branch Budget, 2019 Ky. Acts ch.
193, Section 5., 2., (6) at 1107.
Legislative Research Commission Note (1/1/2015). 2014 Ky. Acts ch. 74, sec. 10
provided that "the provisions of this Act shall not impact the provisions of KRS
61.870 to 61.884." That proviso applies to this statute as amended in Section 6 of
that Act.
Disclaimer: These codes may not be the most recent version. Kentucky may have more current or accurate information. We make no warranties or guarantees about the accuracy, completeness, or adequacy of the information contained on this site or the information linked to on the state site. Please check official sources.