Section 8.77 - [Effective 7/1/2024] Information technology services - office powers and duties - responsibilities1. Powers and duties of the chief information officer. The powers and duties of the chief information officer as it relates to information technology services include but are not limited to all of the following: a. Approving information technology for use by supported entities and other governmental entities.b. Directing, developing, and implementing policies, procedures, and organization measures designed to ensure the efficient administration of information technology.c. Implementing the strategic information technology plan.d. Prescribing and adopting information technology policies, procedures, and rules that are binding on all supported entities and that represent best practices for other governmental entities in the state that are not supported entities.e. Developing and implementing a business continuity plan, as the director determines is appropriate, to be used if a disruption occurs in the provision of information technology to supported entities and other governmental entities.f. Prescribing policies and adopting rules relating to cybersecurity, geospatial systems, application development, and information technology and procurement, including but not limited to system design and systems integration, and interoperability, which are binding on all supported entities except as otherwise provided in this subchapter, and which represent best practices for other governmental entities in the state that are not supported entities. The department shall implement information technology policies as established pursuant to this subchapter that are applicable to information technology procurements for supported entities.g. Providing continuous monitoring through a security operations center for supported entities, which the department may also make available to other governmental entities.h. Establishing an enterprise strategic and project management function for oversight of all information technology-related projects and resources of supported entities that require prior approval by rule.i.(1) Developing and maintaining security policies and systems to ensure the integrity of the state's information resources and to prevent the disclosure of confidential records. The department shall ensure that the security policies and systems be consistent with the state's data transparency efforts by developing and implementing policies and systems for the sharing of data and information by supported entities.(2) Establishing statewide policies, to include periodic review and compliance measures, for information technology security to maximize the functionality, security, and interoperability of the state's distributed information technology assets, including but not limited to communications and encryption technologies.(3) Requiring all information technology security services, solutions, hardware, and software purchased or used by a supported entity to be subject to approval by the department in accordance with security policies.j. Developing and implementing effective and efficient strategies for the use and provision of information technology for supported entities and other governmental entities.k. Coordinating and managing the acquisition of information technology goods and services by supported entities in furtherance of the purposes of this subchapter. The department shall institute procedures to ensure effective and efficient compliance with the applicable policies established pursuant to this subchapter. l. Selecting the chief information security officer in consultation with the director, and selecting other information technology staff deemed necessary for the administration of the department's information technology functions as provided in this chapter.m. Determining and implementing statewide efforts to standardize data elements, determine data ownership assignments, and implement the sharing of data.n. Requiring that a supported entity provide such information as is necessary to establish and maintain an inventory of information technology used by supported entities. A supported entity shall provide such information to the department in a timely manner, in a form and containing information as determined by the department.o. Requiring supported entities to provide the full details of the entity's information technology and operational requirements upon request, report information technology security incidents to the department in a timely manner, provide comprehensive information concerning the information technology security employed by the entity to protect the entity's information technology, and forecast the parameters of the entity's projected future information technology security needs and capabilities.p. Charging reasonable fees, costs, expenses, charges, or other amounts to an agency, governmental entity, public official, or person or entity related to the provision, sale, use, or utilization of, or cost sharing with respect to, information technology and any intellectual property interests related thereto; research and development; proprietary hardware, software, and applications; and information technology architecture and design. The department may enter into nondisclosure agreements and take any other legal action reasonably necessary to secure a right to an interest in information technology development by or on behalf of the state of Iowa and to protect the state of Iowa's proprietary information technology and intellectual property interests. The provisions of chapter 23A relating to noncompetition by state agencies and political subdivisions with private enterprise do not apply to department activities authorized under this paragraph.q. Charging reasonable fees, costs, expenses, charges, or other amounts to an agency, governmental entity, public official, or other person or entity to or for whom information technology or other services have been provided by or on behalf of, or otherwise made available through, the department.r. Providing, selling, leasing, licensing, transferring, or otherwise conveying or disposing of information technology, or any intellectual property or other rights with respect thereto, to agencies, governmental entities, public officials, or other persons or entities.s. Entering into partnerships, contracts, leases, or other agreements with public and private entities for the evaluation and development of information technology pilot projects.t. Initiating and supporting the development of electronic commerce, electronic government, and internet applications across supported entities and in cooperation with other governmental entities. The department shall foster joint development of electronic commerce and electronic government involving the public and private sectors, develop customer surveys and citizen outreach and education programs and material, and provide for citizen input regarding the state's electronic commerce and electronic government applications.u. Working with all governmental entities in an effort to achieve information technology goals.v. Developing systems and methodologies to review, evaluate, and prioritize information technology projects.w. Streamlining, consolidating, and coordinating the access to and availability of broadband and broadband infrastructure throughout the state, including but not limited to facilitating public-private partnerships, ensuring that all departments' and establishments' broadband and broadband infrastructure policies are aligned, resolving issues that arise with regard to implementation efforts, and collecting data and developing metrics or policies against which the data may be measured and evaluated regarding broadband infrastructure installation and deployment.x. Administering the broadband grant program pursuant to section 8B.11, and providing technical assistance to communications service providers related to grant applications under section 8B.11.y. Coordinating the fiberoptic network conduit installation program established in section 8B.25.2.Responsibilities. The responsibilities of the chief information officer as it relates to information technology services include all of the following: a. Promote, integrate, and support information technology in all business aspects of state government.b. Provide for server systems, including mainframe and other server operations, desktop support, and applications integration.c. Provide applications development, support, and training, and advice and assistance in developing and supporting business applications throughout state government.3.Information technology charges. The department shall render a statement to an agency, governmental entity, public official, or other person or entity to or for whom information technology, value-added services, or other items or services have been provided by or on behalf of, or otherwise made available through, the department. Such an agency, governmental entity, public official, or other person or entity shall pay an amount indicated on such statement in a manner determined by the department.4.Exclusion. The department of public defense is not required to obtain any information technology services pursuant to this subchapter where such services involve or impact interconnections with federal networks and systems.Renumbered from Iowa Code s 8B.21 by 2024 Iowa HF 2708,s 85, eff. 7/1/2024.Amended by 2024 Iowa HF 2708,s 67, eff. 7/1/2024.Amended by 2024 Iowa HF 2708,s 66, eff. 7/1/2024.Amended by 2024 Iowa HF 2708,s 65, eff. 7/1/2024.Amended by 2018 Iowa, ch 1026, s 5, eff. 7/1/2018.Added by 2013 Iowa, ch 129, s 18, eff. 7/1/2013.