AN ACT TO MAKE MISCELLANEOUS AND TECHNICAL CHANGES TO THE STATUTES RELATING TO THE DEPARTMENT OF INFORMATION TECHNOLOGY; AMEND VARIOUS STATUTES RELATING TO STATE AGENCY CYBERSECURITY; AMEND VARIOUS STATUTES RELATING TO THE EMERGENCY TELEPHONE SERVICE AND THE 911 BOARD; REPEAL THE REQUIREMENT THAT CABLE SERVICE PROVIDERS MUST PROVIDE CABLE SERVICE WITHOUT CHARGE TO A PUBLIC BUILDING LOCATED WITHIN 125 FEET OF THE PROVIDER'S CABLE SYSTEM; CREATE THE INFORMATION TECHNOLOGY STRATEGY BOARD; REQUIRE TRAINING AND CERTIFICATION OF POLICE TELECOMMUNICATORS; AND CLARIFY THE AUTHORITY OF THE STATE CHIEF INFORMATION OFFICER TO MAKE PERSONNEL DECISIONS RELATING TO EMPLOYEES OF THE DEPARTMENT OF INFORMATION TECHNOLOGY. SL 2019-200. Enacted August 21, 2019. Section 10 is effective January 1, 2020. Effective August 21, 2019, unless otherwise indicated.
Bill Summaries: H217 (2019-2020 Session)
Summary date: Aug 21 2019 - View summary
Summary date: Aug 6 2019 - View summary
Conference report makes the following changes to the 5th edition.
Makes an organizational change to proposed subsection (g) of GS 143B-1406, which requires every local government to participate in the 911 system, instead enacting the proposed provisions in new subsection (h).
Adds the following provisions.
Effective January 1, 2020, repeals GS 66-360, which requires cable providers operating under a State-issued franchise to provide cable service at no charge to certain public buildings, upon request of a county or city.
Enacts GS 143B-1337, establishing the Information Technology Strategy Board (Board) in the Department of Technology, with eleven voting members and one nonvoting member. Details Board membership, terms, appointment, and reimbursement, as well as Board meetings and staff. Prohibits Board members from being employed by or serving on the board of directors or other corporate governing body of any vendor providing information systems, computer hardware, computer software, or telecommunications goods or services to the State. Enumerates seven powers and duties of the Board, including (1) to advise the State Chief Information Officer (State CIO) on policies and procedures to develop, review, and update the Sate Information Technology Plan; (2) to establish committees to identify and share industry best practices and new developments and to identify existing State information technology problems and deficiencies; and (3) to develop and maintain a five-year prioritization plan for future business system technology projects. Requires the Board to adopt bylaws, meet at least quarterly, and to annually report to the specified NCGA committee and division by January 1 of each year, as specified.
Enacts GS 17E-7(c2) to explicitly require any person employed as a telecommunicator by a municipal police agency to meet all of the requirements for telecommunicators set forth in GS Chapter 17E, as amended, effective July 1, 2021.
Enacts GS 126-5(c15) to authorize the State CIO to (1) classify or reclassify positions of the Department of Information Technology (DIT) according to the classification system established by the State Human Resources Commission (SHRC) so long as the employee meets the minimum requirements for classification and (2) set salaries for DIT employees within the salary ranges for the respective position classifications established by the SHRC.
Makes conforming changes to the act's effective date provisions and the act's long title.
Bill H 217Summary date: Jun 26 2019 - View summary
Senate committee substitute to the 4th edition makes the following changes.
Adds to the proposed changes to GS 143B-1362 to require written approval of the Department of Information Technology (previously, also required approval of the Office of State Budget and Management) for the establishment or renewal of information technology personal service contracts.
Modifies the proposed changes to GS 143B-1353 to maintain the existing prohibition against the State Chief Information Officer (State CIO) or a deputy, or any other policy-making or managerially exempt personnel from being financially interested in information technology or its sourcing (was previously eliminated). Maintains the proposed elimination of the provision prohibiting the acceptance of bribes and the substitute provision subjecting all Department of Information Technology (DIT) employees to GS 133-32 (which regulates gifts and favors for public works contractors). Makes organizational changes.
Adds to the proposed changes to GS 143B-1379, regarding required information principal department heads and councils of state must provide the State CIO. Exempts military personnel with a valid secret security clearance or a favorable Tier 3 security clearance investigation from the required criminal background reports for an agency's designated liaison in the information technology area.
Amends the proposed changes to GS 143B-1400. Includes in the definition of 911 State Plan the aggregation and sharing of call talking data, resources, procedures, standards, and requirements to improve emergency response and implementation of an NG911 network (previously, did not specify call talking). Adds to the definition of agent an authorized person who has one or more roles for a communications service provider. Maintains the existing definition of CMRS provider (previously, amended to refer to a service provider rather than an entity). Maintains the existing definition of FCC Order (previously, amended).
Modifies and adds to the proposed changes to GS 143B-1402, regarding the powers and duties of the 911 Board (Board). Eliminates the proposed provisions added to the duty to administer the 911 Fund and the monthly 911 service charge, concerning the Board's adoption of related policy and procedures. Instead, adds a separate subsection to require the Board to determine its policies, procedures, and rules for execution of its powers and duties by majority vote. Also requires the Board to provide the Executive Director with the policy, procedure, or rule for execution. Establishes that no individual Board member has the responsibility or authority to give operational directives to any Board employee other than the Executive Director. Regarding the duty to set operating standards for PSAPs (public safety answering points) and backup PSAPs, removes the explicit inclusion of minimum staffing standards. Makes further clarifying and technical changes. Requires the Board to collect, manage, and analyze call taking data that is delivered to the State ESInet for use by the Board in performing call analytics and call routing (was, to collect and distribute data and to PSAPs and communications service providers).
Eliminates the proposed changes to GS 143B-1403 regarding service charges for 911 service. Requires the revenues of service charges to (1) ensure the full cost recovery for communications service providers over a reasonable period of time and (2) fund allocations under GS 143B-1404, as enacted, for monthly distributions to primary PSAPs and for the State ESInet (substantively similar to the previously proposed changes to subsection (d)).
Modifies the proposed changes to GS 143B-1404, concerning the 911 Fund, to provide that the 911 Board must set the rate at an amount that enables the Board to ensure funding is adequate to meet its duties (previously, referred to setting the service charge rather than the rate).
Modifies the proposed changes to GS 143B-1405 to maintain the existing terminology, referencing enhanced 911 service.
Makes organizational changes to the proposed changes to GS 143B-1406, regarding distribution of 911 Fund funds to PSAPs.
Further amends GS 143B-1409, no longer qualifying the specified conditions of the provision of enhanced 911 service by a CMRS (Commercial Mobile Radio Service) provider in accordance with the FCC Order. Similarly, maintains existing terminology, referencing enhanced 911 service.
Amends GS 58-31-60 to establish that each payroll unit is entitled to the number of payroll deduction slots it needs to be used for payment of insurance premiums for products selected by the Employee Insurance Committee and offered to the employees of the payroll unit (previously, units were entitled to at least four payroll deduction slots).
Summary date: Apr 30 2019 - View summary
House amendment #1 makes the following changes to the 3rd edition.
Specifies that the act does affect the exclusive responsibility and authority of the Secretary of Revenue to maintain and safeguard the secrecy and security of taxpayer information under specified state law that prohibits disclosure except for the purposes described therein.
Summary date: Apr 29 2019 - View summary
House committee substitute makes the following changes to the 2nd edition.
Eliminates proposed GS 143B-1403(a1), which provided that no subscriber or communications service provider is liable to any person or entity for billing or remitting a different number of 911 service charges than that required by the Part for any services billed prior to 180 days following the date the act becomes law. Amends GS 143B-1406(f), concerning the requirements to be met in order for a PSAP to receive a distribution, by limiting the telecommunicators' required courses to those telecommunicators who are not required to be certified by the North Carolina Sheriffs' Education and Training Standards Commission. Makes clarifying changes.
Summary date: Apr 25 2019 - View summary
House committee substitute makes the following changes to the 1st edition.
Deletes the proposed changes to GS 143B-1353, which prohibits financial interest of officers within the Department of Information Technology (Department) in sources of information technology supply. Instead, deletes all of the existing language and establishes that the provisions of GS 133-32, which regulates gifts and favors of public works contractors, apply to all Department employees.
Adds the following provisions.
Amends GS 143B-1322 and GS 166A-19.12 to require the State Chief Information Officer (State CIO) and the Division of Emergency Management to coordinate to manage statewide response to cybersecurity incidents and significant cybersecurity incidents, as defined. Additionally requires the Division of Emergency management to coordinate with the Adjutant General, and specifically directs the Division to develop and promulgate necessary policies, plans, and procedures for cybersecurity and critical infrastructure protection, and to annually review, update, and test cyber incident response plans and procedures.
Adds to GS 143B-1321 to require that confidentiality be kept for information technology information that is protected from public disclosure under GS 132-6.1(c), including, but not limited to, specified examples provided.
Amends GS 143B-1320 to eliminate the defined terms information technology security incident and security incident. Adds the term cybersecurity incident and defines the term to mean an occurrence that either (1) actually or imminently jeopardizes, without lawful authority, the integrity, confidentiality, or availability of information or an information system or (2) constitutes a violation or imminent threat of violation of law, security policies, privacy policies, security procedures, or acceptable use policies. Adds the term significant cybersecurity incident and defines the term to mean a cybersecurity incident likely to result in demonstrable harm to the state's security interests, economy, critical infrastructure, or to the public confidence, civil liberties, or public health and safety of residents. Provides factors for determining significant cybersecurity incidents. Makes conforming changes throughout Article 15, Department of Information Technology.
Amends GS 143B-1379 to modify and add to the information all principal department heads and Council of State agency heads must provide to the State CIO. Now includes the full details of all of the agency's significant cybersecurity incidents within 24 hours of confirmation; comprehensive information concerning the information technology security employed to protect the agency's data, including documentation and reporting of remedial or corrective action plans to address any deficiencies in the information security policies, procedures, and practices of the State agency; and a forecast of the parameters of the agency's projected future cybersecurity and privacy needs and capabilities. Additionally requires the department and agency heads to complete mandatory annual security awareness training and reporting compliance for all personnel, including contractors and other users of state information technology systems. Adds a new requirement for county and municipal governments to report cybersecurity incidents to the Department. Provides that the information reported is protected from public disclosure. Additionally, encourages private sector entities to report cybersecurity incidents to the Department.
Expands GS 143B-1376 to charge the State CIO with the responsibility for the security and privacy (was, only the security) of all State information technology systems and associated data. Makes conforming changes. Adds that the State CIO must ensure that agencies are periodically testing and evaluating information security controls and techniques for effective implementation. Additionally requires the State CIO to ensure that all agency and contracted personnel are held accountable for complying with the Statewide information security program.
Amends GS 143B-1378 to require the State CIO to annually assess the ability of each agency and each agency's contracted vendors to comply with the current cybersecurity enterprise-wide set of standards established under the statute. Requires the assessment to estimate the initial cost of implementing necessary security measures for the agency to comply with the standards, as well as the costs over the lifecycle of the State agency information system (previously only required implementation costs).
Modifies and adds to GS 143B-1400, which sets forth defined terms applicable to Part 10, Emergency Telephone Service, Article 15. Adds the terms agent, emergency medical dispatch, next generation 911 network, regional PSAP, State Emergency Services IP (ESInet) Network, and telecommunicator. Modifies the terms 911 State Plan, 911 system, communications service, CMRS provider, FCC Order, GIS (rather than GIS mapping), next generation 911 system, and service supplier.
Modifies and adds to the duties of the 911 Board (Board) prescribed in GS 143B-1402. In developing the 911 State Plan, requires the Board to ensure individual public safety answering point (PSAP) plans incorporate 911 call routing in an emergency and coordination with State emergency operations including Telecommunicator Emergency Response Taskforce (TERT). Provides for the adoption of policies, procedures, and rules by the Board to execute its powers and duties. Requires communication of determined policies and procedures and adopted rules to the Executive Director, who has enforcement authority, as enacted. Specifies that only the Executive Director has the responsibility and authority to give operational directives to any Board employee. Requires the Board to distribute revenue in the 911 Fund (Fund) (previously specified distribution to Commercial Mobile Radio Service (CMRS) providers and PSAPs). In establishing policies and procedures to fund advisory services and training programs, requires the Board to include Emergency Medical Dispatch and quality assurance of Emergency Medical Dispatch programs for PSAPs, and in setting operating standards for PSAPs and back-up PSAPs, requires the Board to include minimum staffing and mandatory telecommunicator training and certification requirements for 911 call taking. Adds that the policies, procedures, and standards established for procurement contracts, advisory services, training programs, and operations are subject to the limitations of GS 143B-1406(d), which sets forth restricted use provisions of funds distributed to PSAPs from the Fund. Prohibits the Board from adopting rules that regulate any communications service, including technical standards for communications service providers to process 911 voice and data. Adds the duty of the Board to collect and distribute data from and to PSAPs and communications service providers so long as data distribution is subject to the state public records law and federal privacy laws and regulations. Adds the duty to coordinate, adopt, and communicate all necessary technical and operational standards, and requirements to ensure an effective statewide interconnected next generation 911 network, the State ESInet, including design specifications, processing standards and requirements, and performance measures. Adds the duty to establish and operate a network management center for the State ESInet staffed by the Board to monitor PSAP and communications service provider compliance and State ESInet performance and security testing protocols in coordination with the Department.
Directs the Department Secretary to select an Executive Director of the Board with the advice of the Board. Deems the Executive Director the chief administrative officer of the Board and the State 911 coordinator for purposes of state and federal law and program requirements. Provides qualifications and responsibilities of the Executive Director, including the duty of drafting suggested legislation incorporating Board findings, and executing the Board's policies, powers, and duties subject to appropriations, available funds, and State employment and procurement laws.
Authorizes the Board to meet in the Department offices or in facilities that satisfy the Board's needs and state public meeting laws. Mandates the Department to provide office space for the Board's staff.
Amends GS 143B-1403 to provide for a monthly service charge for each active communications service connection that provides access to the 911 system through a communications provider (was, voice communications service), payable by the subscriber to the service provider of the communications service. Makes conforming terminology changes. Describes the changes as a clarification of existing law, and provides that no subscriber or communications service provider is liable to any person or entity for billing or remitting a different number of 911 service charged than that required by the Part for any services for which a bill is or has been rendered prior to 180 days following the date the act becomes law. Requires service charges imposed to ensure full cost recovery for communications service providers over a reasonable period of time, for monthly distributions to primary PSAPs, and for the State ESInet (previously referred to rates rather than charges imposed and required full cost recovery for communications service providers and for primary PSAPs over a reasonable period of time; did not include cost recovery for the State ESInet). Make conforming changes.
Amends GS 143B-1404 to increase from 2% to 3.5% the amount of the total service charges remitted to the Board under GS 143B-1403 the Board may retain for its administrative expenses. Now requires the Board to allocate 15% rather than 10% of the total service charges to the Next Generation 911 Reserve Fund, and 5% of the total service charges to the PSAP Grant and Statewide Projects Account. Requires the remaining revenues to be allocated for distribution to the primary PSAPs, CMRS providers, or the Accounts establishes in GS 143B-1407 (the PSAP Grant and Statewide Projects Account and the Next Generation 911 Reserve Fund). Makes technical and conforming changes. Makes further conforming changes throughout the remainder of the Part to refer to the Accounts rather than the PSAP Grant and Statewide Projects Account alone.
Amends GS 143B-1405 to require a CMRS provider to request reimbursement from the 911 Fund by presenting a request to the Board within six months prior to the end of the Board's fiscal year and identifying the provider's anticipated qualified expenses for reimbursement during the Board's next fiscal year. Eliminates the provision regarding accrual of interest on deferred payments. Provides for reallocation of excess funds to the Accounts established under GS 143B-1407 if reimbursement amounts to CMRS providers budgeted by the Board for a fiscal year exceed the amount of funds disbursed. Removes the requirement that the Board consider reduction of the service charge if reallocation totals more than $3 million in a calendar year. Makes further technical and conforming changes.
Makes conforming changes to GS 143B-1406 regarding monthly distribution from the 911 Fund to primary PSAPs. Concerning the funding formula, requires the Board to consider any interlocal government funding agreement to operate a regional PSAP (previously did not specify the nature of the interlocal agreement) among other specified considerations in existing law. Specifies that if the Board does not designate an amount to be allocated to the Accounts established under GS 143B-1407, the Board must distribute all remaining funds to regional or primary PSAPs on a per capita basis (previously did not specify which PSAPs). Conditions eligibility to carryforward distributions on compliance with the requirements of subsection (f) of the statute, as modified. Adds that amounts carried forward to the next fiscal year from distributions made by the Board cannot be used to lower distributions unless the monthly distribution amount in subsection (a) is modified based upon the Board's expenditures for Statewide 911 projects or the PSAP's migration to a next generation 911 network (in addition to the exception provided in existing law for when the monthly distribution amount is greater than 20% of the average yearly amount distributed to the PSAP in the prior two years). Modifies the authorized use of distributions to include the lease, purchase, or maintenance of emergency medical, fire, and law enforcement pre-arrival instruction software. Prohibits use of the funds for addressing or service supplier 911 service and other recurring charges supplanted by the State ESInet costs paid by the Board, following the earlier of July 1, 2021, or compliance with new subsection (e1), which mandates implementation of plans to migrate PSAPs to the State ESInet by July 1, 2021. No longer authorizes the use of funds to pay for nonrecurring costs of establishing a 911 system. New subsection (e1) details parameters for the migration of PSAPs to the State ESInet on a regional basis and provides for extension of the deadline for good cause. Details requirements of all communication service providers and State ESInet service providers regarding points of interconnection for routing and delivering 911 calls. Modifies and adds to the compliance provisions set forth in subsection (f) on which the monthly distribution is conditioned. Now requires each PSAP dispatching emergency medical services to develop policies and procedures for implementing an approved Emergency Medical Dispatch program, as specified, by July 1, 2019. Further requires each PSAP to deploy equipment, products, and services necessary or appropriate for receipt and processing of calls for emergency assistance sent by text messages consistent with the specified FCC Order(s). Mandates that every local government participate in a 911 system. Requires that the establishment and operation of Regional PSAPs be a coordinated effort among local governments and the Board. Clarifies that Article 15 does not prohibit or discourage the formation of Regional PSAPs. Additionally, establishes a forty-hour training course requirement for telecommunicators within their first year of employment for persons beginning employment after July 1, 2019, as specified, and establishes a requirement of completion of a medical dispatch course or emergency medical dispatch course for all telecommunicators by July 1, 2020, or within six months of the date of employment if employed after that date.
Amends GS 143B-1407 to require that eligible projects for use of funds from the Accounts be an eligible expense under GS 143B-1406(d) (as amended concerning authorized uses) rather than GS 143B-1406(e) (local funds). Additioanlly, authorizes the Board to provide funds from the Next Generation 911 Fund directly to primary PSAPs (previously did not limit the authority to primary PSAPs) to implement next generation 911 systems.
Makes technical changes to GS 143B-1408 concerning recovery of unauthorized use of funds, to require monies received under the Part rather than the statute to be credited to the 911 Fund.
Makes clarifying and conforming changes to GS 143B-1409 (Conditions for providing enhanced 911 service).
Expands GS 143B-1413 regarding immunity for service and system providers and their employees, directors, officers, vendors, and agents to acts and omissions concerning text-to-911 service. Makes conforming changes.
Summary date: Feb 27 2019 - View summary
Amends the duties of the Department of Information Technology (DIT) with respect to state information technology procurement in GS 143B-1350 as follows. Removes requiring convenience contracts to be rebid before termination without extensions and adds the establishment of procedures for state agencies and local government entities to use multiple award schedule contracts. Adds that the procurement of information technology may be conducted using multiple award schedule contracts; such contracts must be periodically updated to include addition or deletion of particular vendors, goods, services, or pricing.
Amends GS 143B-1362 by deleting the provision requiring DIT to develop standards for determining whether it is more appropriate for an agency to hire an employee or use a vendor, the provision requiring DIT to identify or create positions when a contractor is performing a function that is determined to be more appropriately performed by a state employee, the provision requiring compliance audits, the provision requiring DIT to report on progress towards standardizing information technology personal service contracts, and the provision requiring DIT to adopt rules consistent with the statute.
Amends GS 143-787 to require the State Chief Information Officer, instead of that Office, to ensure the specified access to the Government Data Analytics Center.
Amends GS 143B-1420 to locate the North Carolina Geographic Information Coordinating Council within DIT instead of the Office of the Governor.
Amends GS 143B-1353 prohibiting financial interest of officers in sources of information technology supply by adding that the provisions of GS 133-32 (regulation of gifts and favors) apply to the named classes of individuals.