AN ACT MAKING VARIOUS CHANGES TO THE LAWS RELATING TO STATE INFORMATION TECHNOLOGY GOVERNANCE. Enacted June 26, 2013. Effective June 26, 2013.
Summary date: Jul 1 2013 - View summary
Bill H 390 (2013-2014)Summary date: Jun 6 2013 - View summary
Senate committee substitute to the 1st edition makes the following changes. Amends GS 147-33.111 to require a state agency to notify the State Chief Information Officer in order to obtain approval before entering into any contract with another party for an assessment of information system security or (was, and) network vulnerability.
Bill H 390 (2013-2014)Summary date: Mar 20 2013 - View summary
Repeals GS 143-135.9(a)(3), defining information technology.
Amends GS 147-33.72C(e) to provide that the State Chief Information Officer (CIO) may require that contracts between a state agency and a private party for information technology projects, require a performance bond, monetary penalties, or other performance assurance measures (was, only penalties) for projects that are not completed or performed (was, completed) within the specified time frame or that involve costs exceeding contract specifications. Allows the State CIO to use cost savings realized on government-vendor partnerships as performance incentives for an information technology project vendor. Amends GS 147-33.91 to remove the provision that the State CIO may work cooperatively with the NC Agency for Public Telecommunications in furthering the purposes of the statute, while exercising general telecommunications coordinating authority. Amends GS 147-33.92 to provide that the State CIO must establish broadband (was, switched broadband) telecommunication services and permit specified organizations and entities to share on a not for profit basis. Removes other references in the statute to switched broadband. Amends GS 147-33.111 to require the State CIO to also conduct assessments of information system security. Makes conforming changes. Amends GS 147-33.112 to also require assessments of each agency's contracted vendors. Requires that assessments performed on all of the relevant entities include examining security practices, security industry standards and current expenditures of State funds for information technology security, in additional to existing requirements. Amends GS 150B-2 to amend the definition of Rule to also exclude standards adopted by the Office of Information Technology Services applied to information technology as defined in GS 147-33.81.