Bill Text: IA SF2349 | 2019-2020 | 88th General Assembly | Amended
Bill Title: A bill for an act relating to the office of the chief information officer, including procurement preferences and a report detailing state information technology assets. (Formerly SSB 3182.)
Spectrum: Committee Bill
Status: (Engrossed - Dead) 2020-06-11 - Message from House, with amendment S-5143. S.J. 778. [SF2349 Detail]
Download: Iowa-2019-SF2349-Amended.html
Senate
File
2349
-
Reprinted
SENATE
FILE
2349
BY
COMMITTEE
ON
COMMERCE
(SUCCESSOR
TO
SSB
3182)
(As
Amended
and
Passed
by
the
Senate
March
11,
2020
)
A
BILL
FOR
An
Act
relating
to
the
office
of
the
chief
information
officer,
1
including
procurement
preferences
and
a
report
detailing
2
state
information
technology
assets.
3
BE
IT
ENACTED
BY
THE
GENERAL
ASSEMBLY
OF
THE
STATE
OF
IOWA:
4
SF
2349
(2)
88
ja/rn
S.F.
2349
Section
1.
Section
8B.1,
Code
2020,
is
amended
by
adding
the
1
following
new
subsection:
2
NEW
SUBSECTION
.
2A.
“Cloud
computing”
means
the
same
as
3
defined
in
the
United
States
national
institute
of
standards
4
and
technology’s
special
publication
800-145.
5
Sec.
2.
Section
8B.9,
subsection
6,
Code
2020,
is
amended
6
to
read
as
follows:
7
6.
Beginning
October
1,
2019,
a
quarterly
report
regarding
8
the
status
of
technology
upgrades
or
enhancements
for
state
9
agencies,
submitted
to
the
general
assembly
and
to
the
10
chairpersons
and
ranking
members
of
the
senate
and
house
11
committees
on
appropriations.
The
quarterly
report
shall
12
also
include
a
listing
of
state
agencies
coordinating
or
13
working
with
the
office
,
and
a
listing
of
state
agencies
not
14
coordinating
or
working
with
the
office
,
and
the
information
15
required
by
section
8B.24,
subsection
5A,
paragraph
“b”
.
16
Sec.
3.
Section
8B.24,
Code
2020,
is
amended
by
adding
the
17
following
new
subsection:
18
NEW
SUBSECTION
.
5A.
a.
The
office
shall,
when
feasible,
19
procure
from
providers
that
meet
or
exceed
applicable
state
20
and
federal
laws,
regulations,
and
standards
for
information
21
technology,
third-party
cloud
computing
solutions
and
other
22
information
technology
and
related
services
that
are
not
hosted
23
on
premises
by
the
state.
24
b.
If
the
office
determines
it
is
not
feasible
to
procure
25
third-party
cloud
computing
solutions
or
other
information
26
technology
and
related
services
pursuant
to
paragraph
“a”
,
and
27
if
on-premises
technology
upgrades
or
new
applications
to
be
28
housed
on-premises
are
proposed,
the
office
shall
include
all
29
of
the
following
in
the
report
required
pursuant
to
section
30
8B.9,
subsection
6:
31
(1)
An
explanation
as
to
why
a
cloud
computing
deployment
32
was
not
feasible.
33
(2)
Whether
the
application
can
be
deployed
using
a
hybrid
34
or
containerized
approach
to
minimize
on-premise
costs.
35
-1-
SF
2349
(2)
88
ja/rn
1/
3
S.F.
2349
(3)
Compliance
frameworks
that
require
the
application
to
1
be
hosted
on-premises.
2
c.
The
office
shall
contract
with
multiple
third-party
3
commercial
cloud
computing
service
providers.
4
d.
The
control
and
ownership
of
state
data
stored
with
cloud
5
computing
service
providers
shall
remain
with
the
state.
The
6
office
shall
ensure
the
portability
of
state
data
stored
with
7
cloud
computing
service
providers.
8
Sec.
4.
Section
8B.24,
subsection
6,
Code
2020,
is
amended
9
to
read
as
follows:
10
6.
The
office
shall
adopt
rules
pursuant
to
chapter
17A
to
11
implement
the
procurement
methods
and
procedures
provided
for
12
in
subsections
2
through
5
5A
.
13
Sec.
5.
INVENTORY
OF
INFORMATION
TECHNOLOGY
ASSETS,
CURRENT
14
CLOUD
COMPUTING
ADOPTION,
AND
CLOUD
COMPUTING
MIGRATION
PLAN
15
——
REPORT.
By
November
1,
2020,
the
office
of
the
chief
16
information
officer,
in
collaboration
with
other
state
agencies
17
and
departments,
shall
provide
a
report
to
the
general
assembly
18
that
includes
all
of
the
following:
19
1.
An
inventory
of
all
state
information
technology
20
applications,
and
the
percentage
of
the
information
technology
21
applications
that
are
cloud-based
applications.
22
2.
Recommendations
regarding
state
information
technology
23
applications
that
should
migrate
to
cloud-based
applications.
24
Each
such
recommendation
shall
include
a
description
of
25
workloads
and
information
technology
applications
that
are
best
26
suited
to
migrate
to
cloud-based
applications
given
all
of
the
27
following
considerations:
28
a.
Whether
the
information
technology
application
has
29
underlying
storage,
networks,
or
infrastructure
that
supports
30
another
information
technology
application,
and
whether
the
31
information
technology
application
is
supported
by
another
32
information
technology
application.
33
b.
How
critical
the
information
technology
application
is
34
to
the
mission
of
the
state
agency
or
department.
35
-2-
SF
2349
(2)
88
ja/rn
2/
3
S.F.
2349
c.
The
difficulty
of
migrating
the
information
technology
1
application
to
a
cloud-based
application.
2
d.
The
total
cost
of
ownership
of
the
target
environment
in
3
which
the
information
technology
application
shall
operate
if
4
migrated
to
a
cloud-based
application.
5
-3-
SF
2349
(2)
88
ja/rn
3/
3
