Bill Text: MS HB1333 | 2025 | Regular Session | Introduced
Bill Title: Department of Information Technology Services; require all state agencies to use for computer equipment and services.
Spectrum: Partisan Bill (Republican 1-0)
Status: (Failed) 2025-02-04 - Died In Committee [HB1333 Detail]
Download: Mississippi-2025-HB1333-Introduced.html
MISSISSIPPI LEGISLATURE
2025 Regular Session
To: State Affairs
By: Representative Zuber
House Bill 1333
AN ACT TO AMEND SECTIONS 25-53-1, MISSISSIPPI CODE OF 1972, TO REQUIRE ALL STATE AGENCIES TO UTILIZE THE MISSISSIPPI DEPARTMENT OF INFORMATION TECHNOLOGY SERVICES FOR COMPUTER EQUIPMENT AND SERVICES, INCLUDING INFORMATION STORAGE AND RETRIEVAL; TO AMEND SECTION 25-53-3, MISSISSIPPI CODE OF 1972, TO CLARIFY THAT THE DEFINITION OF THE TERM "AGENCY" INCLUDES ALL STATE AGENCIES, INCLUDING INSTITUTIONS OF HIGHER LEARNING; TO AMEND SECTION 25-53-5, MISSISSIPPI CODE OF 1972, TO DELETE EXEMPTIONS FOR CERTAIN STATE AGENCIES AND INSTITUTIONS FROM THE DEPARTMENT'S REQUIREMENTS RELATING TO COMPUTER EQUIPMENT AND SERVICES; TO AMEND SECTIONS 25-53-21, 25-53-25 AND 25-53-29, MISSISSIPPI CODE OF 1972, IN CONFORMITY TO THE PRECEDING PROVISIONS; TO BRING FORWARD SECTION 25-53-201, MISSISSIPPI CODE OF 1972, WHICH ESTABLISHES THE ENTERPRISE SECURITY PROGRAM TO PROVIDE COORDINATION OF CYBERSECURITY EFFORTS ACROSS STATE AGENCIES, FOR PURPOSES OF POSSIBLE AMENDMENT; TO AMEND SECTION 45-27-7, MISSISSIPPI CODE OF 1972, TO REQUIRE THE MISSISSIPPI JUSTICE INFORMATION CENTER TO ACQUIRE COMPUTER EQUIPMENT AND SERVICES THROUGH THE DEPARTMENT OF INFORMATION TECHNOLOGY SERVICES; TO AMEND SECTION 45-9-181, MISSISSIPPI CODE OF 1972, TO DELETE THE AUTHORITY OF THE OFFICE OF HOMELAND SECURITY, DEPARTMENT OF PUBLIC SAFETY, TO CONTRACT WITH A THIRD-PARTY VENDOR FOR COMPUTER EQUIPMENT AND SERVICES; AND FOR RELATED PURPOSES.
BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF MISSISSIPPI:
SECTION 1. Section 25-53-1, Mississippi Code of 1972, is amended as follows:
25-53-1. The Legislature
recognizes that in order for the State of Mississippi to receive the maximum
use and benefit from information technology and services now in operation or
which will in the future be placed in operation, there should be full
cooperation and cohesive planning and effort by and between the several state
agencies and that it is the responsibility of the Legislature to provide
statutory authority therefor. The Legislature, therefore, declares and
determines that for these and other related purposes, there is * * * established an agency of state
government to be known as the Mississippi Department of Information Technology
Services (MDITS). The Legislature further declares that the Mississippi
Department of Information Technology Services (MDITS) shall provide statewide
services that facilitate cost-effective information processing, data storage
and retrieval, and telecommunication solutions. All state agencies
shall work in full cooperation with the board of MDITS * * *.
SECTION 2. Section 25-53-3, Mississippi Code of 1972, is amended as follows:
25-53-3. (1) Whenever the term "Central Data Processing Authority" or the term "authority," when referring to the Central Data Processing Authority, is used in any law, rule, regulation, document or elsewhere, it shall be construed to mean the Mississippi Department of Information Technology Services.
(2) For the purposes of this chapter the following terms shall have the meanings ascribed in this section unless the context otherwise requires:
(a) "Central Data Processing Authority" and "CDPA" mean "Mississippi Department of Information Technology Services (MDITS)" and the term "authority" means "board of the MDITS."
(b) "Bureau of Systems Policy and Planning," "Bureau of Telecommunications," "Bureau of Central Data Processing" and "bureau" mean "Mississippi Department of Information Technology Services."
(c) "Computer equipment or services" means any information technology, computer or computer related telecommunications equipment, electronic word processing and office systems, or services utilized in connection therewith, including, but not limited to, all phases of computer software and consulting services, and insurance on all state-owned computer equipment.
(d) "Acquisition" of computer or telecommunications equipment or services means the purchase, lease, rental, or acquisition in any other manner of any such computer or telecommunications equipment or services.
(e) "Agency"
means and includes all the various state agencies, authorities, bureaus,
officers, departments, boards, commissions, councils, offices * * *, state institutions of higher
learning, and any other policy-making entities of the state.
(f) "Governing authority" means boards of supervisors, governing boards of all school districts, all boards of directors of public water supply districts, boards of directors of master public water supply districts, municipal public utility commissions, governing authorities of all municipalities, port authorities, commissioners and boards of trustees of any public hospitals and any political subdivision of the state supported, wholly or in part, by public funds of the state or political subdivisions thereof.
(g) "Bid" means any of the valid source selection techniques and competitive procurement methods appropriate to information technology procurement in the public sector, including, but not limited to, competitive sealed bidding, competitive sealed proposals, simplified small purchase procedures, sole source procurements, and emergency procurements.
(h) "Telecommunications transmission facility" means any transmission medium, switch, instrument, inside wiring system or other facility which is used, in whole or in part, to provide any transmission.
(i) "Equipment support contract" means a contract which covers a single, specific class or classes of telecommunications equipment or service and all features associated with that class, through which state agencies may purchase or lease the item of equipment or service specified by issuing a purchase order under the terms of the contract without the necessity of further competitive bidding.
(j) "Inside wiring system" means any wiring which:
(i) Directly or indirectly, interconnects any terminal equipment with any other terminal equipment or with any regulated facility or common carrier services; and
(ii) Is located at the premises of the customer and is not inside any terminal equipment.
(k) "Procurement" means the selling, buying, purchasing, renting, leasing or otherwise obtaining telecommunications equipment, system or related services, as well as activities engaged in, resulting in or expected to result in selling, buying, purchasing, renting, leasing or otherwise obtaining telecommunications equipment.
(l) "Telecommunications equipment, systems, related services" are limited to the equipment and means to provide:
(i) Telecommunications transmission facilities.
(ii) Telephone systems, including voice processing systems.
(iii) Facsimile systems.
(iv) Radio paging services.
(v) Mobile telephone services, including cellular mobile telephone service.
(vi) Intercom and paging systems.
(vii) Video teleconferencing systems.
(viii) Personal communications networks and services.
(ix) Any and all systems based on emerging and future telecommunications technologies relative to (i) through (viii) above.
(m) "Telecommunications system lease contract" means a contract between a supplier of telecommunications systems, including equipment and related services, and the Mississippi Department of Information Technology Services through which telecommunications systems, including equipment and related services, may be leased for a term which shall not exceed sixty (60) months for a system lease valued less than One Million Dollars ($1,000,000.00) and shall not exceed one hundred twenty (120) months for a system lease valued One Million Dollars ($1,000,000.00) or more.
(n) "Tariffed or regulated service" means telecommunications service offered by common carriers and subject to control by the Mississippi Public Service Commission or the Federal Communications Commission.
(o) "State Data Center" means one or more facilities operated by the Mississippi Department of Information Technology Services to provide information technology resources requiring enterprise computing resources or any other centrally managed information resources.
SECTION 3. Section 25-53-5, Mississippi Code of 1972, is amended as follows:
25-53-5. The authority shall have the following powers, duties, and responsibilities:
(a) (i) The authority
shall provide for the development of plans for the efficient acquisition and
utilization of computer equipment and services by all agencies of state
government, and provide for their implementation. In so doing, the authority may
use the MDITS' staff, at the discretion of the executive director of the
authority, or the authority may contract for the services of qualified
consulting firms in the field of information technology and utilize the service
of such consultants as may be necessary for such purposes. * * *
(ii) [Repealed]
(b) The authority shall immediately institute procedures for carrying out the purposes of this chapter and supervise the efficient execution of the powers and duties of the office of executive director of the authority. In the execution of its functions under this chapter, the authority shall maintain as a paramount consideration the successful internal organization and operation of the several agencies so that efficiency existing therein shall not be adversely affected or impaired. In executing its functions in relation to the state institutions of higher learning and community and junior colleges in the state, the authority shall take into consideration the special needs of such institutions in relation to the fields of teaching and scientific research.
(c) Title of whatever
nature of all computer equipment now vested in any agency of the State of Mississippi
is * * *
vested in the authority, and no such equipment shall be disposed of in any
manner except in accordance with the direction of the authority or under the
provisions of such rules and regulations as may hereafter be adopted by the
authority in relation thereto.
(d) The authority
shall * * * procure
all computer * * * equipment, storage capabilities, including
cloud-based storage, and services which shall, to the fullest extent
practicable, ensure the maximum of competition between all manufacturers of
supplies or equipment or services. The authority shall adopt rules,
regulations, and procedures governing the process by which agencies utilize the
services of the MDITS in acquiring such equipment and services. In the
writing of specifications, in the making of contracts relating to the
acquisition of such equipment and services, and in the performance of its other
duties, the authority shall provide for the maximum compatibility of all
information systems hereafter installed or utilized by all state agencies and
may require the use of common computer languages where necessary to accomplish
the purposes of this chapter. The authority may establish by regulation and
charge reasonable fees on a nondiscriminatory basis for the furnishing to
bidders of copies of bid specifications and other documents issued by the
authority.
(e) The authority shall adopt rules and regulations governing the sharing with, or the sale or lease of information technology services to, any nonstate agency or person. Such regulations shall provide that any such sharing, sale or lease shall be restricted in that same shall be accomplished only where such services are not readily available otherwise within the state, and then only at a charge to the user not less than the prevailing rate of charge for similar services by private enterprise within this state.
(f) The authority may, in its discretion, establish a special technical advisory committee or committees to study and make recommendations on technology matters within the competence of the authority as the authority may see fit. Persons serving on the Information Resource Council, its task forces, or any such technical advisory committees shall be entitled to receive their actual and necessary expenses actually incurred in the performance of such duties, together with mileage as provided by law for state employees, provided the same has been authorized by a resolution duly adopted by the authority and entered on its minutes prior to the performance of such duties.
(g) The authority may provide for the development and require the adoption of standardized computer programs and may provide for the dissemination of information to and the establishment of training programs for the personnel of the various information technology centers of state agencies and personnel of the agencies utilizing the services thereof.
(h) The authority
shall adopt reasonable rules and regulations requiring the reporting to the
authority through the office of executive director of such information as may
be required for carrying out the purposes of this chapter and may also
establish such reasonable procedures to be followed in the presentation of
bills for payment under the terms of all existing contracts for the
acquisition of computer equipment and services * * * in force on July 1, 2025,
as may be required by the authority or by the executive director in the
execution of their powers and duties.
(i) The authority shall require such adequate documentation of information technology procedures utilized by the various state agencies and may require the establishment of such organizational structures within state agencies relating to information technology operations as may be necessary to effectuate the purposes of this chapter.
(j) The authority may
adopt such further reasonable rules and regulations as may be necessary to
fully implement the purposes of this chapter. All rules and regulations
adopted by the authority shall be published and disseminated in readily
accessible form to all * * *
state agencies, and to all current suppliers of computer equipment and services
to the state, and to all prospective suppliers requesting the same. Such rules
and regulations shall be kept current, be periodically revised, and copies
thereof shall be available at all times for inspection by the public at
reasonable hours in the offices of the authority. Whenever possible no rule,
regulation or any proposed amendment to such rules and regulations shall be
finally adopted or enforced until copies of the proposed rules and regulations
have been furnished to all interested parties for their comment and suggestions.
(k) The authority shall establish rules and regulations which shall provide for the submission of all contracts proposed to be executed by the executive director for computer equipment and/or telecommunications or services, including cloud computing, to the authority for approval before final execution, and the authority may provide that such contracts involving the expenditure of less than such specified amount as may be established by the authority may be finally executed by the executive director without first obtaining such approval by the authority.
(l) The authority is
authorized to consider new technologies, such as cloud computing, to purchase,
lease, or rent computer equipment or services and to operate that equipment and
use those services in providing services to * * * the state agencies when in
its opinion such operation will provide maximum efficiency and economy in the
functions of * * * state agencies.
(m) Upon the request of the governing body of a political subdivision or instrumentality, the authority shall assist the political subdivision or instrumentality in its development of plans for the efficient acquisition and utilization of computer equipment and services. An appropriate fee shall be charged the political subdivision by the authority for such assistance.
(n) The authority shall adopt rules and regulations governing the protest procedures to be followed by any actual or prospective bidder, offerer or contractor who is aggrieved in connection with the solicitation or award of a contract for the acquisition of computer equipment or services. Such rules and regulations shall prescribe the manner, time and procedure for making protests and may provide that a protest not timely filed shall be summarily denied. The authority may require the protesting party, at the time of filing the protest, to post a bond, payable to the state, in an amount that the authority determines sufficient to cover any expense or loss incurred by the state, the authority or any state agency as a result of the protest if the protest subsequently is determined by a court of competent jurisdiction to have been filed without any substantial basis or reasonable expectation to believe that the protest was meritorious; however, in no event may the amount of the bond required exceed a reasonable estimate of the total project cost. The authority, in its discretion, also may prohibit any prospective bidder, offerer or contractor who is a party to any litigation involving any such contract with the state, the authority or any agency of the state to participate in any other such bid, offer or contract, or to be awarded any such contract, during the pendency of the litigation.
(o) The authority shall make a report in writing to the Legislature each year in the month of January. Such report shall contain a full and detailed account of the work of the authority for the preceding year as specified in Section 25-53-29(3).
All acquisitions of computer
equipment and services involving the expenditure of funds in excess of the
dollar amount established in Section 31-7-13(c), or rentals or leases in excess
of the dollar amount established in Section 31-7-13(c) for the term of the
contract, shall be based upon competitive and open specifications, and contracts
therefor shall be entered into only after advertisements for bids are published
in one or more daily newspapers having a general circulation in the state not
less than fourteen (14) days prior to receiving sealed bids therefor. The authority
may reserve the right to reject any or all bids, and if all bids are rejected,
the authority may negotiate a contract within the limitations of the
specifications so long as the terms of any such negotiated contract are equal
to or better than the comparable terms submitted by the lowest and best bidder,
and so long as the total cost to the State of Mississippi does not exceed the
lowest bid. If the authority accepts one (1) of such bids, it shall be that
which is the lowest and best. * * *
(p) When applicable, the authority may procure equipment, systems and related services in accordance with the law or regulations, or both, which govern the Bureau of Purchasing of the Office of General Services or which govern the Mississippi Department of Information Technology Services procurement of telecommunications equipment, software and services.
(q) The authority is authorized to purchase, lease, or rent information technology and services for the purpose of establishing pilot projects to investigate emerging technologies. These acquisitions shall be limited to new technologies and shall be limited to an amount set by annual appropriation of the Legislature. These acquisitions shall be exempt from the advertising and bidding requirement.
(r) To promote the maximum use and benefit from technology and services now in operation or which will in the future be placed in operation and to identify opportunities, minimize duplication, reduce costs and improve the efficiency of providing common technology services the authority is authorized to:
(i) Enter into
master agreements for computer or telecommunications equipment or services,
including cloud computing, available for shared use by state agencies, * * * institutions of higher
learning and governing authorities; and
(ii) Enter into contracts for the acquisition of computer or telecommunications equipment or services, including cloud computing, that have been acquired by other entities, located within or outside of the State of Mississippi, so long as it is determined by the authority to be in the best interest of the state. The acquisitions provided in this paragraph (r) shall be exempt from the advertising and bidding requirements of Section 25-53-1 et seq.
(s) All fees collected by the Mississippi Department of Information Technology Services shall be deposited into the Mississippi Department of Information Technology Services Revolving Fund unless otherwise specified by the Legislature.
(t) The authority shall work closely with the council to bring about effective coordination of policies, standards and procedures relating to procurement of remote sensing and geographic information systems (GIS) resources. In addition, the authority is responsible for development, operation and maintenance of a delivery system infrastructure for geographic information systems data. The authority shall provide a warehouse for Mississippi's geographic information systems data.
(u) The authority shall manage one or more State Data Centers to provide information technology services on a cost-sharing basis. In determining the appropriate services to be provided through the State Data Center, the authority should consider those services that:
(i) Result in savings to the state as a whole;
(ii) Improve and enhance the security and reliability of the state's information and business systems; and
(iii) Optimize the
efficient use of the state's information technology assets, including, but not
limited to, promoting partnerships * * * between the state institutions of
higher learning and community and junior colleges to capitalize on
advanced information technology resources.
(v) The authority shall increase federal participation in the cost of the State Data Center to the extent provided by law and its shared technology infrastructure through providing such shared services to agencies that receive federal funds. With regard to state institutions of higher learning and community and junior colleges, the authority may provide shared services when mutually agreeable, following a determination by both the authority and the Board of Trustees of State Institutions of Higher Learning or the Mississippi Community College Board, as the case may be, that the sharing of services is mutually beneficial.
(w) The authority * * * shall require
new or replacement agency business applications to be hosted at the State Data
Center. * * *
(x) The authority shall adopt rules and regulations prohibiting the storage of data on hard disc drives by a state agency and requiring each agency to utilize the MDITS data storage capabilities.
( * * *y) The authority shall provide a
periodic update regarding reform-based information technology initiatives to
the Chairmen of the House and Senate Accountability, Efficiency and
Transparency Committees.
From and after July 1, 2018,
the expenses of this agency shall be defrayed by appropriation from the State
General Fund. In addition, in order to receive the maximum use and benefit
from information technology and services, expenses for the provision of
statewide shared services that facilitate cost-effective information processing
and telecommunication solutions shall be defrayed by pass-through funding and
shall be deposited into the Mississippi Department of Information Technology
Services Revolving Fund unless otherwise specified by the Legislature. These
funds shall only be utilized to pay the actual costs incurred by the
Mississippi Department of Information Technology Services for providing these
shared services to state agencies. Furthermore, state agencies shall work in full
cooperation with the Board of the Mississippi Department of Information
Technology Services to enable the board to identify computer equipment
or services * * *
that minimize duplication, reduce costs, and improve the efficiency of
providing common technology services across agency boundaries.
SECTION 4. Section 25-53-21, Mississippi Code of 1972, is amended as follows:
25-53-21. The executive director shall have the following duties, responsibilities and authority:
(a) He shall conduct continuing studies of all information technology activities carried out by all agencies of the state and shall develop a long-range plan for the efficient and economical performance of such activities in state government. Such plan shall be submitted to the authority for its approval and, having been approved by the authority, shall be implemented by the executive director and all state agencies. Such plan shall be continuously reviewed and modifications thereof shall be proposed to the authority by the executive director as developments in information technology techniques and changes in the structure, activities, and functions of state government may require.
(b) He shall review * * * the purchasing of supplies for information technology and make
recommendations to the authority and to the Public Procurement Review Board for
the institution of purchasing procedures which will ensure the most economical
procurement of such supplies commensurate with the efficient operation of all * * * agencies of state government.
(c) He shall see that all reports required of all agencies are promptly and accurately made in accordance with the rules and regulations adopted by the authority. Either in person or through his authorized agents, he shall make such inspections of information technology operations being conducted by any of the agencies of the state as may be necessary for the performance of his duties.
(d) He shall * * * cause to be brought about
cooperation between the several state agencies in order to provide efficiency
in information technology operation. He shall, together with the heads of the
agencies involved, * * * develop and implement cooperative
plans for the * * * operation of information technology equipment, and any such plan
so adopted shall be carried out in accordance with the provisions of such plan
unless the same shall be amended by * * * the executive director * * *. The
executive director shall report to the authority the details of any plan so * * *
implemented and shall otherwise report to the authority * * * any
failure on the part of any agency to carry out the provisions of such plan. * * *
(e) He shall review
all contracts for acquisition of computer and/or telecommunications equipment
or services * * * in force on July 1, 2025, and may require the
renegotiation, termination, amendment or re-execution of any such
contracts in proper form and in accordance with the policies and rules and
regulations and subject to the direction of the authority. In the negotiation
and execution of such contracts, the executive director may negotiate a
limitation on the liability to the state of prospective contractors provided
such limitation affords the state reasonable protection * * *.
(f) He shall act as
the purchasing and contracting agent for the State of Mississippi in the
negotiation and execution of all contracts for the acquisition of computer
equipment or services. He shall receive, review, and promptly approve or
disapprove all requests of agencies of the state for * * * computer equipment or
services, which are submitted in accordance with rules and regulations of the
authority. In the event that any such request is disapproved, he shall
immediately notify the requesting agency and the members of the authority in
writing of such disapproval, stating his reasons therefor. The disapproval of
any request by the executive director of the authority may be appealed to the
authority * * * in such manner as may
be authorized by such reasonable rules and regulations hereby authorized to be
adopted by the authority * * * and by the Public Procurement Review Board to govern the
same. The executive director shall report the approval of all such requests to
the authority in such manner as may be directed by the authority, and shall
execute any such contracts only after complying with rules and regulations
which may be adopted by the authority in relation thereto. Any contracts for
personal or professional services entered into by the executive director shall
be exempted from the requirements of Section 25-9-120(3) relating to submission
of such contract to the State Personal Service Contract Review Board.
(g) He shall suggest and cause to be brought about cooperation between the several state agencies, departments and institutions in order that work may be done by one agency for another agency, and equipment in one agency may be made available to another agency, and suggest and cause to be brought about such improvements as may be necessary in joint or cooperative information technology operations.
(h) He shall be designated as the "Chief Information Confidentiality Officer" after being duly sworn to the oath of this office by the chairman of the authority and shall be responsible for administering the oath to other qualified officers he may designate.
(i) He shall appoint employees of the Mississippi Department of Information Technology Services, or at his discretion, employees of other state agencies and institutions that are responsible for handling or processing data for any agency or institution other than that for which they are employed, to a position of information custodial care that shall be known as "Information Confidentiality Officer." The selection and swearing of all officers shall be reported to the authority at the next regular meeting and names, affirmation dates and employment dates shall be recorded in the permanent minutes of the authority.
SECTION 5. Section 25-53-25, Mississippi Code of 1972, is amended as follows:
25-53-25. * * * Nothing in this chapter shall be construed
to imply exemption from the public purchases law, being Section 31-7-1 et seq.
* * *
SECTION 6. Section 25-53-29, Mississippi Code of 1972, is amended as follows:
25-53-29. (1) For the purposes of this section the term "bureau" shall mean the "Mississippi Department of Information Technology Services." The authority shall have the following powers and responsibilities to carry out the establishment of policy and provide for long-range planning and consulting:
(a) Provide a high level of technical expertise for agencies, institutions, political subdivisions and other governmental entities as follows: planning; consulting; project management; systems and performance review; system definition; design; application programming; training; development and documentation; implementation; maintenance; and other tasks as may be required, within the resources available to the bureau.
(b) Publish written
planning guides, policies and procedures for use by agencies and institutions
in planning future electronic information service systems. The bureau * * * shall require agencies and
institutions to submit data, including periodic electronic equipment inventory
listings, information on agency staffing, * * * planned applications for
the future, and other information needed for the purposes of preparing the
state master plan. * * *
(c) Inspect agency facilities and equipment, interview agency employees and review records at any time deemed necessary by the bureau for the purpose of identifying cost-effective applications of electronic information technology. Upon conclusion of any inspection, the bureau shall issue a management letter containing cost estimates and recommendations to the agency head and governing board concerning applications identified that would result in staff reductions, other monetary savings and improved delivery of public services.
(d) Conduct classroom and on-site training for end users for applications and systems developed by the bureau.
(e) Provide consulting
services to * * * Mississippi governmental subdivisions requesting
technical assistance in electronic information services technology applications
and systems. The bureau may submit proposals and enter into contracts to
provide services to * * * governmental subdivisions for such purposes.
(2) The bureau shall annually issue a three-year master plan in writing to the Governor, available on request to any member of the Legislature, including recommended statewide strategies and goals for the effective and efficient use of information technology and services in state government. The report shall also include recommended information policy actions and other recommendations for consideration by the Governor and members of the Legislature.
(3) The bureau shall make
an annual report in writing to the Governor, available on request to any member
of the Legislature, to include a full and detailed account of the work of the
authority for the preceding year. The report shall contain recommendations to
agencies and institutions resulting from inspections * * *. The report shall
also contain a summary of the master plan, progress made, and legislative and
policy recommendations for consideration by the Governor and members of the
Legislature.
(4) The bureau may charge
fees to agencies and institutions for services rendered to them. The bureau
may charge fees to vendors to recover the cost of providing procurement
services and the delivery of procurement awards to * * * Mississippi governmental
subdivisions. The amounts of such fees shall be set by the authority upon
recommendation of the Executive Director of the MDITS, and all such fees
collected shall be paid into the fund established for carrying out the purposes
of this section.
(5) It is the intention of the Legislature that the employees of the bureau performing services defined by this section be staffed by highly qualified persons possessing technical, consulting and programming expertise. Such employees shall be considered nonstate service employees as defined in Section 25-9-107(c)(x) and may be compensated at a rate comparable to the prevailing rate of individuals in qualified professional consulting firms in the private sector. Such compensation rates shall be determined by the State Personnel Director. The number of such positions shall be set by annual appropriation of the Legislature. Qualifications and compensation of the bureau employees shall be set by the State Personnel Board upon recommendation of the Executive Director of the MDITS. The total number of positions and classification of positions may be increased or decreased during a fiscal year depending upon work load and availability of funds.
(6) The bureau may, from time to time, at the discretion of the Executive Director of the MDITS, contract with firms or qualified individuals to be used to augment the bureau's professional staff in order to assure timely completion and implementation of assigned tasks, provided that funds are available in the fund established for carrying out the purposes of this section. Such individuals may be employees of any agency, bureau or institution provided that these individuals or firms meet the requirements of other individuals or firms doing business with the state through the Mississippi Department of Information Technology Services. Individuals who are employees of an agency or institution may contract with the Mississippi Department of Information Technology Services only with the concurrence of the agency or institution for whom they are employed.
From and after July 1, 2018,
the expenses of this agency shall be defrayed by appropriation from the State
General Fund. In addition, in order to receive the maximum use and benefit
from information technology and services, expenses for the provision of
statewide shared services that facilitate cost-effective information processing
and telecommunication solutions shall be defrayed by pass-through funding and
shall be deposited into the Mississippi Department of Information Technology
Services Revolving Fund unless otherwise specified by the Legislature. These
funds shall only be utilized to pay the actual costs incurred by the
Mississippi Department of Information Technology Services for providing these
shared services to state agencies. Furthermore, state agencies shall work in
full cooperation with the Board of the Mississippi Department of Information
Technology Services (MDITS) to enable the board to identify computer
equipment or services * * *
that minimize duplication, reduce costs, and improve the efficiency of
providing common technology services across agency boundaries.
SECTION 7. Section 25-53-201, Mississippi Code of 1972, is brought forward as follows:
25-53-201. (1) There is hereby established the Enterprise Security Program which shall provide for the coordinated oversight of the cybersecurity efforts across all state agencies, including cybersecurity systems, services and the development of policies, standards and guidelines.
(2) The Mississippi Department of Information Technology Services (MDITS), in conjunction with all state agencies, shall provide centralized management and coordination of state policies for the security of data and information technology resources, which such information shall be compiled by MDITS and distributed to each participating state agency. MDITS shall:
(a) Serve as sole authority, within the constraints of this statute, for defining the specific enterprise cybersecurity systems and services to which this statute is applicable;
(b) Acquire and operate enterprise technology solutions to provide services to state agencies when it is determined that such operation will improve the cybersecurity posture in the function of any agency, institution or function of state government as a whole;
(c) Provide oversight of enterprise security policies for state data and information technology (IT) resources including, the following:
(i) Establishing and maintaining the security standards and policies for all state data and IT resources state agencies shall implement to the extent that they apply; and
(ii) Including the defined enterprise security requirements as minimum requirements in the specifications for solicitation of state contracts for procuring data and information technology systems and services;
(d) Adhere to all policies, standards and guidelines in the management of technology infrastructure supporting the state data centers, telecommunications networks and backup facilities;
(e) Coordinate and promote efficiency and security with all applicable laws and regulations in the acquisition, operation and maintenance of state data, cybersecurity systems and services used by agencies of the state;
(f) Manage, plan and coordinate all enterprise cybersecurity systems under the jurisdiction of the state;
(g) Develop, in conjunction with agencies of the state, coordinated enterprise cybersecurity systems and services for all state agencies;
(h) Provide ongoing analysis of enterprise cybersecurity systems and services costs, facilities and systems within state government;
(i) Develop policies, procedures and long-range plans for the use of enterprise cybersecurity systems and services;
(j) Form an advisory council of information security officers from each state agency to plan, develop and implement cybersecurity initiatives;
(k) Coordinate the activities of the advisory council to provide education and awareness, identify cybersecurity-related issues, set future direction for cybersecurity plans and policy, and provide a forum for interagency communications regarding cybersecurity;
(l) Charge respective user agencies on a reimbursement basis for their proportionate cost of the installation, maintenance and operation of the cybersecurity systems and services; and
(m) Require cooperative utilization of cybersecurity systems and services by aggregating users.
(3) Each state agency's executive director or agency head shall:
(a) Be solely responsible for the security of all data and IT resources under its purview, irrespective of the location of the data or resources. Locations include data residing:
(i) At agency sites;
(ii) On agency real property and tangible and intangible assets;
(iii) On infrastructure in the State Data Centers;
(iv) At a third-party location;
(v) In transit between locations;
(b) Ensure that an agency-wide security program is in place;
(c) Designate an information security officer to administer the agency's security program;
(d) Ensure the agency adheres to the requirements established by the Enterprise Security Program, to the extent that they apply;
(e) Participate in all Enterprise Security Program initiatives and services in lieu of deploying duplicate services specific to the agency;
(f) Develop, implement and maintain written agency policies and procedures to ensure the security of data and IT resources. The agency policies and procedures are confidential information and exempt from public inspection, except that the information must be available to the Office of the State Auditor in performing auditing duties;
(g) Implement policies and standards to ensure that all of the agency's data and IT resources are maintained in compliance with state and federal laws and regulations, to the extent that they apply;
(h) Implement appropriate cost-effective safeguards to reduce, eliminate or recover from identified threats to data and IT resources;
(i) Ensure that internal assessments of the security program are conducted. The results of the internal assessments are confidential and exempt from public inspection, except that the information must be available to the Office of the State Auditor in performing auditing duties;
(j) Include all appropriate cybersecurity requirements in the specifications for the agency's solicitation of state contracts for procuring data and information technology systems and services;
(k) Include a general description of the security program and future plans for ensuring security of data in the agency long-range information technology plan;
(l) Participate in annual information security training designed specifically for the executive director or agency head to ensure that such individual has an understanding of:
(i) The information and information systems that support the operations and assets of the agency;
(ii) The potential impact of common types of cyber-attacks and data breaches on the agency's operations and assets;
(iii) How cyber-attacks and data breaches on the agency's operations and assets could impact the operations and assets of other state agencies on the Enterprise State Network;
(iv) How cyber-attacks and data breaches occur;
(v) Steps to be undertaken by the executive director or agency head and agency employees to protect their information and information systems; and
(vi) The annual reporting requirements required of the executive director or agency head.
(4) The Mississippi Department of Information Technology Services shall evaluate the Enterprise Security Program. Such evaluation shall include the following factors:
(a) Whether the Enterprise Security Program incorporates nationwide best practices;
(b) Whether opportunities exist to centralize and coordinate oversight of cybersecurity efforts across all state agencies;
(c) A review of the minimum enterprise security requirements that must be incorporated in solicitations for state contracts for procuring data and information technology systems and services; and
(d) Whether opportunities exist to expand the Enterprise Security Program, including providing oversight of cybersecurity efforts of those governing authorities as defined in Section 25-53-3(f).
In performing such evaluation, the Mississippi Department of Information Technology Services may retain experts. This evaluation shall be completed by November 1, 2023. All records in connection with this evaluation shall be exempt from the Mississippi Public Records Act of 1983, pursuant to Section 25-61-11.2(f) and (k).
(5) For the purpose of this subsection, the following words shall have the meanings ascribed herein, unless the context clearly indicates otherwise:
(a) "Cyberattack" shall mean any attempt to gain illegal access, including any data breach, to a computer, computer system or computer network for purposes of causing damage, disruption or harm.
(b) "Ransomware" shall mean a computer contaminant or lock placed or introduced without authorization into a computer, computer system or computer network that restricts access by an authorized person to the computer, computer system, computer network or any data therein under circumstances in which the person responsible for the placement or introduction of the ransomware demands payment of money or other consideration to remove the computer contaminant, restore access to the computer, computer system, computer network or data, or otherwise remediate the impact of the computer contaminant or lock.
(c) From and after July 1, 2023, all state agencies shall notify the Mississippi Department of Information Technology Services of any cyberattack or demand for payment as a result of ransomware no later than the close of the next business day following the discovery of such cyberattack or demand. The Mississippi Department of Information Technology Services shall develop a reporting format to be utilized by state agencies to provide such notification. The Mississippi Department of Information Technology Services shall periodically analyze all such reports and attempt to identify any patterns or weaknesses in the state's cybersecurity efforts. Such reports shall be exempt from the Mississippi Public Records Act of 1983, pursuant to Section 25-61-11.2(j).
SECTION 8. Section 45-27-7, Mississippi Code of 1972, is amended as follows:
45-27-7. (1) The Mississippi Justice Information Center shall:
(a) Develop, operate and maintain an information system which will support the collection, storage, retrieval and dissemination of all data described in this chapter, consistent with those principles of scope, security and responsiveness prescribed by this chapter.
(b) Cooperate with all criminal justice agencies within the state in providing those forms, procedures, standards and related training assistance necessary for the uniform operation of the statewide center.
(c) Offer assistance and, when practicable, instruction to all local law enforcement agencies in establishing efficient local records systems.
(d) Make available, upon request, to all local and state criminal justice agencies, to all federal criminal justice agencies and to criminal justice agencies in other states any information in the files of the center which will aid such agencies in the performance of their official duties. For this purpose the center shall operate on a twenty-four-hour basis, seven (7) days a week. Such information, when authorized by the director of the center, may also be made available to any other agency of this state or any political subdivision thereof and to any federal agency, upon assurance by the agency concerned that the information is to be used for official purposes only in the prevention or detection of crime or the apprehension of criminal offenders.
(e) Cooperate with other agencies of this state, the crime information agencies of other states, and the national crime information center systems of the Federal Bureau of Investigation in developing and conducting an interstate, national and international system of criminal identification and records.
(f) Make available, upon request, to nongovernmental entities or employers certain information for noncriminal justice purposes as specified in Section 45-27-12.
(g) Institute necessary measures in the design, implementation and continued operation of the justice information system to ensure the privacy and security of the system. Such measures shall include establishing complete control over use of and access to the system and restricting its integral resources and facilities and those either possessed or procured and controlled by criminal justice agencies. Such security measures must meet standards developed by the center as well as those set by the nationally operated systems for interstate sharing of information.
(h) Provide data
processing for files listing motor vehicle drivers' license numbers, motor
vehicle registration numbers, wanted and stolen motor vehicles, outstanding
warrants, identifiable stolen property and such other files as may be of
general assistance to law enforcement agencies; provided, however, that the
purchase, lease, rental or acquisition in any manner of "computer
equipment or services," as defined in Section 25-53-3, * * * shall be * * * through the
Mississippi Department of Information Technology Services.
(i) Maintain a field coordination and support unit which shall have all the power conferred by law upon any peace officer of this state.
(2) The department, including the investigative division or the center, may:
(a) Obtain and store fingerprints, descriptions, photographs and any other pertinent identifying data from crime scenes and on persons who:
(i) Have been or are hereafter arrested or taken into custody in this state:
1. For an offense which is a felony;
2. For an offense which is a misdemeanor;
3. As a fugitive from justice; or
(ii) Are or become habitual offenders; or
(iii) Are currently or become confined to any prison, penitentiary or other penal institution; or
(iv) Are unidentified human corpses found in the state; or
(v) Have submitted fingerprints for conducting criminal history record checks.
(b) Compare all fingerprint and other identifying data received with that already on file and determine whether or not a criminal record is found for such person, and at once inform the requesting agency or arresting officer of those facts that may be disseminated consistent with applicable security and privacy laws and regulations. A record shall be maintained for a minimum of one (1) year of the dissemination of each individual criminal history, including at least the date and recipient of such information.
(c) Establish procedures to respond to those individuals who file requests to review their own records, pursuant to Sections 45-27-11 and 45-27-12, and to cooperate in the correction of the central center records and those of contributing agencies when their accuracy has been successfully challenged either through the related contributing agencies or by court order issued on behalf of an individual.
(d) Retain in the system the fingerprints of all law enforcement officers and part-time law enforcement officers, as those terms are defined in Section 45-6-3, any fingerprints sent by the Mississippi State Department of Health, and of all applicants to law enforcement agencies.
(3) There shall be a presumption that a copy of any document submitted to the center in accordance with the provisions of Section 45-27-9 that has been processed as set forth in this chapter and subsequently certified and provided by the center to a law enforcement agency or a court shall be admissible in any proceeding without further authentication unless a person objecting to that admissibility has successfully challenged the document under the provisions of Section 45-27-11.
SECTION 9. Section 45-9-181, Mississippi Code of 1972, is amended as follows:
45-9-181. (1) This section shall be known and may be cited as the "Mississippi School Safety Guardian Act."
(2) For purposes of this section:
(a) "Department" means the Department of Public Safety.
(b) "Governing body" means with respect to any public school district or public charter school, the local school board or charter school board, as applicable; with respect to any private school, the board or other governing body of the private school as provided in the charter, bylaws, or other governing documents of the school.
(c) "Program" means a school safety guardian program established by the governing body of a school in accordance with this section.
(d) "School" means any public or private educational institution within the State of Mississippi and includes any elementary or secondary school.
(e) "Training program" means the School Safety Guardian Training Program established in subsection (3) of this section.
(3) There is hereby established the School Safety Guardian Program in the Office of Homeland Security within the department. The department shall administer the program through the Office of Homeland Security. In consultation with the Mississippi Department of Education, the department shall establish the program and promulgate rules, regulations, and establish training requirements.
(4) The governing body of a school, in consultation with school administrators and the department, may establish a program under this section. The department or the governing body of a school may discontinue a school's participation in the program at anytime. If the governing body of a school establishes a program under this section, the governing body of a school shall designate employees to participate in the training program developed by the department by which designated and trained school employees are authorized to carry concealed firearms for the protection of the students, employees and others on the campus of the school. The scope and purpose of each program shall include responding to an active shooter situation or other situation that would cause death or serious bodily harm on the school campus or in the immediate vicinity of the school campus. The School Safety Guardian's weapon shall always remain under his or her physical control on campus.
(5) A designated School Safety Guardian is immune from civil liability for any action taken by the School Safety Guardian if the action in question occurs during the reasonable exercise of and within the course and scope of the designated School Safety Guardian's official duties. School Safety Guardians are charged with these duties and must act in accordance with these duties to maintain their immunity. If a School Safety Guardian is found to have failed to carry out their official duties, the immunity described in this subsection shall be waived.
(6) School Safety Guardians
shall be paid a monthly stipend in an amount not less than One Hundred Dollars
($100.00), but not more than Five Hundred Dollars ($500.00) by the school
district * * *;however,
no funds received by school districts under the Elementary and Secondary
Education Act (ESEA) shall be used to pay the stipends authorized under this
subsection in accordance with the prohibition on the use of such funds as
prescribed in Section 13401 of the Bipartisan Safer Communities Act, Public Law
117-159, 117th Congress of the United States, which amends the ESEA (20 USCS
Section 7906 (Supp. 2022).
(7) To be eligible for the immunity provided in this section:
(a) The program, at a minimum, shall require that each designated member of the program who is not a law enforcement officer, as defined in Section 45-6-3, possess a firearms license issued under Section 45-9-101 and the endorsement authorized in Section 97-37-7; has completed instructional training through a law enforcement training academy approved department not less than once every twelve (12) months; and has been CPR and First Aid certified; and
(b) The identities of any person designated by the school's governing body to serve as a School Safety Guardian must be documented at the time of the designation and shall be communicated to school administrators and local law enforcement.
(8) The department may authorize and certify Mississippi law enforcement training academies to offer the training program to the governing body of a school.
(a) The training program, at a minimum, must include:
(i) An instructional course developed by the department;
(ii) A criminal background check;
(iii) A psychological screening;
(iv) A shooting proficiency test; and
(v) An annual recertification training.
(b) A law enforcement training academy may provide School Safety Guardian training to any employee of a school or school district who:
(i) Holds a license to carry a concealed handgun issued under Section 45-9-101;
(ii) Has an endorsement authorized by Section 97-37-7; and
(iii) Has current certification in CPR and First Aid.
(c) The department may establish a fee in an amount that is sufficient to cover the costs of the training program under this section to be paid to the training academy by the governing body of the school.
(d) The department shall adopt rules to administer this section, including a method to identify license holders who have completed a School Safety Guardian training certification course and setting a fee to be charged by the department for the issuance or reissuance of identification of the license holder as being certified.
(e) The department shall adopt rules and regulations that require review of the firearms training policies and procedures of school districts that authorized its employees to carry concealed firearms as part of a school safety program before the effective date of this section. Upon review of such rules and regulations, if the department determines that such district's policies and procedures conform to the department's training standards under the authority of this section, the department shall approve such district's policies and procedures and all employees of such school district that have completed the approved training shall receive all authority and protections provided by this section to carry concealed firearms as part of an approved school safety guardian program. However, if the department determines that such district's policies and procedures fail to conform to the department's training standards under the authority of this section, the employees of the district shall be required to comply with the requirements under this section to carry concealed firearms as part of an approved school safety guardian program.
(9) A person who is indicted or charged with a violation of criminal law while acting as a School Safety Guardian may assert as a defense, in addition to any other defense available, that, at the time of the action in question, the person was a certified School Safety Guardian, was then actually engaged in the performance of the person's duties as a School Safety Guardian, and had met the requirements of this section at the time of the action in question.
(10) Records relating to the identities of any person designated by the school's governing body to serve as a School Safety Guardian shall be exempt from the provisions of the Mississippi Public Records Act of 1983.
SECTION 10. This act shall take effect and be in force from and after July 1, 2025.
