VIRGINIA ACTS OF ASSEMBLY -- CHAPTER
An Act to amend and reenact §§2.2-106, 2.2-225, 2.2-1115.1, 2.2-1509.3, 2.2-2005 through 2.2-2009, 2.2-2012, 2.2-2013, 2.2-2015, 2.2-2019, 2.2-2020, 2.2-2021, 2.2-2023, 23-38.111, and 23-77.4 of the Code of Virginia; to amend and reenact the third enactment of Chapters 758 and 812 of the Acts of Assembly of 2009; to amend the Code of Virginia by adding in Chapter 26 of Title 2.2 an article numbered 35, consisting of sections numbered 2.2-2699.5, 2.2-2699.6, and 2.2-2699.7; and to repeal Article 7 (§§2.2-2033 and 2.2-2034) of Chapter 20.1 of Title 2.2 and Article 20 (§§2.2-2457, 2.2-2458, and 2.2-2458.1) of Chapter 24 of Title 2.2 of the Code of Virginia, relating to Information Technology governance in the Commonwealth; the Chief Information Officer; the Information Technology Investment Board, abolished; and the Information Technology Advisory Council, established; emergency.
[H 1034]
Approved

Be it enacted by the General Assembly of Virginia:

1. That §§2.2-106, 2.2-225, 2.2-1115.1, 2.2-1509.3, 2.2-2005 through 2.2-2009, 2.2-2012, 2.2-2013, 2.2-2015, 2.2-2019, 2.2-2020, 2.2-2021, 2.2-2023, 23-38.111, and 23-77.4 of the Code of Virginia are amended and reenacted and that Code of Virginia is amended by adding in Chapter 26 of Title 2.2 an article numbered 35, consisting of sections numbered 2.2-2699.5, 2.2-2699.6, and 2.2-2699.7, as follows:

§2.2-106. Appointment of agency heads; severance.

A. Notwithstanding any provision of law to the contrary, the Governor shall appoint the administrative head of each agency of the executive branch of state government except the:

1. Executive Director of the Virginia Port Authority;

2. Director of the State Council of Higher Education for Virginia;

3. Executive Director of the Department of Game and Inland Fisheries;

4. Executive Director of the Jamestown-Yorktown Foundation;

5. Executive Director of the Motor Vehicle Dealer Board;

6. Librarian of Virginia;

7. Administrator of the Commonwealth's Attorneys' Services Council;

8. Executive Director of the Virginia Housing Development Authority; and

9. Executive Director of the Board of Accountancy; and

10. Chief Information Officer of the Commonwealth.

However, the manner of selection of those heads of agencies chosen as set forth in the Constitution of Virginia shall continue without change. Each administrative head and Secretary appointed by the Governor pursuant to this section shall (i) be subject to confirmation by the General Assembly, (ii) have the professional qualifications prescribed by law, and (iii) serve at the pleasure of the Governor.

B. As part of the confirmation process for each administrative head and Secretary, the Secretary of the Commonwealth shall provide copies of the resumes and statements of economic interests filed pursuant to §2.2-3117 to the chairs of the House of Delegates and Senate Committees on Privileges and Elections. For appointments made before January 1, copies shall be provided to the chairs within 30 days of the appointment or by January 7 whichever time is earlier; and for appointments made after January 1 through the regular session of that year, copies shall be provided to the chairs within seven days of the appointment. Each appointee shall be available for interviews by the Committees on Privileges and Elections or other applicable standing committee. For the purposes of this section and §2.2-107, there shall be a joint subcommittee of the House of Delegates and Senate Committees on Privileges and Elections consisting of five members of the House Committee and three members of the Senate Committee appointed by the respective chairs of the committees to review the resumes and statements of economic interests of gubernatorial appointees. The members of the House of Delegates shall be appointed in accordance with the principles of proportional representation contained in the Rules of the House of Delegates. No appointment confirmed by the General Assembly shall be subject to challenge by reason of a failure to comply with the provisions of this paragraph subsection pertaining to the confirmation process.

C. For the purpose of this section, "agency" includes all administrative units established by law or by executive order that are not (i) arms of the legislative or judicial branches of government; (ii) institutions of higher education as classified under §§23-253.7, 22.1-346, 23-14, and 23-252, and; (iii) regional planning districts, regional transportation authorities or districts, or regional sanitation districts; and (iv) assigned by law to other departments or agencies, not including assignments to secretaries under Article 7 (§2.2-215 et seq.) of Chapter 2 of this title.

D. Severance benefits provided to any departing agency head, whether or not appointed by the Governor, shall be publicly announced by the appointing authority prior to such departure.

§2.2-225. Position established; agencies for which responsible; additional powers.

The position of Secretary of Technology (the Secretary) is created. The Secretary shall be responsible to the Governor for the following agencies, councils, and boards: Information Technology Investment Board Advisory Council, Innovation and Entrepreneurship Investment Authority, Virginia Information Technologies Agency, Virginia Geographic Information Network Advisory Board, and the Wireless E-911 Services Board. The Governor, by executive order, may assign any other state executive agency to the Secretary, or reassign any agency listed in this section to another Secretary.

Unless the Governor expressly reserves such power to himself, the Secretary may, with regard to strategy development, planning and budgeting for technology programs in the Commonwealth:

1. Monitor trends and advances in fundamental technologies of interest and importance to the economy of the Commonwealth and direct and approve a stakeholder-driven technology strategy development process that results in a comprehensive and coordinated view of research and development goals for industry, academia and government in the Commonwealth. This strategy shall be updated biennially and submitted to the Governor, the Speaker of the House of Delegates and the President Pro Tempore of the Senate.

2. Work closely with the appropriate federal research and development agencies and program managers to maximize the participation of Commonwealth industries and universities in these programs consistent with agreed strategy goals.

3. Direct the development of plans and programs for strengthening the technology resources of the Commonwealth's high technology industry sectors and for assisting in the strengthening and development of the Commonwealth's Regional Technology Councils.

4. Direct the development of plans and programs for improving access to capital for technology-based entrepreneurs.

5. Assist the Joint Commission on Technology and Science created pursuant to §30-85 in its efforts to stimulate, encourage, and promote the development of technology in the Commonwealth.

6. Continuously monitor and analyze the technology investments and strategic initiatives of other states to ensure the Commonwealth remains competitive.

7. Strengthen interstate and international partnerships and relationships in the public and private sectors to bolster the Commonwealth's reputation as a global technology center.

8. Develop and implement strategies to accelerate and expand the commercialization of intellectual property created within the Commonwealth.

9. Ensure the Commonwealth remains competitive in cultivating and expanding growth industries, including life sciences, advanced materials and nanotechnology, biotechnology, and aerospace.

10. Monitor the trends in the availability and deployment of and access to broadband communications services, which include, but are not limited to, competitively priced, high-speed data services and Internet access services of general application, throughout the Commonwealth and advancements in communications technology for deployment potential. The Secretary shall report annually by December 1 to the Governor and General Assembly on those trends.

11. Review and approve the procurement or termination of major information technology projects, and contracts or amendments thereto proposed by the Chief Information Officer (CIO) pursuant to §2.2-2007.

12. Review and approve statewide technical and data standards for information technology and related systems, including the utilization of nationally recognized technical and data standards for health information technology systems or software purchased by a state agency of the Commonwealth, as recommended by the CIO.

13. Develop criteria and requirements defining "major information technology project" for purposes of §2.2-2006. Such criteria and requirements shall include, but are not limited to, analysis of each project's risk and complexity.

§2.2-1115.1. Standard vendor accounting information.

A. The Division, the Virginia Information Technologies Agency, and the State Comptroller shall develop and maintain data standards for use by all agencies and institutions for payments and purchases of goods and services pursuant to §§2.2-1115 and 2.2-2012. Such standards shall include at a minimum the vendor number, name, address, and tax identification number; commodity code, order number, invoice number, and receipt information; and other information necessary to appropriately and consistently identify all suppliers of goods, commodities, and other services to the Commonwealth. The Division, the Virginia Information Technologies Agency, and the State Comptroller shall annually review and update these standards to provide the Commonwealth information to monitor all procurement of goods and services and to implement adequate controls to pay only authorized providers of goods and services to the Commonwealth.

B. The Division and the Virginia Information Technologies Agency shall submit these standards to the Information Technology Investment Board Advisory Council in accordance with §2.2-2458 § 2.2-2699.6 for approval review as statewide technical and data standards for information technology.

§2.2-1509.3. Budget bill to include appropriations for major information technology projects.

A. For purposes of this section:

"Major information technology project" means the same as that term is defined in §2.2-2006.

"Major information technology project funding" means an estimate of each funding source for a major information technology project for the duration of the project.

B. In "The Budget Bill" submitted pursuant to § 2.2-1509, the Governor shall provide for the funding of major information technology projects, as specified herein. Such funding recommendations shall be for major information technology projects that have or are pending project development approval as defined by §2.2-2019 or procurement approval as defined by §2.2-2020.

The Governor shall include in "The Budget Bill" submitted pursuant to §2.2-1509 a biennial appropriation for major information technology projects and the following information for each such project:

1. A brief statement explaining the project, the Information Technology Investment Board's CIO's ranking and recommendations on the project as required by §2.2-2458 §2.2-2008, an explanation, if necessary, if the Governor informed the Chief Information Officer Secretary of Technology that an emergency existed as set forth in §2.2-2008, and the anticipated duration of the project;

2. A brief explanation of the inclusion of any project in the budget bill that has not undergone review and approval by the Information Technology Investment Board Secretary of Technology as required by §2.2-2458 §2.2-225;

3. Total estimated project costs, as defined by the Commonwealth's Project Management Standards, including the amount of the agency's or institution's operating appropriation, which will support the project, and long-term contract cost beyond the biennium;

4. Costs incurred to date, as defined by the Commonwealth's Project Management Standards, which includes both the project planning cost and internal operating costs to support the project;

5. Recommendations or comments of the Public-Private Partnership Advisory Commission, if the project is part of a proposal under the Public-Private Education Facilities and Infrastructure Act of 2002 (§56-575.1 et seq.); and

6. The Information Technology Investment Board's CIO's assessment of the project and the status as of the date of the budget bill submission to the General Assembly.

C. The Information Technology Investment Board Secretary of Technology shall immediately notify each member of the Senate Finance Committee and the House Appropriations Committee of any Board decision to terminate in accordance with §2.2-2458 §2.2-225 any major information technology project in the budget bill. Such communication shall include the Information Technology Investment Board's Secretary of Technology's reason for such termination.

§2.2-2005. Creation of Agency; appointment of Chief Information Officer.

A. There is hereby created the Virginia Information Technologies Agency (VITA), which shall serve as the agency responsible for administration and enforcement of the provisions of this Chapter and the rules and policies of the Board.

B. The Board Governor shall appoint a Chief Information Officer (the CIO) as the chief administrative officer of the Board to oversee the operation of VITA. The CIO shall be employed under special contract for a term not to exceed five years and shall, under the direction and control of the Board, exercise the powers and perform the duties conferred or imposed upon him by law and perform such other duties as may be required by the Board Governor and the Secretary of Technology.

§2.2-2006. Definitions.

As used in this chapter:

"Board" means the Information Technology Investment Board created in §2.2-2457.

"Communications services" includes telecommunications services, automated data processing services, and management information systems that serve the needs of state agencies and institutions.

"Confidential data" means information made confidential by federal or state law that is maintained by a state agency in an electronic format.

"Information technology" means telecommunications, automated data processing, databases, the Internet, management information systems, and related information, equipment, goods, and services. It is in the interest of the Commonwealth that its public institutions of higher education in Virginia be in the forefront of developments in technology. Therefore, the The provisions of this chapter shall not be construed to hamper the pursuit of the missions of the institutions in instruction and research.

"ITAC" means the Information Technology Advisory Council created in §2.2-2699.5.

"Major information technology project" means any state agency information technology project that (i) is mission-critical, (ii) has statewide application, or (iii) has a total estimated cost of more than $1 million (i) meets the criteria and requirements developed by the Secretary of Technology pursuant to §2.2-225 or (ii) has a total estimated cost of more than $1 million.

"Noncommercial telecommunications entity" means any public broadcasting station as defined in §2.2-2427.

"Public telecommunications entity" means any public broadcasting station as defined in §2.2-2427.

"Public telecommunications facilities" means all apparatus, equipment and material necessary for or associated in any way with public broadcasting stations or public broadcasting services as those terms are defined in §2.2-2427, including the buildings and structures necessary to house such apparatus, equipment and material, and the necessary land for the purpose of providing public broadcasting services, but not telecommunications services.

"Public telecommunications services" means public broadcasting services as defined in §2.2-2427.

"Secretary" means the Secretary of Technology.

"State agency" or "agency" means any agency, institution, board, bureau, commission, council, or instrumentality of state government in the executive branch listed in the appropriation act. However, the terms "state agency," "agency," "institution," "public body," and "public institution of higher education," shall not include the University of Virginia Medical Center.

"Technology asset" means hardware and communications equipment not classified as traditional mainframe-based items, including personal computers, mobile computers, and other devices capable of storing and manipulating electronic data.

"Telecommunications" means any origination, transmission, emission, or reception of signs, signals, writings, images, and sounds or intelligence of any nature, by wire, radio, television, optical, or other electromagnetic systems.

"Telecommunications facilities" means apparatus necessary or useful in the production, distribution, or interconnection of electronic communications for state agencies or institutions including the buildings and structures necessary to house such apparatus and the necessary land.

§2.2-2007. Powers of the CIO.

A. In addition to such other duties as the Board Secretary may assign, the CIO shall:

1. Monitor trends and advances in information technology; develop a comprehensive, statewide, four-year two-year strategic plan for information technology to include: (i) specific projects that implement the plan; and (ii) a plan for the acquisition, management, and use of information technology by state agencies; and (iii) a report of the progress of any ongoing enterprise application projects, any factors or risks that might affect their successful completion, and any changes to their projected implementation costs and schedules. The statewide plan shall be updated annually and submitted to the Board Secretary for approval.

2. Direct the formulation and promulgation of policies, guidelines, standards, and specifications for the purchase, development, and maintenance of information technology for state agencies, including, but not limited to, those (i) required to support state and local government exchange, acquisition, storage, use, sharing, and distribution of geographic or base map data and related technologies, (ii) concerned with the development of electronic transactions including the use of electronic signatures as provided in § 59.1-496, and (iii) necessary to support a unified approach to information technology across the totality of state government, thereby assuring that the citizens and businesses of the Commonwealth receive the greatest possible security, value, and convenience from investments made in technology.

3. Direct the development of policies and procedures, in consultation with the Department of Planning and Budget, that are integrated into the Commonwealth's strategic planning and performance budgeting processes, and that state agencies and public institutions of higher education shall follow in developing information technology plans and technology-related budget requests. Such policies and procedures shall require consideration of the contribution of current and proposed technology expenditures to the support of agency and institution priority functional activities, as well as current and future operating expenses, and shall be utilized by all state agencies and public institutions of higher education in preparing budget requests.

4. Review budget requests for information technology from state agencies and public institutions of higher education and recommend budget priorities to the Information Technology Investment Board Secretary.

Review of such budget requests shall include, but not be limited to, all data processing or other related projects for amounts exceeding $100,000 in which the agency or institution has entered into or plans to enter into a contract, agreement or other financing agreement or such other arrangement that requires that the Commonwealth either pay for the contract by foregoing revenue collections, or allows or assigns to another party the collection on behalf of or for the Commonwealth any fees, charges, or other assessments or revenues to pay for the project. For each project, the agency or institution, with the exception of public institutions of higher education that meet the conditions prescribed in subsection B of §23-38.88, shall provide the CIO (i) a summary of the terms, (ii) the anticipated duration, and (iii) the cost or charges to any user, whether a state agency or institution or other party not directly a party to the project arrangements. The description shall also include any terms or conditions that bind the Commonwealth or restrict the Commonwealth's operations and the methods of procurement employed to reach such terms.

5. Direct the development of policies and procedures for the effective management of information technology investments throughout their entire life cycles, including, but not limited to, project definition, procurement, development, implementation, operation, performance evaluation, and enhancement or retirement. Such policies and procedures shall include, at a minimum, the periodic review by the CIO of agency and public institution of higher education major information technology projects estimated to cost $1 million or more or deemed to be mission-critical or of statewide application by the CIO. The CIO shall provide technical guidance to the Department of General Services in the development of policies and procedures for the recycling and disposal of computers and other technology assets. Such policies and procedures shall include the expunging, in a manner as determined by the CIO, of all state confidential data and personal identifying information of citizens of the Commonwealth prior to such sale, disposal, or other transfer of computers or other technology assets.

6. Oversee and administer the Virginia Technology Infrastructure Fund created pursuant to §2.2-2023.

7. Periodically evaluate the feasibility of outsourcing information technology resources and services, and outsource those resources and services that are feasible and beneficial to the Commonwealth.

8. Have the authority to enter into contracts, and with the approval of the Board Secretary of Technology for any contracts over $1 million, with one or more other public bodies, or public agencies or institutions or localities of the several states, of the United States or its territories, or the District of Columbia for the provision of information technology services.

9. Report annually to the Governor, the Secretary, and the Joint Commission on Technology and Science created pursuant to §30-85 on the use and application of information technology by state agencies and public institutions of higher education to increase economic efficiency, citizen convenience, and public access to state government. The CIO shall prepare an annual report for submission to the Secretary, the Information Technology Advisory Council, and the Joint Commission on Technology and Science on a prioritized list of Recommended Technology Investment Projects based upon major information technology projects submitted for approval pursuant to this chapter. As part of this plan, the CIO shall develop and regularly update a methodology for prioritizing projects based upon the allocation of points to defined criteria. The criteria and their definitions shall be presented in the plan. For each project listed in the plan, the CIO shall indicate the number of points and how they were awarded. For each listed project, the CIO shall also indicate (i) the projected cost of the project for the next three biennia following project implementation; (ii) all projected costs of ongoing operations and maintenance activities; and (iii) whether the project fails to incorporate existing standards for the maintenance, exchange, and security of data. This report shall also include trends in current projected information technology spending by state agencies and at the enterprise level, including spending on projects, operations and maintenance, and payments to VITA.

10. Direct the development of policies and procedures that require VITA to review major information technology projects proposed by state agencies and institutions exceeding $100,000, and recommend to the Secretary whether such projects be approved or disapproved. The CIO shall disapprove major information technology projects between $100,000 and $1 million that do not conform to the statewide strategic information technology plan or to the individual plans of state agencies or institutions of higher education. For projects that do not meet the definition of major information technology project as defined in §2.2-2006, the CIO shall develop criteria and requirements defining whether such projects are subject to the provisions of this subdivision.

11. Oversee the Commonwealth's efforts to modernize the planning, development, implementation, improvement, and retirement of Commonwealth applications, including the coordination and development of enterprise-wide or multiagency applications.

12. Develop and recommend to the Secretary statewide technical and data standards for information technology and related systems, including the utilization of nationally recognized technical and data standards for health information technology systems or software purchased by a state agency of the Commonwealth.

B. Consistent with §2.2-2012, the CIO may enter into public-private partnership contracts to finance or implement information technology programs and projects. The CIO may issue a request for information to seek out potential private partners interested in providing programs or projects pursuant to an agreement under this subsection. The compensation for such services shall be computed with reference to and paid from the increased revenue or cost savings attributable to the successful implementation of the program or project for the period specified in the contract. The CIO shall be responsible for reviewing and approving the programs and projects and the terms of contracts for same under this subsection. The CIO shall determine annually the total amount of increased revenue or cost savings attributable to the successful implementation of a program or project under this subsection and such amount shall be deposited in the Virginia Technology Infrastructure Fund created in §2.2-2023. The CIO is authorized to use moneys deposited in the Fund to pay private partners pursuant to the terms of contracts under this subsection. All moneys in excess of that required to be paid to private partners, as determined by the CIO, shall be reported to the Comptroller and retained in the Fund. The CIO shall prepare an annual report to the Governor, the Secretary, and General Assembly on all contracts under this subsection, describing each information technology program or project, its progress, revenue impact, and such other information as may be relevant.

C. The CIO shall strive to follow acceptable technology investment methods, such as Information Technology Investment Management (ITIM) principles developed by the United States Government Accountability Office, to ensure that all technology expenditures are an integral part of the Commonwealth's performance management system and are aligned with (i) agency strategic business objectives, (ii) the Governor's policy objectives, and (iii) the long-term objectives of the Council on Virginia's Future.

D. Subject to review and approval by the Secretary, the CIO shall have the authority to enter into and amend contracts for the provision of information technology services.

§2.2-2008. Additional duties of the CIO relating to project management.

The CIO shall have the following duties relating to the management of information technology projects:

1. Develop an approval process for proposed major information technology projects by state agencies to ensure that all such projects conform to the statewide information management plan and the information management plans of agencies and public institutions of higher education.

2. Establish a methodology for conceiving, planning, scheduling and providing appropriate oversight for information technology projects including a process for approving the planning, development and procurement of information technology projects. Such methodology shall include guidelines for the establishment of appropriate oversight for information technology projects.

3. Establish minimum qualifications and training standards for project managers.

4. Review and approve Provide the Secretary with a recommendation and rank of all procurement solicitations involving major information technology projects.

5. Direct the development of any statewide or multiagency enterprise project.

6. Develop and update a project management methodology to be used by agencies in the development of information technology.

7. Establish an information clearinghouse that identifies best practices and new developments and contains detailed information regarding the Commonwealth's previous experiences with the development of major information technology projects.

8. Determine, prior to proceeding with the development of a major information technology project pursuant to §2.2-2019 or the procurement of any major information technology project pursuant to §2.2-2020, that the funding for such project has been included in the budget bill in accordance with §2.2-1509.3. Notwithstanding the The provisions of this subdivision, shall not apply upon a determination by the Governor that an emergency exists and a major information technology project is necessary to address the emergency, the CIO shall refer such project directly to the Information Technology Investment Board.

§2.2-2009. Additional duties of the CIO relating to security of government information.

A. To provide for the security of state government electronic information from unauthorized uses, intrusions or other security threats, the CIO shall direct the development of policies, procedures and standards for assessing security risks, determining the appropriate security measures and performing security audits of government electronic information. Such policies, procedures, and standards will apply to the Commonwealth's executive, legislative, and judicial branches, and independent agencies and institutions of higher education. The CIO shall work with representatives of the Chief Justice of the Supreme Court and Joint Rules Committee of the General Assembly to identify their needs.

B. The CIO shall also develop policies, procedures, and standards that shall address the scope of security audits and the frequency of such security audits. In developing and updating such policies, procedures, and standards, the CIO shall designate a government entity to oversee, plan and coordinate the conduct of periodic security audits of all executive branch and independent agencies and institutions of higher education. The CIO will coordinate these audits with the Auditor of Public Accounts and the Joint Legislative Audit and Review Commission. The Chief Justice of the Supreme Court and the Joint Rules Committee of the General Assembly shall determine the most appropriate methods to review the protection of electronic information within their branches.

C. The CIO shall annually report to the Governor, the Secretary, and General Assembly by December 2008 and annually thereafter, those executive branch and independent agencies and institutions of higher education that have not implemented acceptable policies, procedures, and standards to control unauthorized uses, intrusions, or other security threats. For any executive branch and or independent agency or institution of higher education whose security audit results and plans for corrective action are unacceptable, the CIO shall report such results to the (i) Information Technology Investment Board the Secretary, (ii) any other affected cabinet secretary, (iii) the Governor, and (iv) the Auditor of Public Accounts. Upon review of the security audit results in question, the Information Technology Investment Board CIO may take action to suspend the public bodies body's information technology projects pursuant to subdivision 3 of §2.2-2458 §2.2-2015, limit additional information technology investments pending acceptable corrective actions, and recommend to the Governor and Secretary any other appropriate actions.

The CIO shall also include in this report (a) results of security audits, including those state agencies, independent agencies, and institutions of higher education that have not implemented acceptable regulations, standards, policies, and guidelines to control unauthorized uses, intrusions, or other security threats and (b) the extent to which security standards and guidelines have been adopted by state agencies.

D. All public bodies subject to such audits as required by this section shall fully cooperate with the entity designated to perform such audits and bear any associated costs. Public bodies that are not required to but elect to use the entity designated to perform such audits shall also bear any associated costs.

E. The provisions of this section shall not infringe upon responsibilities assigned to the Comptroller, the Auditor of Public Accounts, or the Joint Legislative Audit and Review Commission by other provisions of the Code of Virginia.

F. To ensure the security and privacy of citizens of the Commonwealth in their interactions with state government, the CIO shall direct the development of policies, procedures, and standards for the protection of confidential data maintained by state agencies against unauthorized access and use. Such policies, procedures, and standards shall include, but not be limited to:

1. Requirements that any state employee or other authorized user of a state technology asset provide passwords or other means of authentication to (i) use a technology asset and (ii) access a state-owned or operated computer network or database; and

2. Requirements that a digital rights management system or other means of authenticating and controlling an individual's ability to access electronic records be utilized to limit access to and use of electronic records that contain confidential data to authorized individuals.

G. The CIO shall promptly receive reports from directors of departments in the executive branch of state government made in accordance with §2.2-603 and shall take such actions as are necessary, convenient or desirable to ensure the security of the Commonwealth's electronic information and confidential data.

H. The CIO shall also develop policies, procedures, and standards that shall address the creation and operation of a risk management program designed to identify information technology security gaps and develop plans to mitigate the gaps. All agencies in the Commonwealth shall cooperate with the CIO. Such cooperation includes, but is not limited to, (i) providing the CIO with information required to create and implement a Commonwealth risk management program; (ii) creating an agency risk management program; and (iii) complying with all other risk management activities.

§2.2-2012. Procurement of information technology and telecommunications goods and services; computer equipment to be based on performance-based specifications.

A. Information technology and telecommunications goods and services of every description shall be procured by (i) VITA for its own benefit or on behalf of other state agencies and institutions or (ii) such other agencies or institutions to the extent authorized by VITA. Such procurements shall be made in accordance with the Virginia Public Procurement Act (§2.2-4300 et seq.), regulations that implement the electronic and information technology accessibility standards of the Rehabilitation Act of 1973 (29 U.S.C. §794d), as amended, and any regulations as may be prescribed by VITA. In no case shall such procurements exceed the requirements of the regulations that implement the electronic and information technology accessibility standards of the Rehabilitation Act of 1973, as amended.

The CIO shall disapprove any procurement that does not conform to the statewide information technology plan or to the individual plans of state agencies or public institutions of higher education.

B. All statewide contracts and agreements made and entered into by VITA for the purchase of communications services, telecommunications facilities, and information technology goods and services shall provide for the inclusion of counties, cities, and towns in such contracts and agreements. Notwithstanding the provisions of §2.2-4301, VITA may enter into multiple vendor contracts for the referenced services, facilities, and goods and services.

B1 C. The Department may establish contracts for the purchase of personal computers and related devices by licensed teachers employed in a full-time teaching capacity in Virginia public schools or in state educational facilities for use outside the classroom. The computers and related devices shall not be purchased with public funds, but shall be paid for and owned by teachers individually provided that no more than one such computer and related device per year shall be so purchased.

C D. If VITA, or any agency or institution authorized by VITA, elects to procure personal computers and related peripheral equipment pursuant to any type of blanket purchasing arrangement under which public bodies, as defined in §2.2-4301, may purchase such goods from any vendor following competitive procurement but without the conduct of an individual procurement by or for the using agency or institution, it shall establish performance-based specifications for the selection of equipment. Establishment of such contracts shall emphasize performance criteria including price, quality, and delivery without regard to "brand name." All vendors meeting the Commonwealth's performance requirements shall be afforded the opportunity to compete for such contracts.

D E. This section shall not be construed or applied so as to infringe upon, in any manner, the responsibilities for accounting systems assigned to the Comptroller under §2.2-803.

E F. The CIO of VITA shall, on or before October 1, 2009, and every two years thereafter, solicit from each state agency and public institution of higher education a list of procurements that were competed with the private sector that appear on the Commonwealth Competition Council's commercial activities list and were, until that time, being performed by each state agency and public institution of higher education during the previous two years, and the outcome of that competition. The CIO shall make the lists available to the public on VITA's website.

§2.2-2013. Internal service funds; Automated Services Internal Service Fund; Computer Services Internal Service Fund; Telecommunication Services Internal Service Fund.

A. There are established the following internal service funds to be administered by VITA:

1. The Automated Services Internal Service Fund to be used to finance automated systems design, development and testing services and staff of VITA;

2. The Computer Services Internal Service Fund to be used to finance computer operations and staff of VITA; and

3. The Telecommunication Services Internal Service Fund to be used to finance telecommunications operations and staff of VITA.

B. There is established the Acquisition Services Special Fund to be administered by VITA and used to finance procurement and contracting activities and programs unallowable for federal fund reimbursement.

C. All users of services provided for in this chapter administered by VITA shall be assessed a surcharge, which shall be deposited in the appropriate fund. This charge shall be an amount sufficient to allow VITA to finance the operations and staff of the services offered.

D. Additional moneys necessary to establish these funds or provide for the administration of the activities of VITA may be advanced from the general account of the state treasury.

E. The CIO shall direct that the following activities be conducted with respect to VITA's internal service funds:

1. VITA shall establish fee schedules for the collection of fees from users when general fund appropriations are not available for the services rendered.

2. VITA shall develop and implement information, billing, and collections methods that will assist state agencies in analyzing and effectively managing their use of VITA's services, and which will allow VITA to forecast service demands and balances of its internal service funds.

3. By September 1 of each year, VITA shall submit biennial projections of future revenues and expenditures for each internal service fund and estimates of any anticipated changes to fee schedules to the Joint Legislative Audit and Review Commission and the Department of Planning and Budget.

4. In the event that changes to fee schedules or rates are required, the CIO shall submit documentation to the Joint Legislative Audit and Review Commission and the Department of Planning and Budget no later than September 1 prior to the fiscal year in which the new or revised rates are to take effect so that the impact of the rate changes can be considered for inclusion in the executive budget submitted to the General Assembly pursuant to § 2.2-1508. In emergency circumstances, deviations from this approach shall be approved in advance by the Joint Legislative Audit and Review Commission.

§2.2-2015. Authority of CIO to modify or suspend major information technology projects; project termination.

The CIO may direct the modification or suspension of any major information technology project that, as the result of a periodic review authorized by subdivision A 5 of §2.2-2007, has not met the performance measures agreed to by the CIO and the sponsoring agency or public institution of higher education or if he otherwise deems such action appropriate and consistent with the terms of any affected contracts. The CIO may recommend to the Board Secretary the termination of such project. Nothing in this section shall be construed to supersede the responsibility of a board of visitors for the management and operation of a public institution of higher education.

The provisions of this section shall not apply to research projects, research initiatives or instructional programs at public institutions of higher education. However, technology investments in research projects, research initiatives or instructional programs at such institutions estimated to cost $1 million or more of general fund appropriations may be reviewed as provided in subdivision A 5 of §2.2-2007 if the projects are deemed mission-critical by the institution or of statewide application by the CIO. The CIO and the Secretary of Education, in consultation with public institutions of higher education, shall develop and provide to such institution criteria to be used in determining whether projects are mission-critical.

§2.2-2019. Project development approval.

A. Upon approval of the CIO of the project plan, an agency shall submit to the Division a project development proposal containing (i) a detailed business case including a cost-benefit analysis; (ii) a business process analysis, if applicable; (iii) system requirements, if known; (iv) a proposed development plan and project management structure; and (v) a proposed resource or funding plan. The project management specialist may require the submission of additional information necessary to meet the criteria developed by the Division.

B. The project management specialist assigned to review the project development proposal shall recommend its approval or rejection to the CIO. If the CIO determines that the proposal be approved, he shall recommend such approval to the Board.

§2.2-2020. Procurement approval for major information technology projects.

Upon approval of the Board CIO of the project development proposal involving a major information technology project that requires the procurement of goods or services, the agency shall submit a copy of any Invitation for Bid (IFB) or Request for Proposal (RFP) to the Division. The project management specialist shall review the IFB or RFP and recommend its approval or rejection to the CIO Secretary. The CIO Secretary, pursuant to §2.2-225, shall have the final authority to approve the IFB or RFP prior to its release and shall approve the proposed contract for the award of the project.

§2.2-2021. Project oversight.

A. Whenever an agency has received approval from the Board Secretary to proceed with the development and acquisition of a major information technology project, an internal agency oversight committee shall be established by the CIO. The internal agency oversight committee shall provide ongoing oversight for the project and have the authority to approve or reject any changes in the project's scope, schedule, or budget. The CIO shall ensure that the project has in place adequate project management and oversight structures for addressing major issues that could affect the project's scope, schedule or budget and shall address issues that cannot be resolved by the internal agency oversight committee.

B. Whenever a statewide or multiagency project has received approval from the Board Secretary, the primary project oversight shall be conducted by a committee composed of representatives from agencies impacted by the project, which shall be established by the CIO.

§2.2-2023. Virginia Technology Infrastructure Fund created; contributions.

A. The Virginia Technology Infrastructure Fund (the Fund) is created in the state treasury. The Fund is to be used to fund major information technology projects or to pay private partners as authorized in subsection B of §2.2-2007.

B. The Fund shall consist of: (i) the transfer of general and nongeneral fund appropriations from state agencies which represent savings that accrue from reductions in the cost of information technology and communication services, (ii) the transfer of general and nongeneral fund appropriations from state agencies which represent savings from the implementation of information technology enterprise projects, (iii) funds identified pursuant to subsection B of §2.2-2007, (iv) such general and nongeneral fund fees or surcharges as may be assessed to agencies for enterprise technology projects, (v) gifts, grants, or donations from public or private sources, and (vi) such other funds as may be appropriated by the General Assembly. Savings shall be as identified by the CIO through a methodology approved reviewed by the Board ITAC and approved by the Secretary of Finance. The Auditor of Public Accounts shall certify the amount of any savings identified by the CIO. For public institutions of higher education, however, savings shall consist only of that portion of total savings that represent general funds. The State Comptroller is authorized to transfer cash consistent with appropriation transfers. Appropriated funds from federal sources are exempted from transfer. Except for funds to pay private partners as authorized in subsection B of § 2.2-2007, moneys in the Fund shall only be expended as provided by the appropriation act.

Interest earned on the Fund shall be credited to the Fund. The Fund shall be permanent and nonreverting. Any unexpended balance in the Fund at the end of the biennium shall not be transferred to the general fund of the state treasury.

Article 35.
Information Technology Advisory Council.

§2.2-2699.5. Information Technology Advisory Council; membership; terms; quorum; compensation; staff.

A. The Information Technology Advisory Council (ITAC) is established as an advisory council, within the meaning of §2.2-2100, in the executive branch of state government. The ITAC shall be responsible for advising the CIO and the Secretary of Technology on the planning, budgeting, acquiring, using, disposing, managing, and administering of information technology in the Commonwealth.

B. The ITAC shall consist of not more than 14 members as follows: (i) one representative from an agency under each of the Governor's Secretaries, as set out in Chapter 2 (§2.2-200 et seq.), to be appointed by the Governor and serve with voting privileges; (ii) the Secretary of Technology and the CIO who shall serve ex officio with voting privileges; and (iii) at the Governor's discretion, not more than two nonlegislative citizen members to be appointed by the Governor and serve with voting privileges.

Nonlegislative citizen members shall be appointed for terms of four years. Appointments to fill vacancies, other than by expiration of a term, shall be for the unexpired terms. All members may be reappointed. However, no nonlegislative citizen member shall serve more than two consecutive four-year terms. The remainder of any term to which a member is appointed to fill a vacancy shall not constitute a term in determining the member's eligibility for reappointment. Vacancies shall be filled in the same manner as the original appointments.

C. The Secretary of Technology shall serve as chairman of the ITAC. The CIO shall serve as vice-chairman. A majority of the members shall constitute a quorum. The ITAC shall meet at least quarterly each year. The meetings of the ITAC shall be held at the call of the chairman or whenever the majority of the members so request.

D. Nonlegislative citizen members shall receive compensation and shall be reimbursed for all reasonable and necessary expenses incurred in the performance of their duties, as provided in §§2.2-2813 and 2.2-2825. Funding for the costs of compensation and expenses of the members shall be provided by the Virginia Information Technologies Agency.

E. The disclosure requirements of subsection B of § 2.2-3114 of the State and Local Government Conflict of Interests Act shall apply to citizen members of the ITAC.

F. The Virginia Information Technologies Agency shall serve as staff to the ITAC.

§2.2-2699.6. Powers and duties of the ITAC.

The ITAC shall have the power and duty to:

1. Adopt rules and procedures for the conduct of its business;

2. Advise the CIO on the development of all major information technology projects as defined in §2.2-2006;

3. Advise the CIO on strategies, standards, and priorities for the use of information technology for state agencies in the executive branch of state government;

4. Advise the CIO on developing the two-year plan for information technology projects;

5. Advise the CIO on statewide technical and data standards for information technology and related systems, including the utilization of nationally recognized technical and data standards for health information technology systems or software purchased by a state agency of the Commonwealth;

6. Advise the CIO on statewide information technology architecture and related system standards;

7. Advise the CIO on assessing and meeting the Commonwealth's business needs through the application of information technology; and

8. Advise the CIO on the prioritization, development, and implementation of enterprise-wide technology applications; annually review all agency technology applications budgets; and advise the CIO on infrastructure expenditures. For purposes of this section, technology applications include, but are not limited to, hardware, software, maintenance, facilities, contractor services, goods, and services that promote business functionality and facilitate the storage, flow, use or processing of information by agencies of the Commonwealth in the execution of their business activities.

§2.2-2699.7. Health Information Technology Standards Advisory Committee.

The ITAC may appoint an advisory committee of persons with expertise in health care and information technology to advise the ITAC on the utilization of nationally recognized technical and data standards for health information technology systems or software pursuant to subdivision 5 of §2.2-2699.6. The ITAC, in consultation with the Secretary of Health and Human Resources, may appoint up to five persons to serve on the advisory committee. Members appointed to the advisory committee shall serve without compensation, but shall be reimbursed for all reasonable and necessary expenses incurred in the performance of their duties as provided in §2.2-2825. The CIO, the Secretary of Technology, and the Secretary of Health and Human Resources, or their designees, may also serve on the advisory committee.

§23-38.111. Information technology.

Subject to the terms of the management agreement, covered institutions may be exempt from the provisions governing the Virginia Information Technologies Agency, Chapter 20.1 (§2.2-2005 et seq.) of Title 2.2., and the provisions governing the Information Technologies Investment Board Advisory Council, Article 20 35 (§2.2-2699.5 et seq.) of Chapter 24 (§2.2-2457 et seq.) 26 of Title 2.2; provided, however, that the governing body of a covered institution shall adopt, and the covered institution shall comply with, policies for the procurement of information technology goods and services, including professional services, that are consistent with the requirements of §23-38.110 and that include provisions addressing cooperative arrangements for such procurement as described in §23-38.110, and shall adopt and comply with institutional policies and professional best practices regarding strategic planning for information technology, project management, security, budgeting, infrastructure, and ongoing operations.

§23-77.4. Medical center management.

A. The General Assembly recognizes and finds that the economic viability of the University of Virginia Medical Center, hereafter referred to as the Medical Center, together with the requirement for its specialized management and operation, and the need of the Medical Center to participate in cooperative arrangements reflective of changes in health care delivery, as set forth in §23-77.3, are dependent upon the ability of the management of the Medical Center to make and implement promptly decisions necessary to conduct the affairs of the Medical Center in an efficient, competitive manner. The General Assembly also recognizes and finds that it is critical to, and in the best interests of, the Commonwealth that the University continue to fulfill its mission of providing quality medical and health sciences education and related research and, through the presence of its Medical Center, continue to provide for the care, treatment, health-related services, and education activities associated with Virginia patients, including indigent and medically indigent patients. Because the General Assembly finds that the ability of the University to fulfill this mission is highly dependent upon revenues derived from providing health care through its Medical Center, and because the General Assembly also finds that the ability of the Medical Center to continue to be a reliable source of such revenues is heavily dependent upon its ability to compete with other providers of health care that are not subject to the requirements of law applicable to agencies of the Commonwealth, the University is hereby authorized to implement the following modifications to the management and operation of the affairs of the Medical Center in order to enhance its economic viability:

B. Capital projects; leases of property; procurement of goods, services and construction.

1. Capital projects.

a. For any Medical Center capital project entirely funded by a nongeneral fund appropriation made by the General Assembly, all post-appropriation review, approval, administrative, and policy and procedure functions performed by the Department of General Services, the Division of Engineering and Buildings, the Department of Planning and Budget and any other agency that supports the functions performed by these departments are hereby delegated to the University, subject to the following stipulations and conditions: (i) the Board of Visitors shall develop and implement an appropriate system of policies, procedures, reviews and approvals for Medical Center capital projects to which this subdivision applies; (ii) the system so adopted shall provide for the review and approval of any Medical Center capital project to which this subdivision applies in order to ensure that, except as provided in clause (iii), the cost of any such capital project does not exceed the sum appropriated therefor and that the project otherwise complies with all requirements of the Code of Virginia regarding capital projects, excluding only the post-appropriation review, approval, administrative, and policy and procedure functions performed by the Department of General Services, the Division of Engineering and Buildings, the Department of Planning and Budget and any other agency that supports the functions performed by these departments; (iii) the Board of Visitors may, during any fiscal year, approve a transfer of up to a total of 15 percent of the total nongeneral fund appropriation for the Medical Center in order to supplement funds appropriated for a capital project or capital projects of the Medical Center, provided that the Board of Visitors finds that the transfer is necessary to effectuate the original intention of the General Assembly in making the appropriation for the capital project or projects in question; (iv) the University shall report to the Department of General Services on the status of any such capital project prior to commencement of construction of, and at the time of acceptance of, any such capital project; and (v) the University shall ensure that Building Officials and Code Administrators (BOCA) Code and fire safety inspections of any such project are conducted and that such projects are inspected by the State Fire Marshal or his designee prior to certification for building occupancy by the University's assistant state building official to whom such inspection responsibility has been delegated pursuant to §36-98.1. Nothing in this section shall be deemed to relieve the University of any reporting requirement pursuant to §2.2-1513. Notwithstanding the foregoing, the terms and structure of any financing of any capital project to which this subdivision applies shall be approved pursuant to §2.2-2416.

b. No capital project to which this subdivision applies shall be materially increased in size or materially changed in scope beyond the plans and justifications that were the basis for the project's appropriation unless: (i) the Governor determines that such increase in size or change in scope is necessary due to an emergency or (ii) the General Assembly approves the increase or change in a subsequent appropriation for the project. After construction of any such capital project has commenced, no such increase or change may be made during construction unless the conditions in (i) or (ii) have been satisfied.

2. Leases of property.

a. The University shall be exempt from the provisions of § 2.2-1149 and from any rules, regulations and guidelines of the Division of Engineering and Buildings in relation to leases of real property that it enters into on behalf of the Medical Center and, pursuant to policies and procedures adopted by the Board of Visitors, may enter into such leases subject to the following conditions: (i) the lease must be an operating lease and not a capital lease as defined in guidelines established by the Secretary of Finance and Generally Accepted Accounting Principles (GAAP); (ii) the University's decision to enter into such a lease shall be based upon cost, demonstrated need, and compliance with guidelines adopted by the Board of Visitors which direct that competition be sought to the maximum practical degree, that all costs of occupancy be considered, and that the use of the space to be leased actually is necessary and is efficiently planned; (iii) the form of the lease is approved by the Special Assistant Attorney General representing the University; (iv) the lease otherwise meets all requirements of law; (v) the leased property is certified for occupancy by the building official of the political subdivision in which the leased property is located; and (vi) upon entering such leases and upon any subsequent amendment of such leases, the University shall provide copies of all lease documents and any attachments thereto to the Department of General Services.

b. Notwithstanding the provisions of §§2.2-1155 and 23-4.1, but subject to policies and procedures adopted by the Board of Visitors, the University may lease, for a purpose consistent with the mission of the Medical Center and for a term not to exceed 50 years, property in the possession or control of the Medical Center.

c. Notwithstanding the foregoing, the terms and structure of any financing arrangements secured by capital leases or other similar lease financing agreements shall be approved pursuant to §2.2-2416.

3. Procurement of goods, services and construction.

Contracts awarded by the University in compliance with this section, on behalf of the Medical Center, for the procurement of goods; services, including professional services; construction; and information technology and telecommunications, shall be exempt from (i) the Virginia Public Procurement Act (§2.2-4300 et seq.), except as provided below; (ii) the requirements of the Division of Purchases and Supply of the Department of General Services as set forth in Article 3 (§2.2-1109 et seq.) of Chapter 11 of Title 2.2; (iii) the requirements of the Division of Engineering and Buildings as set forth in Article 4 (§2.2-1129 et seq.) of Chapter 11 of Title 2.2; and (iv) the authority of the Chief Information Officer and the Virginia Information Technologies Agency as set forth in Chapter 20.1 (§ 2.2-2005 et seq.) of Title 2.2 and the Information Technology Investment Board created pursuant to §2.2-2457 regarding the review and approval of contracts for (a) the construction of Medical Center capital projects and (b) information technology and telecommunications projects; however, the provisions of this subdivision may not be implemented by the University until such time as the Board of Visitors has adopted guidelines generally applicable to the procurement of goods, services, construction and information technology and telecommunications projects by the Medical Center or by the University on behalf of the Medical Center. Such guidelines shall be based upon competitive principles and shall in each instance seek competition to the maximum practical degree. The guidelines shall implement a system of competitive negotiation for professional services; shall prohibit discrimination because of race, religion, color, sex, or national origin of the bidder or offeror in the solicitation or award of contracts; may take into account in all cases the dollar amount of the intended procurement, the term of the anticipated contract, and the likely extent of competition; may implement a prequalification procedure for contractors or products; may include provisions for cooperative procurement arrangements with private health or educational institutions, or with public agencies or institutions of the several states, territories of the United States or the District of Columbia; shall incorporate the prompt payment principles of §§2.2-4350 and 2.2-4354; and may implement provisions of law. The following sections of the Virginia Public Procurement Act shall continue to apply to procurements by the Medical Center or by the University on behalf of the Medical Center: §§2.2-4311, 2.2-4315, and 2.2-4342 (which section shall not be construed to require compliance with the prequalification application procedures of subsection B of §2.2-4317), 2.2-4330, 2.2-4333 through 2.2-4341, and 2.2-4367 through 2.2-4377.

C. Subject to such conditions as may be prescribed in the budget bill under §2.2-1509 as enacted into law by the General Assembly, the State Comptroller shall credit, on a monthly basis, to the nongeneral fund operating cash balances of the University of Virginia Medical Center the imputed interest earned by the investment of such nongeneral fund operating cash balances, including but not limited to those balances derived from patient care revenues, on deposit with the State Treasurer.

2. That Article 7 (§§2.2-2033 and 2.2-2034) of Chapter 20.1 of Title 2.2 and Article 20 (§§2.2-2457, 2.2-2458, and 2.2-2458.1) of Chapter 24 of Title 2.2 of the Code of Virginia are repealed.

3. That the third enactment of Chapter 758 of the Acts of Assembly of 2009 is amended and reenacted as follows:

3. That the Department of General Services, the Virginia Information Technologies Agency, and the State Comptroller shall submit to the Information Technology Investment Board the standards required pursuant to § 2.2-1115.1 of this act by December 1, 2009. The Department of General Services and the Virginia Information Technologies Agency shall undertake to use these standards in the Commonwealth's enterprise electronic procurement system upon approval by the Information Technology Investment Board Secretary of Technology and make the standards available for use by all agencies and institutions by July 1, 2010. After July 1, 2010, the Department of General Services shall provide purchasing data from the Commonwealth's enterprise electronic procurement system, to the extent it is available, at least quarterly for inclusion in the Auditor of Public Accounts' searchable database established pursuant to §30-133 of the Code of Virginia. All agencies and institutions that use the standards developed pursuant to this act that have not previously reported data to the Auditor of Public Accounts through the Commonwealth's enterprise electronic procurement system shall, to the extent practicable, provide such data to the Auditor of Public Accounts at least quarterly beginning after July 1, 2010.

4. That the third enactment of Chapter 812 of the Acts of Assembly of 2009 is amended and reenacted as follows:

3. That the Department of General Services, the Virginia Information Technologies Agency, and the State Comptroller shall submit to the Information Technology Investment Board the standards required pursuant to § 2.2-1115.1 of this act by December 1, 2009. The Department of General Services and the Virginia Information Technologies Agency shall undertake to use these standards in the Commonwealth's enterprise electronic procurement system upon approval by the Information Technology Investment Board Secretary of Technology and make the standards available for use by all agencies and institutions by July 1, 2010. After July 1, 2010, the Department of General Services shall provide purchasing data from the Commonwealth's enterprise electronic procurement system, to the extent it is available, at least quarterly for inclusion in the Auditor of Public Accounts' searchable database established pursuant to §30-133 of the Code of Virginia. All agencies and institutions that use the standards developed pursuant to this act that have not previously reported data to the Auditor of Public Accounts through the Commonwealth's enterprise electronic procurement system shall, to the extent practicable, provide such data to the Auditor of Public Accounts at least quarterly beginning after July 1, 2010.

5. That on or before October 1, 2010, the Chief Information Officer, in consultation with the Joint Legislative Audit and Review Commission and any other parties as directed by the Secretary of Technology, shall develop a new review, approval, and monitoring process for information technology projects to replace the process required by §§2.2-2008 and 2.2-2017 through 2.2-2021 of the Code of Virginia. The new process shall be operational by January 1, 2011, and shall be implemented and regularly updated by the Division of Project Management. The process shall be designed to ensure that information technology projects conform to the statewide information management plan and the information management plans of agencies and public institutions of higher education. The process shall also be designed to ensure that projects are provided with appropriate levels of oversight once they are under execution. The level of review and oversight shall vary depending upon defined risk factors including, but not limited to, the cost of the project. In order to achieve the above goals, the process shall describe a methodology for agencies to follow in conceiving, planning, developing, scheduling and executing information technology projects, including procurements related to those projects.

6. That on or before October 1, 2010, the Chief Information Officer shall, in consultation with the Joint Legislative Audit and Review Commission and the Department of Planning and Budget, develop standard documentation and information to be used as part of any requests for changes to the Virginia Information Technologies Agency's fee schedules and rates.

7. That as of the effective date of this act, the Secretary of Technology shall be deemed the successor in interest to the Information Technology Investment Board. Without limiting the foregoing, all right, title, and interest in and to any real or tangible personal property or contract vested in the Information Technology Investment Board as of the effective date of this act shall be transferred to and taken as standing in the name of the Secretary of Technology.

8. That as of the effective date of this act, the Secretary of Technology shall be deemed the successor in interest to the Division of Enterprise Applications and Virginia Chief Applications Officer. Without limiting the foregoing, all right, title, and interest in and to any real or tangible personal property or contract vested in the Division of Enterprise Applications and Virginia Chief Applications Officer as of the effective date of this act shall be transferred to and taken as standing in the name of the Secretary of Technology.

9. That the Secretary of Technology shall provide in writing the criteria and requirements defining "major information technology project" to the chairs of the House Committee on General Laws, the Senate Committee on General Laws and Technology, the House Committee on Appropriations, the Senate Finance Committee, and the House Committee on Science and Technology.

10. That the Virginia Information Technologies Agency shall continue following the definition of "major information technology project" in effect prior to the passage of this act until the Secretary of Technology develops criteria and requirements defining "major information technology project" pursuant to the provisions of this act.

11. That the Information Technology Advisory Council shall develop a technology business plan for the Commonwealth in consultation with the Council on Virginia's Future, and that on or before December 31, 2011, such technology business plan shall be provided in writing to the chairs of the House Committee on General Laws, the Senate Committee on General Laws and Technology, the House Committee on Appropriations, the Senate Finance Committee, and the House Committee on Science and Technology.

12. That an emergency exists and this act is in force from its passage.