HB208INTRODUCED
Page 0
HB208
I4K5ZW6-1
By Representative Shaw
RFD: State Government
First Read: 06-Feb-25
1
2
3
4
5 I4K5ZW6-1 02/04/2025 KMS (L)KMS 2025-180
Page 1
First Read: 06-Feb-25
SYNOPSIS:
Under existing law, the Office of Information
Technology was created to streamline information
technology and provide for the delivery of information
technology services for state government offices.
This bill would expand the services of the
office to include cybersecurity and would also create a
technology quality assurance board.
A BILL
TO BE ENTITLED
AN ACT
Relating to the powers and duties of the Secretary of
Information Technology; to amend Section 41-28-4, Code of
Alabama 1975, to authorize the secretary to adopt rules
providing for cybersecurity governance for state agencies; and
to authorize the secretary, in consultation with the Governor,
to adopt rules providing for the creation, operation, and
oversight of a technology quality assurance board.
BE IT ENACTED BY THE LEGISLATURE OF ALABAMA:
Section 1. Section 41-28-4 of the Code of Alabama 1975,
is amended to read as follows:
"§41-28-4
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28 HB208 INTRODUCED
Page 2
"§41-28-4
The secretary shall have all of the following powers
and duties:
(1) Develop a comprehensive four-year strategic plan
for the state's information technology to include acquisition,
management, and use of information technology by state
agencies. The plan shall be developed in conjunction with the
planning and budgeting processes for state agencies and may
include review of state agencies' information technology
plans, capital budgets, and operating budgets as appropriate
to accomplish the goals of reducing redundant expenditures and
maximizing the return on information technology investments.
The plan shall be updated annually and submitted to the
Governor and shall be presented during a public meeting to the
Permanent Legislative Oversight Committee on Information
Technology. The plan shall further be coordinated with the
Boards of Directors of the Alabama Supercomputer Authority.
(2) Collaborate and coordinate with the Division of
Data Systems Management of the Department of Finance as set
forth in Article 8 of Chapter 4 of this title, the Alabama
Supercomputer Authority, or any state authority, board, or
agency of like kind, and promote standards and coordinate
services and infrastructure to ensure that information
technology is used to support designated needs areas,
including identifying applications, equipment, and services
that may be statewide in scope and assisting state agencies in
avoiding duplication of applications, equipment, and services.
(3) Serve as a member of the board, or boards, for the
Alabama Supercomputer Authority.
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56 HB208 INTRODUCED
Page 3
Alabama Supercomputer Authority.
(4) Solicit, receive, and administer funds, goods,
services, and equipment from public and private entities to be
used for the purchase of computers, satellites, hardware,
software, and other information technology equipment and
services and for staff training in the use of information
technology development programs.
(5) Establish an inventory of information technology
resources to allow identification of underutilized or idle
resources and all data and data systems in state agencies to
promote improved asset management, utilization, and data
sharing, with information technology resources to include
personnel, software, hardware, and services.
(6) Establish and administer a structured system for
review and approval of new information technology initiatives
and projects, including business case, cost benefit analysis,
and compatibility analysis.
(7) Administer any funds appropriated to the secretary
by the Legislature for the establishment, operation, and
coordination of the office.
(8) Represent state information technology and related
areas with both the private and public sectors, including the
federal government.
(9) Issue annual reports to the Governor, the
Legislature, and the general public concerning the
coordination and operation of the office.
(10) Promulgate Adopt rules, regulations, and policies
and establish procedures and standards for the management and
operation of information technology by state agencies to carry
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84 HB208 INTRODUCED
Page 4
operation of information technology by state agencies to carry
out this chapter, including coordinating state information
technology; providing technical assistance to state agency
administrators on design and management of state information
technology systems; evaluating the cost, system design, and
suitability of information technology equipment and related
services; establishing and enforcing cybersecurity governance
for state agencies, including supporting operations and
technology controls; establishing standards and policies for
project management and project methodologies; and developing a
unified and integrated structure and enterprise architecture
for information technology systems for all state agencies.
(11) In consultation with the Governor, adopt rules to
provide for the creation, operation, and oversight of a
technology quality assurance board that will promote the
responsible and transparent procurement, development, and use
of novel technologies, including artificial intelligence,
within state agencies through establishing and enforcing the
following measures for all of the following technologies:
a. Ethical guidelines and frameworks.
b. Security and privacy controls.
c. Ongoing compliance mechanisms.
(11)(12) Plan and coordinate information technology and
cybersecurity activities for state agencies in such a manner
as to promote the most economical and effective use of state
resources."
Section 2. This act shall become effective on October
1, 2025.
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111