Illinois 2025-2026 Regular Session

Illinois Senate Bill SB1542 Compare Versions

Only one version of the bill is available at this time.

Old	New	Differences
1	1	104TH GENERAL ASSEMBLY State of Illinois 2025 and 2026 SB1542 Introduced 2/4/2025, by Sen. Ram Villivalam SYNOPSIS AS INTRODUCED: 20 ILCS 1370/1-520 ILCS 1370/1-1020 ILCS 1370/1-1520 ILCS 1370/1-2520 ILCS 1370/1-75 rep.20 ILCS 1375/5-520 ILCS 1375/5-1520 ILCS 1375/5-2520 ILCS 1375/5-35 new Amends the Department of Innovation and Technology Act. Repeals the definition of "client agency" and makes changes in the definitions of "dedicated unit", "State agency", and "transferring agency". Replaces references to "transferring agency" with references to "transferred agency". Makes changes in provisions concerning the powers and duties of the Department of Innovation and Technology, including changes in the scope of services provided by the Department and in the classes of persons to whom those services are to be provided. Authorizes the Department to charge fees for service to all State agencies under the jurisdiction of the Governor (rather than only client agencies). Repeals from the Department of Innovation and Technology Act and adds to the Illinois Information Security Improvement Act a provision requiring the principal executive officer of specified units of local government to designate a local official or employee as the primary point of contact for local cybersecurity issues. Requires the name and contact information for the specified individual to be provided to the Statewide Chief Information Security Officer. Further amends the Illinois Information Security Improvement Act. Makes changes concerning the duties of the Office of the Statewide Chief Information Security Officer and the Secretary of Innovation and Technology. Changes the definition of "State agency". LRB104 09812 BDA 19879 b A BILL FOR 104TH GENERAL ASSEMBLY State of Illinois 2025 and 2026 SB1542 Introduced 2/4/2025, by Sen. Ram Villivalam SYNOPSIS AS INTRODUCED: 20 ILCS 1370/1-520 ILCS 1370/1-1020 ILCS 1370/1-1520 ILCS 1370/1-2520 ILCS 1370/1-75 rep.20 ILCS 1375/5-520 ILCS 1375/5-1520 ILCS 1375/5-2520 ILCS 1375/5-35 new 20 ILCS 1370/1-5 20 ILCS 1370/1-10 20 ILCS 1370/1-15 20 ILCS 1370/1-25 20 ILCS 1370/1-75 rep. 20 ILCS 1375/5-5 20 ILCS 1375/5-15 20 ILCS 1375/5-25 20 ILCS 1375/5-35 new Amends the Department of Innovation and Technology Act. Repeals the definition of "client agency" and makes changes in the definitions of "dedicated unit", "State agency", and "transferring agency". Replaces references to "transferring agency" with references to "transferred agency". Makes changes in provisions concerning the powers and duties of the Department of Innovation and Technology, including changes in the scope of services provided by the Department and in the classes of persons to whom those services are to be provided. Authorizes the Department to charge fees for service to all State agencies under the jurisdiction of the Governor (rather than only client agencies). Repeals from the Department of Innovation and Technology Act and adds to the Illinois Information Security Improvement Act a provision requiring the principal executive officer of specified units of local government to designate a local official or employee as the primary point of contact for local cybersecurity issues. Requires the name and contact information for the specified individual to be provided to the Statewide Chief Information Security Officer. Further amends the Illinois Information Security Improvement Act. Makes changes concerning the duties of the Office of the Statewide Chief Information Security Officer and the Secretary of Innovation and Technology. Changes the definition of "State agency". LRB104 09812 BDA 19879 b LRB104 09812 BDA 19879 b A BILL FOR
2	2	104TH GENERAL ASSEMBLY State of Illinois 2025 and 2026 SB1542 Introduced 2/4/2025, by Sen. Ram Villivalam SYNOPSIS AS INTRODUCED:
3	3	20 ILCS 1370/1-520 ILCS 1370/1-1020 ILCS 1370/1-1520 ILCS 1370/1-2520 ILCS 1370/1-75 rep.20 ILCS 1375/5-520 ILCS 1375/5-1520 ILCS 1375/5-2520 ILCS 1375/5-35 new 20 ILCS 1370/1-5 20 ILCS 1370/1-10 20 ILCS 1370/1-15 20 ILCS 1370/1-25 20 ILCS 1370/1-75 rep. 20 ILCS 1375/5-5 20 ILCS 1375/5-15 20 ILCS 1375/5-25 20 ILCS 1375/5-35 new
4	4	20 ILCS 1370/1-5
5	5	20 ILCS 1370/1-10
6	6	20 ILCS 1370/1-15
7	7	20 ILCS 1370/1-25
8	8	20 ILCS 1370/1-75 rep.
9	9	20 ILCS 1375/5-5
10	10	20 ILCS 1375/5-15
11	11	20 ILCS 1375/5-25
12	12	20 ILCS 1375/5-35 new
13	13	Amends the Department of Innovation and Technology Act. Repeals the definition of "client agency" and makes changes in the definitions of "dedicated unit", "State agency", and "transferring agency". Replaces references to "transferring agency" with references to "transferred agency". Makes changes in provisions concerning the powers and duties of the Department of Innovation and Technology, including changes in the scope of services provided by the Department and in the classes of persons to whom those services are to be provided. Authorizes the Department to charge fees for service to all State agencies under the jurisdiction of the Governor (rather than only client agencies). Repeals from the Department of Innovation and Technology Act and adds to the Illinois Information Security Improvement Act a provision requiring the principal executive officer of specified units of local government to designate a local official or employee as the primary point of contact for local cybersecurity issues. Requires the name and contact information for the specified individual to be provided to the Statewide Chief Information Security Officer. Further amends the Illinois Information Security Improvement Act. Makes changes concerning the duties of the Office of the Statewide Chief Information Security Officer and the Secretary of Innovation and Technology. Changes the definition of "State agency".
14	14	LRB104 09812 BDA 19879 b LRB104 09812 BDA 19879 b
15	15	LRB104 09812 BDA 19879 b
16	16	A BILL FOR
17	17	SB1542LRB104 09812 BDA 19879 b SB1542 LRB104 09812 BDA 19879 b
18	18	SB1542 LRB104 09812 BDA 19879 b
19	19	1 AN ACT concerning State government.
20	20	2 Be it enacted by the People of the State of Illinois,
21	21	3 represented in the General Assembly:
22	22	4 Section 5. The Department of Innovation and Technology Act
23	23	5 is amended by changing Sections 1-5, 1-10, 1-15, and 1-25 as
24	24	6 follows:
25	25	7 (20 ILCS 1370/1-5)
26	26	8 Sec. 1-5. Definitions. In this Act:
27	27	9 "Client agency" means each transferring agency, or its
28	28	10 successor, and any other public agency to which the Department
29	29	11 provides service to the extent specified in an interagency
30	30	12 agreement with the public agency.
31	31	13 "Dedicated unit" means the dedicated bureau, division,
32	32	14 office, or other unit within a transferred transferring agency
33	33	15 that is responsible for the information technology functions
34	34	16 of the transferred transferring agency.
35	35	17 "Department" means the Department of Innovation and
36	36	18 Technology.
37	37	19 "Information technology" means technology,
38	38	20 infrastructure, equipment, systems, software, networks, and
39	39	21 processes used to create, send, receive, and store electronic
40	40	22 or digital information, including, without limitation,
41	41	23 computer systems and telecommunication services and systems.
42	42
43	43
44	44
45	45	104TH GENERAL ASSEMBLY State of Illinois 2025 and 2026 SB1542 Introduced 2/4/2025, by Sen. Ram Villivalam SYNOPSIS AS INTRODUCED:
46	46	20 ILCS 1370/1-520 ILCS 1370/1-1020 ILCS 1370/1-1520 ILCS 1370/1-2520 ILCS 1370/1-75 rep.20 ILCS 1375/5-520 ILCS 1375/5-1520 ILCS 1375/5-2520 ILCS 1375/5-35 new 20 ILCS 1370/1-5 20 ILCS 1370/1-10 20 ILCS 1370/1-15 20 ILCS 1370/1-25 20 ILCS 1370/1-75 rep. 20 ILCS 1375/5-5 20 ILCS 1375/5-15 20 ILCS 1375/5-25 20 ILCS 1375/5-35 new
47	47	20 ILCS 1370/1-5
48	48	20 ILCS 1370/1-10
49	49	20 ILCS 1370/1-15
50	50	20 ILCS 1370/1-25
51	51	20 ILCS 1370/1-75 rep.
52	52	20 ILCS 1375/5-5
53	53	20 ILCS 1375/5-15
54	54	20 ILCS 1375/5-25
55	55	20 ILCS 1375/5-35 new
56	56	Amends the Department of Innovation and Technology Act. Repeals the definition of "client agency" and makes changes in the definitions of "dedicated unit", "State agency", and "transferring agency". Replaces references to "transferring agency" with references to "transferred agency". Makes changes in provisions concerning the powers and duties of the Department of Innovation and Technology, including changes in the scope of services provided by the Department and in the classes of persons to whom those services are to be provided. Authorizes the Department to charge fees for service to all State agencies under the jurisdiction of the Governor (rather than only client agencies). Repeals from the Department of Innovation and Technology Act and adds to the Illinois Information Security Improvement Act a provision requiring the principal executive officer of specified units of local government to designate a local official or employee as the primary point of contact for local cybersecurity issues. Requires the name and contact information for the specified individual to be provided to the Statewide Chief Information Security Officer. Further amends the Illinois Information Security Improvement Act. Makes changes concerning the duties of the Office of the Statewide Chief Information Security Officer and the Secretary of Innovation and Technology. Changes the definition of "State agency".
57	57	LRB104 09812 BDA 19879 b LRB104 09812 BDA 19879 b
58	58	LRB104 09812 BDA 19879 b
59	59	A BILL FOR
60	60
61	61
62	62
63	63
64	64
65	65	20 ILCS 1370/1-5
66	66	20 ILCS 1370/1-10
67	67	20 ILCS 1370/1-15
68	68	20 ILCS 1370/1-25
69	69	20 ILCS 1370/1-75 rep.
70	70	20 ILCS 1375/5-5
71	71	20 ILCS 1375/5-15
72	72	20 ILCS 1375/5-25
73	73	20 ILCS 1375/5-35 new
74	74
75	75
76	76
77	77	LRB104 09812 BDA 19879 b
78	78
79	79
80	80
81	81
82	82
83	83
84	84
85	85
86	86
87	87	SB1542 LRB104 09812 BDA 19879 b
88	88
89	89
90	90	SB1542- 2 -LRB104 09812 BDA 19879 b SB1542 - 2 - LRB104 09812 BDA 19879 b
91	91	SB1542 - 2 - LRB104 09812 BDA 19879 b
92	92	1 "Information technology" shall be construed broadly to
93	93	2 incorporate future technologies that change or supplant those
94	94	3 in effect as of the effective date of this Act.
95	95	4 "Information technology functions" means the development,
96	96	5 procurement, installation, retention, maintenance, operation,
97	97	6 possession, storage, and related functions of all information
98	98	7 technology.
99	99	8 "Secretary" means the Secretary of Innovation and
100	100	9 Technology.
101	101	10 "State agency" means each State agency, department, board,
102	102	11 and commission under the jurisdiction of the Governor to which
103	103	12 the Department provides services.
104	104	13 "Transferred Transferring agency" means the Department on
105	105	14 Aging; the Departments of Agriculture, Central Management
106	106	15 Services, Children and Family Services, Commerce and Economic
107	107	16 Opportunity, Corrections, Employment Security, Financial and
108	108	17 Professional Regulation, Healthcare and Family Services, Human
109	109	18 Rights, Human Services, Insurance, Juvenile Justice, Labor,
110	110	19 Lottery, Military Affairs, Natural Resources, Public Health,
111	111	20 Revenue, Transportation, and Veterans' Affairs; the Illinois
112	112	21 State Police; the Capital Development Board; the Deaf and Hard
113	113	22 of Hearing Commission; the Environmental Protection Agency;
114	114	23 the Governor's Office of Management and Budget; the
115	115	24 Guardianship and Advocacy Commission; the Abraham Lincoln
116	116	25 Presidential Library and Museum; the Illinois Arts Council;
117	117	26 the Illinois Council on Developmental Disabilities; the
118	118
119	119
120	120
121	121
122	122
123	123	SB1542 - 2 - LRB104 09812 BDA 19879 b
124	124
125	125
126	126	SB1542- 3 -LRB104 09812 BDA 19879 b SB1542 - 3 - LRB104 09812 BDA 19879 b
127	127	SB1542 - 3 - LRB104 09812 BDA 19879 b
128	128	1 Illinois Emergency Management Agency; the Illinois Gaming
129	129	2 Board; the Illinois Liquor Control Commission; the Office of
130	130	3 the State Fire Marshal; the Prisoner Review Board; and the
131	131	4 Department of Early Childhood.
132	132	5 (Source: P.A. 102-376, eff. 1-1-22; 102-538, eff. 8-20-21;
133	133	6 102-813, eff. 5-13-22; 102-870, eff. 1-1-23; 103-588, eff.
134	134	7 6-5-24.)
135	135	8 (20 ILCS 1370/1-10)
136	136	9 Sec. 1-10. Transfer of functions. On and after March 25,
137	137	10 2016 (the effective date of Executive Order 2016-001):
138	138	11 (a) (Blank).
139	139	12 (b) (Blank).
140	140	13 (c) The personnel of each transferred transferring agency
141	141	14 designated by the Governor are transferred to the Department.
142	142	15 The status and rights of the employees and the State of
143	143	16 Illinois or its transferred transferring agencies under the
144	144	17 Personnel Code, the Illinois Public Labor Relations Act, and
145	145	18 applicable collective bargaining agreements or under any
146	146	19 pension, retirement, or annuity plan shall not be affected by
147	147	20 this Act. Under the direction of the Governor, the Secretary,
148	148	21 in consultation with the transferred transferring agencies and
149	149	22 labor organizations representing the affected employees, shall
150	150	23 identify each position and employee who is engaged in the
151	151	24 performance of functions transferred to the Department, or
152	152	25 engaged in the administration of a law the administration of
153	153
154	154
155	155
156	156
157	157
158	158	SB1542 - 3 - LRB104 09812 BDA 19879 b
159	159
160	160
161	161	SB1542- 4 -LRB104 09812 BDA 19879 b SB1542 - 4 - LRB104 09812 BDA 19879 b
162	162	SB1542 - 4 - LRB104 09812 BDA 19879 b
163	163	1 which is transferred to the Department, to be transferred to
164	164	2 the Department. An employee engaged primarily in providing
165	165	3 administrative support for information technology functions
166	166	4 may be considered engaged in the performance of functions
167	167	5 transferred to the Department.
168	168	6 (d) All books, records, papers, documents, property (real
169	169	7 and personal), contracts, causes of action, and pending
170	170	8 business pertaining to the powers, duties, rights, and
171	171	9 responsibilities relating to dedicated units and information
172	172	10 technology functions transferred under this Act to the
173	173	11 Department, including, but not limited to, material in
174	174	12 electronic or magnetic format and necessary computer hardware
175	175	13 and software, shall be transferred to the Department.
176	176	14 (e) All unexpended appropriations and balances and other
177	177	15 funds available for use relating to dedicated units and
178	178	16 information technology functions transferred under this Act
179	179	17 shall be transferred for use by the Department at the
180	180	18 direction of the Governor. Unexpended balances so transferred
181	181	19 shall be expended only for the purpose for which the
182	182	20 appropriations were originally made.
183	183	21 (f) The powers, duties, rights, and responsibilities
184	184	22 relating to dedicated units and information technology
185	185	23 functions transferred by this Act shall be vested in and shall
186	186	24 be exercised by the Department.
187	187	25 (g) Whenever reports or notices are now required to be
188	188	26 made or given or papers or documents furnished or served by any
189	189
190	190
191	191
192	192
193	193
194	194	SB1542 - 4 - LRB104 09812 BDA 19879 b
195	195
196	196
197	197	SB1542- 5 -LRB104 09812 BDA 19879 b SB1542 - 5 - LRB104 09812 BDA 19879 b
198	198	SB1542 - 5 - LRB104 09812 BDA 19879 b
199	199	1 person to or upon each dedicated unit in connection with any of
200	200	2 the powers, duties, rights, and responsibilities relating to
201	201	3 information technology functions transferred by this Act, the
202	202	4 same shall be made, given, furnished, or served in the same
203	203	5 manner to or upon the Department.
204	204	6 (h) This Act does not affect any act done, ratified, or
205	205	7 canceled or any right occurring or established or any action
206	206	8 or proceeding had or commenced in an administrative, civil, or
207	207	9 criminal cause by each dedicated unit relating to information
208	208	10 technology functions before the transfer of responsibilities
209	209	11 under this Act; such actions or proceedings may be prosecuted
210	210	12 and continued by the Department.
211	211	13 (i) (Blank).
212	212	14 (j) (Blank).
213	213	15 (Source: P.A. 102-376, eff. 1-1-22.)
214	214	16 (20 ILCS 1370/1-15)
215	215	17 Sec. 1-15. Powers and duties.
216	216	18 (a) The head officer of the Department is the Secretary,
217	217	19 who shall be the chief information officer for the State and
218	218	20 the steward of State data with respect to those transferred
219	219	21 agencies under the jurisdiction of the Governor. The Secretary
220	220	22 shall be appointed by the Governor, with the advice and
221	221	23 consent of the Senate. The Department may employ or retain
222	222	24 other persons to assist in the discharge of its functions,
223	223	25 subject to the Personnel Code.
224	224
225	225
226	226
227	227
228	228
229	229	SB1542 - 5 - LRB104 09812 BDA 19879 b
230	230
231	231
232	232	SB1542- 6 -LRB104 09812 BDA 19879 b SB1542 - 6 - LRB104 09812 BDA 19879 b
233	233	SB1542 - 6 - LRB104 09812 BDA 19879 b
234	234	1 (b) The Department shall promote best-in-class innovation
235	235	2 and technology to transferred client agencies to foster
236	236	3 collaboration among client agencies, empower client agencies
237	237	4 to provide better service to residents of Illinois, and
238	238	5 maximize the value of taxpayer resources. The Department shall
239	239	6 be responsible for information technology functions on behalf
240	240	7 of transferred client agencies.
241	241	8 (c) When requested and when in the best interest of the
242	242	9 State, the The Department may shall provide for and assist
243	243	10 with coordinate information technology for non-transferred
244	244	11 State agencies, and, when requested and when in the best
245	245	12 interests of the State, for State constitutional offices,
246	246	13 units of federal or local governments, and public and
247	247	14 not-for-profit institutions of primary, secondary, and higher
248	248	15 education, or other parties not associated with State
249	249	16 government. The Department shall establish charges for
250	250	17 information technology for State agencies, and, when
251	251	18 requested, for State constitutional offices, units of federal
252	252	19 or local government, and public and not-for-profit
253	253	20 institutions of primary, secondary, or higher education and
254	254	21 for use by other parties not associated with State government
255	255	22 for any services requested or provided. Entities charged for
256	256	23 these services shall make payment to the Department. The
257	257	24 Department may instruct all State agencies to report their
258	258	25 usage of information technology regularly to the Department in
259	259	26 the manner the Secretary may prescribe.
260	260
261	261
262	262
263	263
264	264
265	265	SB1542 - 6 - LRB104 09812 BDA 19879 b
266	266
267	267
268	268	SB1542- 7 -LRB104 09812 BDA 19879 b SB1542 - 7 - LRB104 09812 BDA 19879 b
269	269	SB1542 - 7 - LRB104 09812 BDA 19879 b
270	270	1 (d) The Department shall establish principles develop and
271	271	2 implement standards for the protection of , policies, and
272	272	3 procedures to protect the security and interoperability of
273	273	4 State data with respect to State those agencies under the
274	274	5 jurisdiction of the Governor, including in particular data
275	275	6 that are confidential, sensitive, or protected from disclosure
276	276	7 by privacy or other laws, while recognizing and balancing the
277	277	8 need for collaboration and public transparency.
278	278	9 (e) The Department shall be responsible for providing the
279	279	10 Governor with timely, comprehensive, and meaningful
280	280	11 information pertinent to the formulation and execution of
281	281	12 fiscal policy. In performing this responsibility, the
282	282	13 Department shall have the power to do the following:
283	283	14 (1) Control the procurement, retention, installation,
284	284	15 maintenance, and operation, as specified by the
285	285	16 Department, of information technology equipment used by
286	286	17 State client agencies in such a manner as to achieve
287	287	18 maximum economy and provide appropriate assistance in the
288	288	19 development of information suitable for management
289	289	20 analysis.
290	290	21 (2) Establish principles and standards for the
291	291	22 implementation of information technology-related
292	292	23 reporting by State client agencies and priorities for
293	293	24 completion of research by those agencies in accordance
294	294	25 with the requirements for management analysis specified by
295	295	26 the Department. State agencies shall work with the
296	296
297	297
298	298
299	299
300	300
301	301	SB1542 - 7 - LRB104 09812 BDA 19879 b
302	302
303	303
304	304	SB1542- 8 -LRB104 09812 BDA 19879 b SB1542 - 8 - LRB104 09812 BDA 19879 b
305	305	SB1542 - 8 - LRB104 09812 BDA 19879 b
306	306	1 Department to follow the principles and standards
307	307	2 developed by the Department.
308	308	3 (3) Establish charges for information technology and
309	309	4 related services requested by transferred client agencies
310	310	5 and rendered by the Department. The Department is likewise
311	311	6 empowered to establish prices or charges for all
312	312	7 information technology reports purchased by State agencies
313	313	8 and governmental entities individuals not connected with
314	314	9 State government using the Department's services.
315	315	10 (4) Instruct all State client agencies to report
316	316	11 regularly to the Department, in the manner the Department
317	317	12 may prescribe, their usage of information technology, the
318	318	13 cost incurred, the information produced, and the
319	319	14 procedures followed in obtaining the information. All
320	320	15 State client agencies shall request from the Department
321	321	16 assistance and consultation in securing any necessary
322	322	17 information technology to support their requirements.
323	323	18 (5) Examine the accounts and information
324	324	19 technology-related data of any organization, body, or
325	325	20 agency receiving appropriations from the General Assembly,
326	326	21 except for a State constitutional office, the Office of
327	327	22 the Executive Inspector General, or any office of the
328	328	23 legislative or judicial branches of State government. For
329	329	24 a State constitutional office, the Office of the Executive
330	330	25 Inspector General, or any office of the legislative or
331	331	26 judicial branches of State government, the Department
332	332
333	333
334	334
335	335
336	336
337	337	SB1542 - 8 - LRB104 09812 BDA 19879 b
338	338
339	339
340	340	SB1542- 9 -LRB104 09812 BDA 19879 b SB1542 - 9 - LRB104 09812 BDA 19879 b
341	341	SB1542 - 9 - LRB104 09812 BDA 19879 b
342	342	1 shall have the power to examine the accounts and
343	343	2 information technology-related data of the State
344	344	3 constitutional office, the Office of the Executive
345	345	4 Inspector General, or any office of the legislative or
346	346	5 judicial branches of State government when requested by
347	347	6 those offices.
348	348	7 (6) Install and operate a modern information
349	349	8 technology system for State agencies using equipment
350	350	9 adequate to satisfy the requirements for analysis and
351	351	10 review as specified by the Department. Expenditures for
352	352	11 information technology and related services rendered shall
353	353	12 be reimbursed by the recipients. The reimbursement shall
354	354	13 be determined by the Department as amounts sufficient to
355	355	14 reimburse the Technology Management Revolving Fund for
356	356	15 expenditures incurred in rendering the services.
357	357	16 (f) In addition to the other powers and duties listed in
358	358	17 subsection (e), the Department shall analyze the present and
359	359	18 future aims, needs, and requirements of information
360	360	19 technology, research, and planning for State agencies in order
361	361	20 to provide for the formulation of overall policy relative to
362	362	21 the use of information technology and related equipment by the
363	363	22 State of Illinois. In making this analysis, the Department
364	364	23 shall formulate a master plan for information technology,
365	365	24 using information technology most advantageously, and advising
366	366	25 whether information technology should be leased or purchased
367	367	26 by the State. The Department shall prepare and submit interim
368	368
369	369
370	370
371	371
372	372
373	373	SB1542 - 9 - LRB104 09812 BDA 19879 b
374	374
375	375
376	376	SB1542- 10 -LRB104 09812 BDA 19879 b SB1542 - 10 - LRB104 09812 BDA 19879 b
377	377	SB1542 - 10 - LRB104 09812 BDA 19879 b
378	378	1 reports of meaningful developments and proposals for
379	379	2 legislation to the Governor on or before January 30 each year.
380	380	3 The Department shall engage in a continuing analysis and
381	381	4 evaluation of the master plan so developed, and it shall be the
382	382	5 responsibility of the Department to recommend from time to
383	383	6 time any needed amendments and modifications of any master
384	384	7 plan enacted by the General Assembly.
385	385	8 (g) The Department may make information technology and the
386	386	9 use of information technology available to units of local
387	387	10 government, elected State officials, State educational
388	388	11 institutions, the judicial branch, the legislative branch, and
389	389	12 all other governmental units of the State requesting them. The
390	390	13 Department shall establish prices and charges for the
391	391	14 information technology so furnished and for the use of the
392	392	15 information technology. The prices and charges shall be
393	393	16 sufficient to reimburse the cost of furnishing the services
394	394	17 and use of information technology.
395	395	18 (h) The Department may establish principles and standards
396	396	19 to provide consistency in the operation and use of information
397	397	20 technology by State agencies. State agencies shall work with
398	398	21 the Department to follow the principles and standards
399	399	22 developed by the Department.
400	400	23 (i) The Department may adopt rules under the Illinois
401	401	24 Administrative Procedure Act necessary to carry out its
402	402	25 responsibilities under this Act.
403	403	26 (Source: P.A. 102-376, eff. 1-1-22.)
404	404
405	405
406	406
407	407
408	408
409	409	SB1542 - 10 - LRB104 09812 BDA 19879 b
410	410
411	411
412	412	SB1542- 11 -LRB104 09812 BDA 19879 b SB1542 - 11 - LRB104 09812 BDA 19879 b
413	413	SB1542 - 11 - LRB104 09812 BDA 19879 b
414	414	1 (20 ILCS 1370/1-25)
415	415	2 Sec. 1-25. Charges for services; non-State funding. The
416	416	3 Department may establish charges for services rendered by the
417	417	4 Department to State client agencies from funds provided
418	418	5 directly to the State client agency by appropriation or
419	419	6 otherwise. In establishing charges, the Department shall
420	420	7 consult with State client agencies to make charges transparent
421	421	8 and clear and seek to minimize or avoid charges for costs for
422	422	9 which the Department has other funding sources available.
423	423	10 State Client agencies shall continue to apply for and
424	424	11 otherwise seek federal funds and other capital and operational
425	425	12 resources for technology for which the agencies are eligible
426	426	13 and, subject to compliance with applicable laws, regulations,
427	427	14 and grant terms, make those funds available for use by the
428	428	15 Department.
429	429	16 (Source: P.A. 102-870, eff. 1-1-23.)
430	430	17 (20 ILCS 1370/1-75 rep.)
431	431	18 Section 10. The Department of Innovation and Technology
432	432	19 Act is amended by repealing Section 1-75.
433	433	20 Section 15. The Illinois Information Security Improvement
434	434	21 Act is amended by changing Sections 5-5, 5-15, and 5-25 and by
435	435	22 adding Section 5-35 as follows:
436	436
437	437
438	438
439	439
440	440
441	441	SB1542 - 11 - LRB104 09812 BDA 19879 b
442	442
443	443
444	444	SB1542- 12 -LRB104 09812 BDA 19879 b SB1542 - 12 - LRB104 09812 BDA 19879 b
445	445	SB1542 - 12 - LRB104 09812 BDA 19879 b
446	446	1 (20 ILCS 1375/5-5)
447	447	2 Sec. 5-5. Definitions. As used in this Act:
448	448	3 "Critical information system" means any information system
449	449	4 (including any telecommunications system) used or operated by
450	450	5 a State agency or by a contractor of a State agency or other
451	451	6 organization or entity on behalf of a State agency: that
452	452	7 contains health insurance information, medical information, or
453	453	8 personal information as defined in the Personal Information
454	454	9 Protection Act; where the unauthorized disclosure,
455	455	10 modification, destruction of information in the information
456	456	11 system could be expected to have a serious, severe, or
457	457	12 catastrophic adverse effect on State agency operations,
458	458	13 assets, or individuals; or where the disruption of access to
459	459	14 or use of the information or information system could be
460	460	15 expected to have a serious, severe, or catastrophic adverse
461	461	16 effect on State operations, assets, or individuals.
462	462	17 "Department" means the Department of Innovation and
463	463	18 Technology.
464	464	19 "Information security" means protecting information and
465	465	20 information systems from unauthorized access, use, disclosure,
466	466	21 disruption, modification, or destruction in order to provide:
467	467	22 integrity, which means guarding against improper information
468	468	23 modification or destruction, and includes ensuring information
469	469	24 non-repudiation and authenticity; confidentiality, which means
470	470	25 preserving authorized restrictions on access and disclosure,
471	471	26 including means for protecting personal privacy and
472	472
473	473
474	474
475	475
476	476
477	477	SB1542 - 12 - LRB104 09812 BDA 19879 b
478	478
479	479
480	480	SB1542- 13 -LRB104 09812 BDA 19879 b SB1542 - 13 - LRB104 09812 BDA 19879 b
481	481	SB1542 - 13 - LRB104 09812 BDA 19879 b
482	482	1 proprietary information; and availability, which means
483	483	2 ensuring timely and reliable access to and use of information.
484	484	3 "Incident" means an occurrence that: actually or
485	485	4 imminently jeopardizes, without lawful authority, the
486	486	5 confidentiality, integrity, or availability of information or
487	487	6 an information system; or constitutes a violation or imminent
488	488	7 threat of violation of law, security policies, security
489	489	8 procedures, or acceptable use policies or standard security
490	490	9 practices.
491	491	10 "Information system" means a discrete set of information
492	492	11 resources organized for the collection, processing,
493	493	12 maintenance, use, sharing, dissemination, or disposition of
494	494	13 information created or maintained by or for the State of
495	495	14 Illinois.
496	496	15 "Office" means the Office of the Statewide Chief
497	497	16 Information Security Officer.
498	498	17 "Secretary" means the Secretary of Innovation and
499	499	18 Technology.
500	500	19 "Security controls" means the management, operational, and
501	501	20 technical controls (including safeguards and countermeasures)
502	502	21 for an information system that protect the confidentiality,
503	503	22 integrity, and availability of the system and its information.
504	504	23 "State agency" means any State agency, department, board,
505	505	24 and commission under the jurisdiction of the Governor to which
506	506	25 the Department provides services.
507	507	26 (Source: P.A. 100-611, eff. 7-20-18.)
508	508
509	509
510	510
511	511
512	512
513	513	SB1542 - 13 - LRB104 09812 BDA 19879 b
514	514
515	515
516	516	SB1542- 14 -LRB104 09812 BDA 19879 b SB1542 - 14 - LRB104 09812 BDA 19879 b
517	517	SB1542 - 14 - LRB104 09812 BDA 19879 b
518	518	1 (20 ILCS 1375/5-15)
519	519	2 Sec. 5-15. Office of the Statewide Chief Information
520	520	3 Security Officer.
521	521	4 (a) The Office of the Statewide Chief Information Security
522	522	5 Officer is established within the Department of Innovation and
523	523	6 Technology. The Office is directly subordinate to the
524	524	7 Secretary of Innovation and Technology.
525	525	8 (b) The Office shall:
526	526	9 (1) serve as the strategic planning, facilitation, and
527	527	10 coordination office for information technology security in
528	528	11 this State and as the lead and central coordinating entity
529	529	12 to guide and oversee the information security functions of
530	530	13 State agencies;
531	531	14 (2) provide information security services to support
532	532	15 the secure delivery of State agency services that utilize
533	533	16 information systems and to assist State agencies with
534	534	17 fulfilling their responsibilities under this Act;
535	535	18 (3) conduct information and cybersecurity strategic,
536	536	19 operational, and resource planning and facilitating an
537	537	20 effective enterprise information security architecture
538	538	21 capable of protecting the State;
539	539	22 (4) identify information security risks to each State
540	540	23 agency, to third-party providers, and to key supply chain
541	541	24 partners, including an assessment of the extent to which
542	542	25 information resources or processes are vulnerable to
543	543
544	544
545	545
546	546
547	547
548	548	SB1542 - 14 - LRB104 09812 BDA 19879 b
549	549
550	550
551	551	SB1542- 15 -LRB104 09812 BDA 19879 b SB1542 - 15 - LRB104 09812 BDA 19879 b
552	552	SB1542 - 15 - LRB104 09812 BDA 19879 b
553	553	1 unauthorized access or harm, including the extent to which
554	554	2 the State agency's or contractor's electronically stored
555	555	3 information is vulnerable to unauthorized access, use,
556	556	4 disclosure, disruption, modification, or destruction, and
557	557	5 recommend risk mitigation strategies, methods, and
558	558	6 procedures to reduce those risks. These assessments shall
559	559	7 also include, but not be limited to, assessments of
560	560	8 information systems, computers, printers, software,
561	561	9 computer networks, interfaces to computer systems, mobile
562	562	10 and peripheral device sensors, and other devices or
563	563	11 systems which access the State's network, computer
564	564	12 software, and information processing or operational
565	565	13 procedures of the State agency or of a contractor of the
566	566	14 State agency.
567	567	15 (5) manage the response to information security and
568	568	16 information security incidents involving State agency
569	569	17 State of Illinois information systems and ensure the
570	570	18 completeness of information system security plans for
571	571	19 critical information systems;
572	572	20 (6) conduct pre-deployment information security
573	573	21 assessments for critical information systems and submit
574	574	22 findings and recommendations to the Secretary and State
575	575	23 agency heads;
576	576	24 (7) develop and conduct targeted operational
577	577	25 evaluations, including threat and vulnerability
578	578	26 assessments on State agency information systems;
579	579
580	580
581	581
582	582
583	583
584	584	SB1542 - 15 - LRB104 09812 BDA 19879 b
585	585
586	586
587	587	SB1542- 16 -LRB104 09812 BDA 19879 b SB1542 - 16 - LRB104 09812 BDA 19879 b
588	588	SB1542 - 16 - LRB104 09812 BDA 19879 b
589	589	1 (8) monitor and report compliance of each State
590	590	2 agency's compliance agency with State information security
591	591	3 policies, standards, and procedures;
592	592	4 (9) coordinate statewide information security
593	593	5 awareness and training programs; and
594	594	6 (10) develop and execute other strategies as necessary
595	595	7 to protect State agency's this State's information
596	596	8 technology infrastructure and the data stored on or
597	597	9 transmitted by such infrastructure.
598	598	10 (c) The Office may temporarily suspend operation of an
599	599	11 information system or information technology infrastructure
600	600	12 that is owned, leased, outsourced, or shared by one or more
601	601	13 State agencies in order to isolate the source of, or stop the
602	602	14 spread of, an information security breach or other similar
603	603	15 information security incident. State agencies shall comply
604	604	16 with directives to temporarily discontinue or suspend
605	605	17 operations of information systems or information technology
606	606	18 infrastructure.
607	607	19 (Source: P.A. 100-611, eff. 7-20-18.)
608	608	20 (20 ILCS 1375/5-25)
609	609	21 Sec. 5-25. Responsibilities.
610	610	22 (a) The Secretary shall:
611	611	23 (1) appoint a Statewide Chief Information Security
612	612	24 Officer pursuant to Section 5-20;
613	613	25 (2) provide the Office with the staffing and resources
614	614
615	615
616	616
617	617
618	618
619	619	SB1542 - 16 - LRB104 09812 BDA 19879 b
620	620
621	621
622	622	SB1542- 17 -LRB104 09812 BDA 19879 b SB1542 - 17 - LRB104 09812 BDA 19879 b
623	623	SB1542 - 17 - LRB104 09812 BDA 19879 b
624	624	1 deemed necessary by the Secretary to fulfill the
625	625	2 responsibilities of the Office;
626	626	3 (3) oversee statewide information security policies
627	627	4 and practices for State agencies, including:
628	628	5 (A) directing and overseeing the development,
629	629	6 implementation, and communication of statewide
630	630	7 information security policies, standards, and
631	631	8 guidelines;
632	632	9 (B) overseeing the education of State agency
633	633	10 personnel regarding the requirement to identify and
634	634	11 provide information security protections commensurate
635	635	12 with the risk and magnitude of the harm resulting from
636	636	13 the unauthorized access, use, disclosure, disruption,
637	637	14 modification, or destruction of information in a
638	638	15 critical information system;
639	639	16 (C) overseeing the development and implementation
640	640	17 of a statewide information security risk management
641	641	18 program;
642	642	19 (D) overseeing State agency compliance with the
643	643	20 requirements of this Section;
644	644	21 (E) coordinating Information Security policies and
645	645	22 practices with related information and personnel
646	646	23 resources management policies and procedures; and
647	647	24 (F) providing an effective and efficient process
648	648	25 to assist State agencies with complying with the
649	649	26 requirements of this Act; and
650	650
651	651
652	652
653	653
654	654
655	655	SB1542 - 17 - LRB104 09812 BDA 19879 b
656	656
657	657
658	658	SB1542- 18 -LRB104 09812 BDA 19879 b SB1542 - 18 - LRB104 09812 BDA 19879 b
659	659	SB1542 - 18 - LRB104 09812 BDA 19879 b
660	660	1 (4) subject to appropriation, establish a
661	661	2 cybersecurity liaison program to advise and assist units
662	662	3 of local government in identifying cyber threats,
663	663	4 performing risk assessments, sharing best practices, and
664	664	5 responding to cyber incidents.
665	665	6 (b) The Statewide Chief Information Security Officer
666	666	7 shall:
667	667	8 (1) serve as the head of the Office and ensure the
668	668	9 execution of the responsibilities of the Office as set
669	669	10 forth in subsection (c) of Section 5-15, the Statewide
670	670	11 Chief Information Security Officer shall also oversee
671	671	12 State agency personnel with significant responsibilities
672	672	13 for information security and ensure a competent workforce
673	673	14 that keeps pace with the changing information security
674	674	15 environment;
675	675	16 (2) develop and recommend information security
676	676	17 policies, standards, procedures, and guidelines to the
677	677	18 Secretary for statewide adoption and monitor compliance
678	678	19 with these policies, standards, guidelines, and procedures
679	679	20 through periodic testing;
680	680	21 (3) develop and maintain risk-based, cost-effective
681	681	22 information security programs and control techniques to
682	682	23 address all applicable security and compliance
683	683	24 requirements throughout the life cycle of State agency
684	684	25 information systems;
685	685	26 (4) establish the procedures, processes, and
686	686
687	687
688	688
689	689
690	690
691	691	SB1542 - 18 - LRB104 09812 BDA 19879 b
692	692
693	693
694	694	SB1542- 19 -LRB104 09812 BDA 19879 b SB1542 - 19 - LRB104 09812 BDA 19879 b
695	695	SB1542 - 19 - LRB104 09812 BDA 19879 b
696	696	1 technologies for State agencies to rapidly and effectively
697	697	2 identify threats, risks, and vulnerabilities to State
698	698	3 information systems, and ensure the prioritization of the
699	699	4 remediation of vulnerabilities that pose risk to the
700	700	5 State;
701	701	6 (5) develop and implement capabilities and procedures
702	702	7 for detecting, reporting, and responding to information
703	703	8 security incidents;
704	704	9 (6) establish and direct a statewide information
705	705	10 security risk management program to identify information
706	706	11 security risks in State agencies and deploy risk
707	707	12 mitigation strategies, processes, and procedures;
708	708	13 (7) establish the State's capability to sufficiently
709	709	14 protect the security of data through effective information
710	710	15 system security planning, secure system development,
711	711	16 acquisition, and deployment, the application of protective
712	712	17 technologies and information system certification,
713	713	18 accreditation, and assessments;
714	714	19 (8) ensure that State agency personnel, including
715	715	20 contractors, are appropriately screened and receive
716	716	21 information security awareness training;
717	717	22 (9) convene meetings with State agency heads and other
718	718	23 State officials to help ensure:
719	719	24 (A) the ongoing communication of risk and risk
720	720	25 reduction strategies,
721	721	26 (B) effective implementation of information
722	722
723	723
724	724
725	725
726	726
727	727	SB1542 - 19 - LRB104 09812 BDA 19879 b
728	728
729	729
730	730	SB1542- 20 -LRB104 09812 BDA 19879 b SB1542 - 20 - LRB104 09812 BDA 19879 b
731	731	SB1542 - 20 - LRB104 09812 BDA 19879 b
732	732	1 security policies and practices, and
733	733	2 (C) the incorporation of and compliance with
734	734	3 information security policies, standards, and
735	735	4 guidelines into the policies and procedures of the
736	736	5 State agencies;
737	737	6 (10) provide operational and technical assistance to
738	738	7 State agencies in implementing policies, principles,
739	739	8 standards, and guidelines on information security,
740	740	9 including implementation of standards promulgated under
741	741	10 subparagraph (A) of paragraph (3) of subsection (a) of
742	742	11 this Section, and provide assistance and effective and
743	743	12 efficient means for State agencies to comply with the
744	744	13 State agency requirements under this Act;
745	745	14 (11) in coordination and consultation with the
746	746	15 Secretary and the Governor's Office of Management and
747	747	16 Budget, review State agency budget requests related to
748	748	17 Information Security systems and provide recommendations
749	749	18 to the Governor's Office of Management and Budget;
750	750	19 (12) ensure the preparation and maintenance of plans
751	751	20 and procedures to provide cyber resilience and continuity
752	752	21 of operations for critical information systems that
753	753	22 support the operations of the State; and
754	754	23 (13) take such other actions as the Secretary may
755	755	24 direct.
756	756	25 (Source: P.A. 101-81, eff. 7-12-19; 102-753, eff. 1-1-23.)
757	757
758	758
759	759
760	760
761	761
762	762	SB1542 - 20 - LRB104 09812 BDA 19879 b
763	763
764	764
765	765	SB1542- 21 -LRB104 09812 BDA 19879 b SB1542 - 21 - LRB104 09812 BDA 19879 b
766	766	SB1542 - 21 - LRB104 09812 BDA 19879 b
767	767
768	768
769	769
770	770
771	771
772	772	SB1542 - 21 - LRB104 09812 BDA 19879 b