UNOFFICIAL COPY 22 RS BR 1340
Page 1 of 5
XXXX Jacketed
AN ACT relating to the state geographic information clearinghouse. 1
Be it enacted by the General Assembly of the Commonwealth of Kentucky: 2
ď˘Section 1. KRS 42.726 is amended to read as follows: 3
(1) The Commonwealth Office of Technology shall be the lead organizational entity 4
within the executive branch regarding delivery of information technology services, 5
including application development and delivery, and shall serve as the single 6
information technology authority for the Commonwealth. 7
(2) The roles and duties of the Commonwealth Office of Technology shall include but 8
not be limited to: 9
(a) Providing technical support and services to all executive agencies of state 10
government in the application of information technology; 11
(b) Assuring compatibility and connectivity of Kentucky's information systems; 12
(c) Developing strategies and policies to support and promote the effective 13
applications of information technology within state government as a means of 14
saving money, increasing employee productivity, and improving state services 15
to the public, including electronic public access to information of the 16
Commonwealth; 17
(d) Developing, implementing, and managing strategic information technology 18
directions, standards, and enterprise architecture, including implementing 19
necessary management processes to assure full compliance with those 20
directions, standards, and architecture; 21
(e) Promoting effective and efficient design and operation of all major 22
information resources management processes for executive branch agencies, 23
including improvements to work processes; 24
(f) Developing, implementing, and maintaining the technology infrastructure of 25
the Commonwealth and all related support staff, planning, administration, 26
asset management, and procurement for all executive branch cabinets and 27 UNOFFICIAL COPY 22 RS BR 1340
Page 2 of 5
XXXX Jacketed
agencies except: 1
1. Agencies led by a statewide elected official; 2
2. The nine (9) public institutions of postsecondary education; 3
3. The Department of Education's services provided to local school 4
districts; 5
4. The Kentucky Retirement Systems, the County Employees Retirement 6
System, the Kentucky Public Pensions Authority, and the Teachers' 7
Retirement System; 8
5. The Kentucky Housing Corporation; 9
6. The Kentucky Lottery Corporation; 10
7. The Kentucky Higher Education Student Loan Corporation; and 11
8. The Kentucky Higher Education Assistance Authority; 12
(g) Facilitating and fostering applied research in emerging technologies that offer 13
the Commonwealth innovative business solutions; 14
(h) Reviewing and overseeing large or complex information technology projects 15
and systems for compliance with statewide strategies, policies, and standards, 16
including alignment with the Commonwealth's business goals, investment, 17
and other risk management policies. The executive director is authorized to 18
grant or withhold approval to initiate these projects; 19
(i) Integrating information technology resources to provide effective and 20
supportable information technology applications in the Commonwealth; 21
(j) Establishing the[a] central statewide geographic information clearinghouse to 22
maintain map inventories, information on current and planned geographic 23
information systems applications, information on grants available for the 24
acquisition or enhancement of geographic information resources, and a 25
directory of geographic information resources available within the state or 26
from the federal government; 27 UNOFFICIAL COPY 22 RS BR 1340
Page 3 of 5
XXXX Jacketed
(k) Coordinating multiagency information technology projects, including 1
overseeing the development and maintenance of statewide base maps and 2
geographic information systems; 3
(l) Providing access to both consulting and technical assistance, and education 4
and training, on the application and use of information technologies to state 5
and local agencies; 6
(m) In cooperation with other agencies, evaluating, participating in pilot studies, 7
and making recommendations on information technology hardware and 8
software; 9
(n) Providing staff support and technical assistance to the Geographic Information 10
Advisory Council and the Kentucky Information Technology Advisory 11
Council; 12
(o) Overseeing the development of a statewide geographic information plan with 13
input from the Geographic Information Advisory Council; 14
(p) Developing for state executive branch agencies a coordinated security 15
framework and model governance structure relating to the privacy and 16
confidentiality of personal information collected and stored by state executive 17
branch agencies, including but not limited to: 18
1. Identification of key infrastructure components and how to secure them; 19
2. Establishment of a common benchmark that measures the effectiveness 20
of security, including continuous monitoring and automation of 21
defenses; 22
3. Implementation of vulnerability scanning and other security 23
assessments; 24
4. Provision of training, orientation programs, and other communications 25
that increase awareness of the importance of security among agency 26
employees responsible for personal information; and 27 UNOFFICIAL COPY 22 RS BR 1340
Page 4 of 5
XXXX Jacketed
5. Development of and making available a cyber security incident response 1
plan and procedure; and 2
(q) Preparing proposed legislation and funding proposals for the General 3
Assembly that will further solidify coordination and expedite implementation 4
of information technology systems. 5
(3) The Commonwealth Office of Technology may: 6
(a) Provide general consulting services, technical training, and support for generic 7
software applications, upon request from a local government, if the executive 8
director finds that the requested services can be rendered within the 9
established terms of the federally approved cost allocation plan; 10
(b) Promulgate administrative regulations in accordance with KRS Chapter 13A 11
necessary for the implementation of KRS 42.720 to 42.742, 45.253, 171.420, 12
186A.040, and 186A.285; 13
(c) Solicit, receive, and consider proposals from any state agency, federal agency, 14
local government, university, nonprofit organization, private person, or 15
corporation; 16
(d) Solicit and accept money by grant, gift, donation, bequest, legislative 17
appropriation, or other conveyance to be held, used, and applied in accordance 18
with KRS 42.720 to 42.742, 45.253, 171.420, 186A.040, and 186A.285; 19
(e) Make and enter into memoranda of agreement and contracts necessary or 20
incidental to the performance of duties and execution of its powers, including, 21
but not limited to, agreements or contracts with the United States, other state 22
agencies, and any governmental subdivision of the Commonwealth; 23
(f) Accept grants from the United States government and its agencies and 24
instrumentalities, and from any source, other than any person, firm, or 25
corporation, or any director, officer, or agent thereof that manufactures or sells 26
information resources technology equipment, goods, or services. To these 27 UNOFFICIAL COPY 22 RS BR 1340
Page 5 of 5
XXXX Jacketed
ends, the Commonwealth Office of Technology shall have the power to 1
comply with those conditions and execute those agreements that are 2
necessary, convenient, or desirable; and 3
(g) Purchase interest in contractual services, rentals of all types, supplies, 4
materials, equipment, and other services to be used in the research and 5
development of beneficial applications of information resources technologies. 6
Competitive bids may not be required for: 7
1. New and emerging technologies as approved by the executive director or 8
her or his designee; or 9
2. Related professional, technical, or scientific services, but contracts shall 10
be submitted in accordance with KRS 45A.690 to 45A.725. 11
(4) Nothing in this section shall be construed to alter or diminish the provisions of KRS 12
171.410 to 171.740 or the authority conveyed by these statutes to the Archives and 13
Records Commission and the Department for Libraries and Archives. 14
(5) The Commonwealth Office of Technology shall, on or before October 1 of each 15
year, submit to the Legislative Research Commission a report in accordance with 16
KRS 57.390 detailing: 17
(a) Any security breaches that occurred within organizational units of the 18
executive branch of state government during the prior fiscal year that required 19
notification to the Commonwealth Office of Technology under KRS 61.932; 20
(b) Actions taken to resolve the security breach, and to prevent additional security 21
breaches in the future; 22
(c) A general description of what actions are taken as a matter of course to protect 23
personal data from security breaches; and 24
(d) Any quantifiable financial impact to the agency reporting a security breach. 25