Texas 2023 - 88th Regular

Texas House Bill HB3217 Compare Versions

Version 1 (Old)

Version 2 (New)

Old	New	Differences
1	1	88R12618 CXP-D
2	2	By: Lujan H.B. No. 3217
3	3
4	4
5	5	A BILL TO BE ENTITLED
6	6	AN ACT
7	7	relating to a biennial audit by the Department of Information
8	8	Resources of state agency information technology infrastructure.
9	9	BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF TEXAS:
10	10	SECTION 1. The heading to Section 2054.068, Government
11	11	Code, is amended to read as follows:
12	12	Sec. 2054.068. INFORMATION TECHNOLOGY INFRASTRUCTURE AUDIT
13	13	AND REPORT.
14	14	SECTION 2. Sections 2054.068(b), (c), (d), and (e),
15	15	Government Code, are amended to read as follows:
16	16	(b) The department shall conduct a biennial audit of
17	17	[collect from each state agency information on] the status and
18	18	condition of each state [the] agency's information technology
19	19	infrastructure, including a review of [information regarding]:
20	20	(1) the agency's:
21	21	(A) information security program, including any
22	22	information technology security measures used by the agency;
23	23	(B) hardware, including [(2)] an inventory of the
24	24	agency's servers, mainframes, cloud services, and other
25	25	information technology equipment;
26	26	(C) [(3) identification of] vendors that operate
27	27	and manage the agency's information technology infrastructure;
28	28	(D) software and licenses, including:
29	29	(i) purchase date and cost;
30	30	(ii) license length;
31	31	(iii) date of last use; and
32	32	(iv) the purpose of the software or
33	33	license;
34	34	(E) information technology governance policies;
35	35	(F) cloud services;
36	36	(G) vendor-managed services;
37	37	(H) support services and the cost of those
38	38	services;
39	39	(I) network systems;
40	40	(J) digital data storage systems and security
41	41	measures;
42	42	(K) future information technology projects; and
43	43	(L) information technology needs;
44	44	(2) any information technology issues reported by the
45	45	public; and
46	46	(3) [(4)] any additional related issue [information
47	47	requested by] the department considers necessary.
48	48	(c) A state agency shall provide to the department:
49	49	(1) [the] information related to the subjects
50	50	described [required] by Subsection (b) [to the department]
51	51	according to a schedule determined by the department; and
52	52	(2) access to the state agency's information
53	53	technology infrastructure.
54	54	(d) Not later than December 1 [November 15] of each
55	55	even-numbered year, the department shall submit to the governor,
56	56	chair of the house appropriations committee, chair of the senate
57	57	finance committee, speaker of the house of representatives,
58	58	lieutenant governor, and staff of the Legislative Budget Board a
59	59	consolidated report on the audits conducted [of the information
60	60	submitted by state agencies] under Subsection (b).
61	61	(e) The consolidated report required by Subsection (d) must
62	62	include:
63	63	(1) [include] an analysis and assessment of each state
64	64	agency's security and operational risks; [and]
65	65	(2) for a state agency found to be at higher security
66	66	and operational risks, [include] a detailed analysis of agency
67	67	efforts to address the risks and related vulnerabilities;
68	68	(3) the information submitted by state agencies under
69	69	Subsection (c);
70	70	(4) the department's recommendations relating to the
71	71	state agency's information technology infrastructure; and
72	72	(5) a ranking of each state agency based on the
73	73	efficacy and ease of use of the agency's information technology
74	74	infrastructure.
75	75	SECTION 3. This Act takes effect September 1, 2023.