Iowa Code r. 129-8.2 - Purpose and applicability

(1) Purpose. The office is created for the purpose of leading, directing, managing, coordinating, and providing accountability for the information technology resources of state government. In furtherance of this role, the office is, among other things, required or authorized to:

a. Develop and implement an information strategic plan for the enterprise.

b. Establish an enterprise strategic and project management function for oversight of all information technology-related projects and resources of participating agencies. In exercising this power and duty, the office will endeavor to collaborate and coordinate with participating agencies to the maximum extent possible.

c. Develop information technology governance requirements that apply to participating agencies, including but not limited to:

(1) Standards of or related to cybersecurity, geospatial systems, application development, and information technology and procurement, including but not limited to system design and systems integration, and interoperability.

(2) Policies of or related to security to ensure the integrity of the state's information resources and to prevent the disclosure of confidential records, while still fostering transparency and data sharing.

(3) Statewide standards for information technology security to maximize the functionality, security, and interoperability of the state's distributed information technology assets, including but not limited to communications and encryption technologies.

(4) Standards for the implementation of electronic commerce, including standards for electronic signatures, electronic currency, and other items associated with electronic commerce.

(5) Guidelines for the appearance and functioning of applications.

(6) Standards for the integration of electronic data across state agencies.

(7) Standards, policies, and procedures of or applicable to the procurement of information technology.

d. Require all information technology security services, solutions, hardware, and software purchased or used by a participating agency to be subject to approval by the office in accordance with security standards. In exercising this power and duty, the office will endeavor to collaborate and coordinate with participating agencies to the maximum extent possible.

e. Develop and implement effective and efficient strategies for the use and provision of information technology and information technology staff for participating agencies and other governmental entities.

f. Manage and oversee the Iow Access program.

This chapter outlines the office's process for achieving such objectives with appropriate stakeholder input, including the process by which the office establishes information technology governance requirements; related assessment and enforcement processes and procedures; and a uniform process for the granting of information technology waivers requested by a participating agency from such information technology governance requirements.

(2) Applicability.

a. Information technology governance requirements established by the office, unless waived in accordance with the waiver process set forth herein, shall apply to all participating agencies.

b. The office of the governor and the offices of elective constitutional or statutory officers are not required to comply with information technology governance requirements established by the office. However, as required by Iowa Code section 8B.23, they must:

(1) Consider the information technology governance requirements adopted by the office; and

(2) In the case of any acquisition of information technology, consult with the office prior to making any such acquisition and provide a written report to the office relating to any decision regarding such acquisitions.

Notes

Iowa Code r. 129-8.2

ARC 4824C, IAB 12/18/19, effective 1/22/20

Adopted by IAB December 18, 2019/Volume XLII, Number 13, effective 1/22/2020