Florida Statutes 282.206 – Cloud-first policy in state agencies
Current as of: 2024 | Check for updates
|
Other versions
Terms Used In Florida Statutes 282.206
- Cybersecurity: means the protection afforded to an automated information system in order to attain the applicable objectives of preserving the confidentiality, integrity, and availability of data, information, and information technology resources. See Florida Statutes 282.0041
- Data: means a subset of structured information in a format that allows such information to be electronically retrieved and transmitted. See Florida Statutes 282.0041
- Department: means the Department of Management Services. See Florida Statutes 282.0041
- Standards: means required practices, controls, components, or configurations established by an authority. See Florida Statutes 282.0041
- State agency: means any official, officer, commission, board, authority, council, committee, or department of the executive branch of state government; the Justice Administrative Commission; and the Public Service Commission. See Florida Statutes 282.0041
(1) The Legislature finds that the most efficient and effective means of providing quality data processing services is through the use of cloud computing. It is the intent of the Legislature that each state agency adopt a cloud-first policy that first considers cloud-computing solutions in its technology sourcing strategy for technology initiatives or upgrades whenever possible and feasible.
(2) In its procurement process, each state agency shall show a preference for cloud-computing solutions that either minimize or do not require the use of state data center infrastructure when cloud-computing solutions meet the needs of the agency, reduce costs, and meet or exceed the applicable state and federal laws, regulations, and standards for cybersecurity.
(3) Each state agency shall adopt formal procedures for the evaluation of cloud-computing options for existing applications, technology initiatives, or upgrades.
(4) Each state agency shall develop a strategic plan to be updated annually to address its inventory of applications located at the state data center. Each agency shall submit the plan by October 15 of each year to the Office of Policy and Budget in the Executive Office of the Governor and the chairs of the legislative appropriations committees. For each application, the plan must identify and document the readiness, appropriate strategy, and high-level timeline for transition to a cloud-computing service based on the application’s quality, cost, and resource requirements. This information must be used to assist the state data center in making adjustments to its service offerings.
(5) Each state agency customer of the state data center shall notify the state data center by May 31 and November 30 annually of any significant changes in its anticipated utilization of state data center services pursuant to requirements established by the state data center.
(6) Unless authorized by the Legislature, the Department of Law Enforcement, as the state’s lead Criminal Justice Information Services Systems Agency, may not impose more stringent protection measures than outlined in the federal Criminal Justice Information Services Security Policy relating to the use of cloud-computing services.