Kentucky Statutes 42.726 – Roles, duties, and permissible activities for Commonwealth Office of Technology — Duties of Archives and Records Commission and Department for Libraries and Archives not affected — Annual report concerning security breaches
Current as of: 2024 | Check for updates
|
Other versions
(1) The Commonwealth Office of Technology shall be the lead organizational entity within the executive branch regarding delivery of information technology services, including application development and delivery, and shall serve as the single information technology authority for the Commonwealth.
(2) The roles and duties of the Commonwealth Office of Technology shall include but not be limited to:
(a) Providing technical support and services to all executive agencies of state government in the application of information technology;
(b) Assuring compatibility and connectivity of Kentucky’s information systems;
(c) Developing strategies and policies to support and promote the effective applications of information technology within state government as a means of saving money, increasing employee productivity, and improving state services to the public, including electronic public access to information of the Commonwealth;
(d) Developing, implementing, and managing strategic information technology directions, standards, and enterprise architecture, including implementing necessary management processes to ensure full compliance with those directions, standards, and architecture;
(e) Promoting effective and efficient design and operation of all major information resources management processes for executive branch agencies, including improvements to work processes;
(f) Developing, implementing, and maintaining the technology infrastructure of the Commonwealth and all related support staff, planning, administration, asset management, and procurement for all executive branch cabinets and agencies except:
1. Agencies led by a statewide elected official;
2. The nine (9) public institutions of postsecondary education;
3. The Department of Education’s services provided to local school districts;
4. The Kentucky Retirement Systems, the County Employees Retirement System, the Kentucky Public Pensions Authority, and the Teachers’ Retirement System;
5. The Kentucky Housing Corporation;
6. The Kentucky Lottery Corporation;
7. The Kentucky Higher Education Student Loan Corporation; and
8. The Kentucky Higher Education Assistance Authority;
(g) Facilitating and fostering applied research in emerging technologies that offer
the Commonwealth innovative business solutions;
(h) Reviewing and overseeing large or complex information technology projects and systems for compliance with statewide strategies, policies, and standards, including alignment with the Commonwealth’s business goals, investment, and other risk management policies. The executive director is authorized to grant or withhold approval to initiate these projects;
(i) Integrating information technology resources to provide effective and supportable information technology applications in the Commonwealth;
(j) Establishing the central statewide geographic information clearinghouse to maintain map inventories, information on current and planned geographic information systems applications, information on grants available for the acquisition or enhancement of geographic information resources, and a directory of geographic information resources available within the state or from the federal government;
(k) Coordinating multiagency information technology projects, including overseeing the development and maintenance of statewide base maps and geographic information systems;
(l) Providing access to both consulting and technical assistance, and education and training, on the application and use of information technologies to state and local agencies;
(m) In cooperation with other agencies, evaluating, participating in pilot studies, and making recommendations on information technology hardware and software;
(n) Providing staff support and technical assistance to the Geographic Information Advisory Council and the Kentucky Information Technology Advisory Council;
(o) Overseeing the development of a statewide geographic information plan with input from the Geographic Information Advisory Council;
(p) Developing for state executive branch agencies a coordinated security framework and model governance structure relating to the privacy and confidentiality of personal information collected and stored by state executive branch agencies, including but not limited to:
1. Identification of key infrastructure components and how to secure them;
2. Establishment of a common benchmark that measures the effectiveness of security, including continuous monitoring and automation of defenses;
3. Implementation of vulnerability scanning and other security assessments;
4. Provision of training, orientation programs, and other communications that increase awareness of the importance of security among agency employees responsible for personal information; and
5. Development of and making available a cyber security incident response
plan and procedure; and
(q) Preparing proposed legislation and funding proposals for the General Assembly that will further solidify coordination and expedite implementation of information technology systems.
(3) The Commonwealth Office of Technology may:
(a) Provide general consulting services, technical training, and support for generic software applications, upon request from a local government, if the executive director finds that the requested services can be rendered within the established terms of the federally approved cost allocation plan;
(b) Promulgate administrative regulations in accordance with KRS Chapter 13A
necessary for the implementation of KRS § 42.720 to KRS § 42.742, 45.253, 171.420,
186A.040, and 186A.285;
(c) Solicit, receive, and consider proposals from any state agency, federal agency, local government, university, nonprofit organization, private person, or corporation;
(d) Solicit and accept money by grant, gift, donation, bequest, legislative appropriation, or other conveyance to be held, used, and applied in accordance with KRS § 42.720 to KRS § 42.742, 45.253, 171.420, 186A.040, and 186A.285;
(e) Make and enter into memoranda of agreement and contracts necessary or incidental to the performance of duties and execution of its powers, including but not limited to agreements or contracts with the United States, other state agencies, and any governmental subdivision of the Commonwealth;
(f) Accept grants from the United States government and its agencies and instrumentalities, and from any source, other than any person, firm, or corporation, or any director, officer, or agent thereof that manufactures or sells information resources technology equipment, goods, or services. To these ends, the Commonwealth Office of Technology shall have the power to comply with those conditions and execute those agreements that are necessary, convenient, or desirable; and
(g) Purchase interest in contractual services, rentals of all types, supplies, materials, equipment, and other services to be used in the research and development of beneficial applications of information resources technologies. Competitive bids may not be required for:
1. New and emerging technologies as approved by the executive director or her or his designee; or
2. Related professional, technical, or scientific services, but contracts shall be submitted in accordance with KRS § 45A.690 to KRS § 45A.725.
(4) Nothing in this section shall be construed to alter or diminish the provisions of KRS
171.410 to 171.740 or the authority conveyed by these statutes to the Archives and
Records Commission and the Department for Libraries and Archives.
(5) The Commonwealth Office of Technology shall, on or before October 1 of each year, submit to the Legislative Research Commission a report in accordance with KRS § 57.390 detailing:
(a) Any security breaches that occurred within organizational units of the executive branch of state government during the prior fiscal year that required notification to the Commonwealth Office of Technology under KRS § 61.932;
(b) Actions taken to resolve the security breach, and to prevent additional security breaches in the future;
(c) A general description of what actions are taken as a matter of course to protect personal data from security breaches; and
(d) Any quantifiable financial impact to the agency reporting a security breach.
Effective: July 14, 2022
History: Amended 2022 Ky. Acts ch. 229, sec. 3, effective July 14, 2022. — Amended
2020 Ky. Acts ch. 36, sec. 3, effective July 15, 2020; and ch. 79, sec. 16, effective April 1, 2021. — Amended 2018 Ky. Acts ch. 78, sec. 3, effective July 14, 2018. — Amended 2014 Ky. Acts ch. 74, sec. 6, effective January 1, 2015; ch. 89, sec. 11, effective July 15, 2014; and ch. 138, sec. 4, effective July 15, 2014. — Amended
2012 Ky. Acts ch. 69, sec. 9, effective July 12, 2012. — Repealed, reenacted, and amended 2009 Ky. Acts ch. 12, sec. 5, effective June 25, 2009. — Amended 2006 Ky. Acts ch. 193, sec. 10, effective July 12, 2006. — Amended 2005 Ky. Acts ch. 85, sec.
30, effective June 20, 2005; and ch. 99, sec. 4, effective June 20, 2005. — Created
2000 Ky. Acts ch. 506, sec. 4, effective July 14, 2000; and ch. 536, sec. 4, effective
July 14, 2000.
Formerly codified as KRS § 11.507.
Legislative Research Commission Note (1/1/2015). 2014 Ky. Acts ch. 74, sec. 10 provided that “the provisions of this Act shall not impact the provisions of KRS
61.870 to 61.884.” That proviso applies to this statute as amended in Section 6 of that Act.
(2) The roles and duties of the Commonwealth Office of Technology shall include but not be limited to:
Terms Used In Kentucky Statutes 42.726
- Bequest: Property gifted by will.
- Corporation: A legal entity owned by the holders of shares of stock that have been issued, and that can own, receive, and transfer property, and carry on business in its own name.
- Corporation: may extend and be applied to any corporation, company, partnership, joint stock company, or association. See Kentucky Statutes 446.010
- Federal: refers to the United States. See Kentucky Statutes 446.010
- Fiscal year: The fiscal year is the accounting period for the government. For the federal government, this begins on October 1 and ends on September 30. The fiscal year is designated by the calendar year in which it ends; for example, fiscal year 2006 begins on October 1, 2005 and ends on September 30, 2006.
- Gift: A voluntary transfer or conveyance of property without consideration, or for less than full and adequate consideration based on fair market value.
- State: when applied to a part of the United States, includes territories, outlying possessions, and the District of Columbia. See Kentucky Statutes 446.010
- Statute: A law passed by a legislature.
- Year: means calendar year. See Kentucky Statutes 446.010
(a) Providing technical support and services to all executive agencies of state government in the application of information technology;
(b) Assuring compatibility and connectivity of Kentucky’s information systems;
(c) Developing strategies and policies to support and promote the effective applications of information technology within state government as a means of saving money, increasing employee productivity, and improving state services to the public, including electronic public access to information of the Commonwealth;
(d) Developing, implementing, and managing strategic information technology directions, standards, and enterprise architecture, including implementing necessary management processes to ensure full compliance with those directions, standards, and architecture;
(e) Promoting effective and efficient design and operation of all major information resources management processes for executive branch agencies, including improvements to work processes;
(f) Developing, implementing, and maintaining the technology infrastructure of the Commonwealth and all related support staff, planning, administration, asset management, and procurement for all executive branch cabinets and agencies except:
1. Agencies led by a statewide elected official;
2. The nine (9) public institutions of postsecondary education;
3. The Department of Education’s services provided to local school districts;
4. The Kentucky Retirement Systems, the County Employees Retirement System, the Kentucky Public Pensions Authority, and the Teachers’ Retirement System;
5. The Kentucky Housing Corporation;
6. The Kentucky Lottery Corporation;
7. The Kentucky Higher Education Student Loan Corporation; and
8. The Kentucky Higher Education Assistance Authority;
(g) Facilitating and fostering applied research in emerging technologies that offer
the Commonwealth innovative business solutions;
(h) Reviewing and overseeing large or complex information technology projects and systems for compliance with statewide strategies, policies, and standards, including alignment with the Commonwealth’s business goals, investment, and other risk management policies. The executive director is authorized to grant or withhold approval to initiate these projects;
(i) Integrating information technology resources to provide effective and supportable information technology applications in the Commonwealth;
(j) Establishing the central statewide geographic information clearinghouse to maintain map inventories, information on current and planned geographic information systems applications, information on grants available for the acquisition or enhancement of geographic information resources, and a directory of geographic information resources available within the state or from the federal government;
(k) Coordinating multiagency information technology projects, including overseeing the development and maintenance of statewide base maps and geographic information systems;
(l) Providing access to both consulting and technical assistance, and education and training, on the application and use of information technologies to state and local agencies;
(m) In cooperation with other agencies, evaluating, participating in pilot studies, and making recommendations on information technology hardware and software;
(n) Providing staff support and technical assistance to the Geographic Information Advisory Council and the Kentucky Information Technology Advisory Council;
(o) Overseeing the development of a statewide geographic information plan with input from the Geographic Information Advisory Council;
(p) Developing for state executive branch agencies a coordinated security framework and model governance structure relating to the privacy and confidentiality of personal information collected and stored by state executive branch agencies, including but not limited to:
1. Identification of key infrastructure components and how to secure them;
2. Establishment of a common benchmark that measures the effectiveness of security, including continuous monitoring and automation of defenses;
3. Implementation of vulnerability scanning and other security assessments;
4. Provision of training, orientation programs, and other communications that increase awareness of the importance of security among agency employees responsible for personal information; and
5. Development of and making available a cyber security incident response
plan and procedure; and
(q) Preparing proposed legislation and funding proposals for the General Assembly that will further solidify coordination and expedite implementation of information technology systems.
(3) The Commonwealth Office of Technology may:
(a) Provide general consulting services, technical training, and support for generic software applications, upon request from a local government, if the executive director finds that the requested services can be rendered within the established terms of the federally approved cost allocation plan;
(b) Promulgate administrative regulations in accordance with KRS Chapter 13A
necessary for the implementation of KRS § 42.720 to KRS § 42.742, 45.253, 171.420,
186A.040, and 186A.285;
(c) Solicit, receive, and consider proposals from any state agency, federal agency, local government, university, nonprofit organization, private person, or corporation;
(d) Solicit and accept money by grant, gift, donation, bequest, legislative appropriation, or other conveyance to be held, used, and applied in accordance with KRS § 42.720 to KRS § 42.742, 45.253, 171.420, 186A.040, and 186A.285;
(e) Make and enter into memoranda of agreement and contracts necessary or incidental to the performance of duties and execution of its powers, including but not limited to agreements or contracts with the United States, other state agencies, and any governmental subdivision of the Commonwealth;
(f) Accept grants from the United States government and its agencies and instrumentalities, and from any source, other than any person, firm, or corporation, or any director, officer, or agent thereof that manufactures or sells information resources technology equipment, goods, or services. To these ends, the Commonwealth Office of Technology shall have the power to comply with those conditions and execute those agreements that are necessary, convenient, or desirable; and
(g) Purchase interest in contractual services, rentals of all types, supplies, materials, equipment, and other services to be used in the research and development of beneficial applications of information resources technologies. Competitive bids may not be required for:
1. New and emerging technologies as approved by the executive director or her or his designee; or
2. Related professional, technical, or scientific services, but contracts shall be submitted in accordance with KRS § 45A.690 to KRS § 45A.725.
(4) Nothing in this section shall be construed to alter or diminish the provisions of KRS
171.410 to 171.740 or the authority conveyed by these statutes to the Archives and
Records Commission and the Department for Libraries and Archives.
(5) The Commonwealth Office of Technology shall, on or before October 1 of each year, submit to the Legislative Research Commission a report in accordance with KRS § 57.390 detailing:
(a) Any security breaches that occurred within organizational units of the executive branch of state government during the prior fiscal year that required notification to the Commonwealth Office of Technology under KRS § 61.932;
(b) Actions taken to resolve the security breach, and to prevent additional security breaches in the future;
(c) A general description of what actions are taken as a matter of course to protect personal data from security breaches; and
(d) Any quantifiable financial impact to the agency reporting a security breach.
Effective: July 14, 2022
History: Amended 2022 Ky. Acts ch. 229, sec. 3, effective July 14, 2022. — Amended
2020 Ky. Acts ch. 36, sec. 3, effective July 15, 2020; and ch. 79, sec. 16, effective April 1, 2021. — Amended 2018 Ky. Acts ch. 78, sec. 3, effective July 14, 2018. — Amended 2014 Ky. Acts ch. 74, sec. 6, effective January 1, 2015; ch. 89, sec. 11, effective July 15, 2014; and ch. 138, sec. 4, effective July 15, 2014. — Amended
2012 Ky. Acts ch. 69, sec. 9, effective July 12, 2012. — Repealed, reenacted, and amended 2009 Ky. Acts ch. 12, sec. 5, effective June 25, 2009. — Amended 2006 Ky. Acts ch. 193, sec. 10, effective July 12, 2006. — Amended 2005 Ky. Acts ch. 85, sec.
30, effective June 20, 2005; and ch. 99, sec. 4, effective June 20, 2005. — Created
2000 Ky. Acts ch. 506, sec. 4, effective July 14, 2000; and ch. 536, sec. 4, effective
July 14, 2000.
Formerly codified as KRS § 11.507.
Legislative Research Commission Note (1/1/2015). 2014 Ky. Acts ch. 74, sec. 10 provided that “the provisions of this Act shall not impact the provisions of KRS
61.870 to 61.884.” That proviso applies to this statute as amended in Section 6 of that Act.