(1)

Ask a legal question, get an answer ASAP!
Click here to chat with a lawyer about your rights.

Terms Used In Utah Code 63A-16-205

  • Agency: means a board, commission, institution, department, division, officer, council, office, committee, bureau, or other administrative unit of the state, including the agency head, agency employees, or other persons acting on behalf of or under the authority of the agency head, the Legislature, the courts, or the governor, but does not mean a political subdivision of the state, or any administrative unit of a political subdivision of the state. See Utah Code 63A-1-103
  • Chief information officer: means the chief information officer appointed under Section 63A-16-201. See Utah Code 63A-16-102
  • Executive branch agency: means an agency or administrative subunit of state government. See Utah Code 63A-16-102
  • Executive branch strategic plan: means the executive branch strategic plan created under Section 63A-16-202. See Utah Code 63A-16-102
  • Information technology: means all computerized and auxiliary automated information handling, including:
         (8)(a) systems design and analysis;
         (8)(b) acquisition, storage, and conversion of data;
         (8)(c) computer programming;
         (8)(d) information storage and retrieval;
         (8)(e) voice, video, and data communications;
         (8)(f) requisite systems controls;
         (8)(g) simulation; and
         (8)(h) all related interactions between people and machines. See Utah Code 63A-16-102
  • Oversight: Committee review of the activities of a Federal agency or program.
  • State: when applied to the different parts of the United States, includes a state, district, or territory of the United States. See Utah Code 68-3-12.5
     (1)(a) Except as provided in Subsection (2), the chief information officer shall, by rule made in accordance with Title 63G, Chapter 3, Utah Administrative Rulemaking Act:

          (1)(a)(i) establish standards that impose requirements on executive branch agencies related to the security of the statewide area network;
          (1)(a)(ii) establish standards for when an agency must obtain approval before obtaining items described in Subsection 63G-6a-109.5(2);
          (1)(a)(iii) specify the detail and format required in an agency information technology plan submitted in accordance with Section 63A-16-203;
          (1)(a)(iv) establish standards related to the privacy policies of websites operated by or on behalf of an executive branch agency;
          (1)(a)(v) subject to Subsection 63G-6a-109.5(9), establish standards for the acquisition, licensing, and sale of computer software;
          (1)(a)(vi) specify the requirements for the project plan and business case analysis required under Section 63G-6a-109.5;
          (1)(a)(vii) provide for project oversight of agency technology projects when required under Section 63G-6a-109.5;
          (1)(a)(viii) establish, in accordance with Subsection 63G-6a-109.5(3), the implementation of the needs assessment for information technology purchases;
          (1)(a)(ix) establish telecommunications standards and specifications in accordance with Subsection 63G-6a-109.5(25); and
          (1)(a)(x) establish standards for accessibility of information technology by individuals with disabilities in accordance with Section 63A-16-209.
     (1)(b) The rulemaking authority granted by Subsection (1)(a) is in addition to any other rulemaking authority granted under this chapter.
(2)

     (2)(a) Notwithstanding Title 63G, Chapter 3, Utah Administrative Rulemaking Act, and subject to Subsection (2)(b), the chief information officer may adopt a policy that outlines procedures to be followed by the chief information officer in facilitating the implementation of this title by executive branch agencies if the policy:

          (2)(a)(i) is consistent with the executive branch strategic plan; and
          (2)(a)(ii) is not required to be made by rule under Subsection (1) or Section 63G-3-201.
     (2)(b)

          (2)(b)(i) A policy adopted by the chief information officer under Subsection (2)(a) may not take effect until 30 days after the day on which the chief information officer submits the policy to:

               (2)(b)(i)(A) the governor; and
               (2)(b)(i)(B) all cabinet level officials.
          (2)(b)(ii) During the 30-day period described in Subsection (2)(b)(i), cabinet level officials may review and comment on a policy submitted under Subsection (2)(b)(i).
(3)

     (3)(a) Notwithstanding Subsection (1) or (2) or Title 63G, Chapter 3, Utah Administrative Rulemaking Act, without following the procedures of Subsection (1) or (2), the chief information officer may adopt a security procedure to be followed by executive branch agencies to protect the statewide area network if:

          (3)(a)(i) broad communication of the security procedure would create a significant potential for increasing the vulnerability of the statewide area network to breach or attack; and
          (3)(a)(ii) after consultation with the chief information officer, the governor agrees that broad communication of the security procedure would create a significant potential increase in the vulnerability of the statewide area network to breach or attack.
     (3)(b) A security procedure described in Subsection (3)(a) is classified as a protected record under Title 63G, Chapter 2, Government Records Access and Management Act.
     (3)(c) The chief information officer shall provide a copy of the security procedure as a protected record to:

          (3)(c)(i) the chief justice of the Utah Supreme Court for the judicial branch;
          (3)(c)(ii) the speaker of the House of Representatives and the president of the Senate for the legislative branch;
          (3)(c)(iii) the chair of the Utah Board of Higher Education; and
          (3)(c)(iv) the chair of the State Board of Education.