The bill HB207 Engrossed amends the Code of Alabama 1975 to enhance the management and coordination of information technology and cybersecurity within state agencies. Key insertions include the establishment of a Telecommunications Revolving Fund and the introduction of new definitions such as "cybersecurity" and "technology contract." The bill also repeals existing articles related to the Division of Data Systems Management and the Telecommunications Division of the Department of Finance. It clarifies the role of the Secretary of Information Technology, now referred to as the Chief Information Officer, who is responsible for developing a strategic plan for information technology across state agencies and ensuring effective collaboration to maximize investment returns.

Additionally, the bill outlines new regulations for the expenditure of public funds on telecommunications and cybersecurity services, requiring that all expenditures be appropriated by the Legislature and deposited into the Telecommunications Revolving Fund. It mandates written approval for state agencies before acquiring telecommunications equipment and establishes protocols for contract management and criminal background checks for individuals accessing sensitive technology infrastructure. The bill also emphasizes centralized governance of cybersecurity practices and introduces a structured system for reviewing new initiatives, while exempting certain educational institutions and legislative and judicial branches from its requirements. The act is set to take effect on October 1, 2025.

Statutes affected:
Introduced: 41-28-1, 41-28-2, 41-28-4, 41-28-5, 41-28-11, 41-28-12, 41-28-13, 41-28-14, 41-28-15, 41-28-16, 41-28-17
Engrossed: 41-28-1, 41-28-2, 41-28-4, 41-28-5, 41-28-11, 41-28-12, 41-28-13, 41-28-14, 41-28-15, 41-28-16, 41-28-17, 41-28-18