HOUSE OF REPRESENTATIVES STAFF ANALYSIS
BILL #: CS/CS/HB 1137 Information Technology Procurement
SPONSOR(S): State Affairs Committee, Government Operations Subcommittee, Fabricio and others
TIED BILLS: IDEN./SIM. BILLS: CS/SB 1448
REFERENCE ACTION ANALYST STAFF DIRECTOR or
BUDGET/POLICY CHIEF
1) Government Operations Subcommittee 14 Y, 2 N, As CS Roth Smith
2) State Administration & Technology 12 Y, 0 N Mullins Topp
Appropriations Subcommittee
3) State Affairs Committee 19 Y, 3 N, As CS Roth Williamson
SUMMARY ANALYSIS
The Florida Digital Service (FDS) is established within the Department of Management Services (DMS) and is
administered by a state chief information officer. FDS is tasked with proposing innovative solutions that securely
modernize state government, including technology and information services, to achieve value through digital
transformation and interoperability, and to fully support the cloud-first policy. The powers and duties of FDS include
establishing project management and oversight standards that state agencies must comply with when implementing
information technology (IT) projects.
In addition to the current project management and oversight standards FDS must establish, the bill requires FDS to
establish technical standards that agencies must comply with to ensure IT projects comply with the enterprise
architecture. The bill also increases FDS’s involvement in state agency IT projects with a total cost of more than $10
million by requiring:
State agencies to provide FDS with written notice of any planned procurement of an IT project;
FDS to participate in the development of specifications and recommend modifications to any planned
procurement of an IT project by state agencies to ensure compliance with the enterprise architecture; and
FDS to participate in post-award contract monitoring.
The bill lowers the IT project threshold amount that triggers FDS project oversight of cabinet agency IT projects from
$25 million to $20 million. It also removes the requirement that a cabinet agency IT project impact one or more other
agencies before triggering FDS project oversight.
The bill provides that IT related policies established by FDS must include a requirement that IT commodities and
services purchased by the state meet the National Institute of Standards and Technology Cybersecurity Framework
and that certain IT projects require an independent verification and validation.
For IT state term contracts, the bill requires the Secretary of Management Services and the state chief information
officer to certify in writing when a contract for IT commodities, consultant services, or staff augmentation contractual
services should exceed 48 months because it is in the best interest of the state.
The bill requires DMS to prequalify firms and individuals to provide IT staff augmentation contractual services on
state term contract on an annual basis. Once a firm or individual has been prequalified to provide such service, they
may respond to a request for quote (RFQ) issued by an agency to provide the service. However, a firm or individual
removed from the source of supply due to failure to fulfill any of the duties specified in a contract with the state or
placed on a disqualified vendor list, is immediately disqualified from state term contract eligibility. The bill further
requires an agency issuing an RFQ to purchase IT commodities, consultant services, or staff augmentation
contractual services from the state term contract to issue the RFQ to a certain number of approved vendors on state
term contract.
The bill may have an indeterminate but likely insignificant negative fiscal impact on state government.
This document does not reflect the intent or official position of the bill sponsor or House of Representatives.
STORAGE NAME: h1137e.SAC
DATE: 4/6/2021
� FULL ANALYSIS
I. SUBSTANTIVE ANALYSIS
A. EFFECT OF PROPOSED CHANGES:
Background
Florida Digital Service
The Florida Digital Service (FDS) is established within the Department of Management Services (DMS)
and is administered by a state chief information officer.1 FDS is tasked with proposing innovative
solutions that securely modernize state government, including technology and information services, to
achieve value through digital transformation and interoperability, and to fully support the cloud-first
policy.2
The powers and duties of FDS include developing an enterprise architecture3 that acknowledges the
unique needs of the entities within the enterprise,4 supports the state’s cloud-first policy,5 and
addresses how information technology (IT) infrastructure may be modernized.6 Additionally, FDS must
establish project management and oversight standards that state agencies must comply with when
implementing IT projects.7 FDS must provide training opportunities to state agencies to assist in the
adoption of the project management and oversight standards. To support data-driven decision-making,
the standards must include, but are not limited to:8
Performance measurements and metrics that objectively reflect the status of an IT project
based on a defined and documented project scope, cost, and schedule.
Methodologies for calculating acceptable variances in the projected versus actual scope,
schedule, or cost of an IT project.
Reporting requirements, including requirements designed to alert all defined stakeholders that
an IT project has exceeded acceptable variances defined and documented in a project plan.
Content, format, and frequency of project updates.
FDS must provide project oversight9 on all state agency10 IT projects that have a total project cost of at
least $10 million and on any cabinet agency11 IT project that has a total project cost of at least $25
million and that impacts one or more other agencies.12 FDS must report quarterly to the Executive
Office of the Governor, the President of the Senate, and the Speaker of the House of Representatives
1
Section 282.0051(2)(a), F.S.
2
Section 282.0051(1), F.S.
3
“Enterprise architecture” means a comprehensive operational framework that contemplates the needs and assets of the enterprise to
support interoperability. Section 282.0041(15), F.S.
4
The “enterprise” includes state agencies and the Department of Legal Affairs, the Department of Financial Services, and the
Department of Agriculture and Consumer Services. Section 282.0041(14), F.S.
5
See s. 282.206, F.S.
6
Section 282.0051(1)(b), F.S.
7
Section 282.0051(1)(c), F.S.
8
Section 282.0051(1)(c)1.- 4., F.S.
9
“Project oversight” means an independent review and analysis of an information technology project that provides information on the
project’s scope, completion timeframes, and budget and that identifies and quantifies issues or risks affecting the successful and timely
completion of the project. Section 282.0041(27), F.S.
10
The term “state agency” means any official, officer, commission, board, authority, council, committee, or department of the
executive branch of state government; the Justice Administrative Commission; and the Public Service Commission. The term does not
include university boards of trustees or state universities. Unless specifically provided, the term does not include the Department of
Legal Affairs, the Department of Agriculture and Consumer Services, or the Department of Financial Services. Section 282.0041(33),
F.S.
11
The cabinet agencies are the Department of Financial Services, the Department of Legal Affairs, and the Department of Agriculture
and Consumer Services.
12
Such IT projects must comply with the applicable IT architecture, project management and oversight, and reporting standards
established by DMS, acting through FDS. Section 282.0051(1)(n)1., F.S.
STORAGE NAME: h1137e.SAC PAGE: 2
DATE: 4/6/2021
� on any IT project that DMS identifies as high-risk due to the project exceeding acceptable variance
ranges defined and documented in a project plan.13
FDS must establish best practices for procurement of IT products and cloud-computing services14 and
establish an IT policy for all IT-related state contracts, including state term contracts for IT commodities,
consultant services, and staff augmentation services.15 The policy must include identification of the IT
product and service categories for inclusion in state term contracts, requirements to be included in
solicitations for state term contracts, evaluation criteria for the award of IT-related state term contracts,
the term of each IT-related state term contract, and the maximum number of vendors authorized on
each such contract.16
Upon the adoption of the enterprise architecture standards, FDS may create a process to receive
written notice from state agencies of any planned or existing procurement of IT projects subject to
enterprise architecture standards,17 and may participate in the development of specifications and
recommend modifications to any planned procurement by state agencies to ensure compatibility with
the enterprise architecture.18
State Agency Competitive Solicitations
Current law requires state agencies that wish to procure commodities or contractual services in excess
of $35,00019 to use a competitive solicitation process.20 Depending on the type of contract and scope of
work or goods sought, an agency may use one of three procurement methods:
Invitation to bid (ITB): An agency must use an ITB when the agency is capable of specifically
defining the scope of work for which a contractual service is required or when the agency is
capable of establishing precise specifications defining the actual commodity or group of
commodities required.21
Request for proposals (RFP): An agency must use an RFP when the purposes and uses for
which the commodity, group of commodities, or contractual service being sought can be
specifically defined and the agency is capable of identifying necessary deliverables.22
Invitation to negotiate (ITN): An ITN is a solicitation used by an agency that is intended to
determine the best method for achieving a specific goal or solving a particular problem and
identifies one or more responsive vendors with which the agency may negotiate in order to
receive the best value.23
State Term Contracts
A state term contract is a contract for commodities or contractual services that is competitively procured
by DMS and that is used by agencies and eligible users.24 Agencies must purchase commodities or
contractual services from a state term contract if one has been competitively procured by DMS.25
Agencies may use a request for quote (RFQ)26 to obtain written pricing or services information from a
13
The report must include a risk assessment, including fiscal risks, associated with proceeding to the next state of the project, and a
recommendation for corrective actions required, including suspension or termination of the project. Section 282.0051(1)(d) and (n)2.,
F.S.
14
Section 282.0051(1)(g), F.S.
15
Section 282.0051(1)(q)1., F.S.
16
Current law also requires FDS to evaluate vendor responses for IT-related state term contract solicitations and invitations to
negotiate, answer vendor questions on such state term contract solicitations, and ensure that the IT policy is included in all
solicitations and contracts that are executed by DMS. Id.
17
Section 282.0051(4)(a), F.S.
18
Section 282.0051(4)(b), F.S.
19
See s. 287.017, F.S., for a list of purchasing categories and their corresponding threshold amounts.
20
Section 287.057(1), F.S.
21
Section 287.057(1)(a), F.S.
22
Section 287.057(1)(b), F.S.
23
Section 287.057(1)(c), F.S.
24
Section 287.042(2)(a), F.S.
25
Section 287.056(1), F.S.
26
A “request for quote” is an oral, electronic, or written request for written pricing or services information from a state term contract
vendor for commodities or contractual services available on a state term contract from that vendor. Section 287.012(24), F.S.
STORAGE NAME: h1137e.SAC PAGE: 3
DATE: 4/6/2021
� state term contract vendor. The purpose of an RFQ is to determine whether a price, term, or condition
is more favorable to the agency or eligible user than that provided in the state term contract.
FDS Participation
FDS must participate in any competitive solicitation issued by DMS for a state term contract for IT
commodities, consultant services, or IT staff augmentation contractual services.27 The term of such
contract may not exceed 48 months, unless the DMS Secretary and the state chief information officer
certify to the Executive Office of the Governor that a longer contract term is in the best interest of the
state.28
Vendor Disqualification
DMS disqualifies from contract eligibility any vendor who has:
Failed to fulfill any of its duties specified in a contract with the state. The vendor may be
reinstated when DMS is satisfied that further instances of default will not occur.29
Been placed on the convicted vendor list for violating any state or federal law with respect to
and directly related to the transaction of business with any public entity or with an agency or
political subdivision of any other state or with the United States, including, but not limited to, any
bid, proposal, reply, or contract for goods or services, any lease for real property, or any
contract for the construction or repair of a public building or public work, involving antitrust,
fraud, theft, bribery, collusion, racketeering, conspiracy, or material misrepresentation.30 The
vendor may not transact business with any public entity in excess of $35,000, for the following
36 months after being placed on the list.31 However, the vendor may petition the Division of
Administrative Hearings (DOAH) for a formal hearing to be removed from the list.32
Been placed on the discriminatory vendor list for a violation of any state or federal law
prohibiting discrimination.33 The vendor may petition DOAH for a formal hearing to be removed
from the list.34
National Institute of Standards and Technology
The National Institute of Standards and Technology (NIST) was founded in 1901 and is part of the U.S.
Department of Commerce.35 NIST’s cybersecurity programs seek to enable greater development and
application of practical, innovative security technologies and methodologies in an attempt to enhance
the country’s ability to address current and future computer and information security challenges.36
Effect of the Bill
In addition to the current project management and oversight standards FDS must establish, the bill
requires FDS to establish technical standards that agencies must comply with to ensure IT projects
comply with the enterprise architecture.
The bill increases FDS’s involvement in state agency IT projects with a total cost of more than $10
million by requiring:
State agencies to provide FDS with written notice of any planned procurement of an IT project.
FDS to participate in the development of specifications and recommend modifications to any
planned procurement of an IT project by state agencies to ensure compliance with the
enterprise architecture.
FDS to participate in post-award contract monitoring.
27
Section 287.0591(4), F.S.
28
Section 287.0591(1) – (3), F.S.
29
Section 287.042(1)(b), F.S.
30
Section 287.133(1)(g), F.S.
31
Section 287.133(2)(a), F.S.
32
Section 287.133(e), F.S.
33
Section 287.134(1)(b), F.S.
34
Section 287.134(3)(d), F.S.
35
Nist.gov, About NIST, available at https://www.nist.gov/about-nist (last visited March 17, 2021).
36
Id.
STORAGE NAME: h1137e.SAC PAGE: 4
DATE: 4/6/2021
� The bill lowers the IT project threshold amount that triggers FDS project oversight of cabinet agency IT
projects from $25 million to $20 million. It also removes the requirement that a cabinet agency IT
project impact one or more other agencies before triggering FDS project oversight.
The bill provides that the IT related policies established by FDS for all IT contracts must include two
additional requirements. First, that IT commodities and services purchased by the state meet the NIST
Cybersecurity Framework. Second, that IT contracts subject to FDS oversight require an independent
verification and validation (IV&V) be employed throughout a project lifecycle, with the primary objective
of IV&V being to provide an objective assessment of products and processes. An entity that provides
IV&