Bill Summary – FastDemocracy

Senate File 29 - Introduced
                                  SENATE FILE 29
                                  BY DAWSON
                            A BILL FOR
An Act relating to the office of the chief information officer,
  including procurement preferences and a report detailing
  state information technology assets.
BE IT ENACTED BY THE GENERAL ASSEMBLY OF THE STATE OF IOWA:
                                         TLSB 1409XS (2) 89
                                         ja/rn
                                S.F. 29
    Section 1. Section 8B.1, Code 2021, is amended by adding the
 following new subsection:
    NEW SUBSECTION. 2A. “Cloud computing” means the same as
 defined in the United States national institute of standards
 and technology’s special publication 800-145.
    Sec. 2. Section 8B.9, subsection 6, Code 2021, is amended
 to read as follows:
    6. Beginning October 1, 2019, a quarterly report regarding
 the status of technology upgrades or enhancements for state
 agencies, submitted to the general assembly and to the
 chairpersons and ranking members of the senate and house
 committees on appropriations. The quarterly report shall
 also include a listing of state agencies coordinating or
 working with the office, and a listing of state agencies not
 coordinating or working with the office, and the information
 required by section 8B.24, subsection 5A, paragraph “b”.
    Sec. 3. Section 8B.24, Code 2021, is amended by adding the
 following new subsection:
    NEW SUBSECTION. 5A. a. The office shall, when feasible,
 procure from providers that meet or exceed applicable state
 and federal laws, regulations, and standards for information
 technology, third-party cloud computing solutions and other
 information technology and related services that are not hosted
 on premises by the state.
    b. If the office determines it is not feasible to procure
 third-party cloud computing solutions or other information
 technology and related services pursuant to paragraph “a”, and
 if on-premises technology upgrades or new applications to be
 housed on-premises are proposed, the office shall include all
 of the following in the report required pursuant to section
 8B.9, subsection 6:
    (1) An explanation as to why a cloud computing deployment
 was not feasible.
    (2) Whether the application can be deployed using a hybrid
 or containerized approach to minimize on-premise costs.
                                           LSB 1409XS (2) 89
                               -1-         ja/rn                 1/4
                                S.F. 29
    (3) Compliance frameworks that require the application to
 be hosted on-premises.
    c. The office shall contract with multiple third-party
 commercial cloud computing service providers.
    d. The control and ownership of state data stored with cloud
 computing service providers shall remain with the state. The
 office shall ensure the portability of state data stored with
 cloud computing service providers.
    Sec. 4. Section 8B.24, subsection 6, Code 2021, is amended
 to read as follows:
    6. The office shall adopt rules pursuant to chapter 17A to
 implement the procurement methods and procedures provided for
 in subsections 2 through 5 5A.
    Sec. 5. INVENTORY OF INFORMATION TECHNOLOGY ASSETS, CURRENT
 CLOUD COMPUTING ADOPTION, AND CLOUD COMPUTING MIGRATION PLAN
 —— REPORT. By November 1, 2021, the office of the chief
 information officer, in collaboration with other state agencies
 and departments, shall provide a report to the general assembly
 that includes all of the following:
    1. An inventory of all state information technology
 applications, and the percentage of the information technology
 applications that are cloud-based applications.
    2. Recommendations regarding state information technology
 applications that should migrate to cloud-based applications.
 Each such recommendation shall include a description of
 workloads and information technology applications that are best
 suited to migrate to cloud-based applications given all of the
 following considerations:
    a. Whether the information technology application has
 underlying storage, networks, or infrastructure that supports
 another information technology application, and whether the
 information technology application is supported by another
 information technology application.
    b. How critical the information technology application is
 to the mission of the state agency or department.
                                           LSB 1409XS (2) 89
                               -2-         ja/rn                 2/4
                                         S.F. 29
  c. The difficulty of migrating the information technology
application to a cloud-based application.
  d. The total cost of ownership of the target environment in
which the information technology application shall operate if
migrated to a cloud-based application.
                         EXPLANATION
         The inclusion of this explanation does not constitute agreement with
         the explanation’s substance by the members of the general assembly.
    This bill relates to the office of the chief information
 officer, including procurement preferences and a report
 detailing state information technology assets.
    The bill defines “cloud computing” by reference to the
 United States national institute of standards and technology’s
 special publication 800-145, which defines the term as a model
 for enabling ubiquitous, convenient, on-demand network access
 to a shared pool of configurable computing resources that can
 be rapidly provisioned and released with minimal management
 effort or service provider interaction.
    Current law requires the office to submit a quarterly report
 regarding the status of technology upgrades or enhancements for
 state agencies. The bill requires this report to also include
 information related to the office’s determination that it was
 not feasible to procure a cloud computing solution, including
 an explanation as to why a cloud computing deployment was not
 feasible, whether the application can be deployed using a
 hybrid or containerized approach to minimize on-premise costs,
 and compliance frameworks that require the application to be
 hosted on-premises.
    The bill requires the office to, when feasible, procure
 third-party cloud computing solutions and other information
 technology and related services that are not hosted on premises
 by the state from providers that meet or exceed applicable
 state and federal laws, regulations, and standards for
 information technology.
    The bill provides the office shall contract with multiple
                                                        LSB 1409XS (2) 89
                                       -3-              ja/rn                       3/4
                                 S.F. 29
 third-party commercial cloud computing service providers.
    The bill establishes that control and ownership of state
 data stored with cloud computing service providers shall remain
 with the state. The bill requires the office to ensure the
 portability of state data stored with cloud computing service
 providers.
    The bill requires the office to provide a report to the
 general assembly by November 1, 2021, that includes an
 inventory of all state information technology applications,
 and recommendations regarding state information technology
 applications that should migrate to cloud-based applications.
                                           LSB 1409XS (2) 89
                               -4-         ja/rn                  4/4
Statutes affected: 
Introduced: 8B.1, 8B.9, 8B.24