GOVERNMENT CODE


TITLE 10. GENERAL GOVERNMENT


SUBTITLE B. INFORMATION AND PLANNING


CHAPTER 2054. INFORMATION RESOURCES


SUBCHAPTER A. GENERAL PROVISIONS


Sec. 2054.001. LEGISLATIVE FINDINGS AND POLICY. (a) The legislature finds that:

(1) information and information resources possessed by agencies of state government are strategic assets belonging to the residents of this state that must be managed as valuable state resources;

(2) technological and theoretical advances in information use are recent in origin, immense in scope and complexity, and growing at a rapid pace;

(3) the nature of these advances presents this state with the opportunity to provide higher quality, more timely, and more cost-effective governmental services;

(4) the danger exists that state agencies could independently acquire uncoordinated and duplicative information resources technologies that are more appropriately acquired as part of a coordinated effort for maximum cost-effectiveness and use;

(5) the sharing of information resources technologies among state agencies is often the most cost-effective method of providing the highest quality and most timely governmental services that otherwise would be cost prohibitive;

(6) both considerations of cost and the need for the transfer of information among the various agencies and branches of state government in the most timely and useful form possible require a uniform policy and coordinated system for the use and acquisition of information resources technologies;

(7) considerations of cost and expertise require that, to the extent possible, the planning and coordinating functions reside in a separate agency from the purchasing function; and

(8) the need of officials in the executive branch of state government to have timely access to all needed information in a form most useful to them in their execution of the laws and the need of members of the legislative branch of state government to have timely access to all needed information in a form most useful to them in their evaluation of the practical effect of the laws and in their identification of areas in which legislation is needed for the future are equally paramount, requiring the greatest possible continuous and formal coordination and cooperation within and among the branches of state government.

(b) It is the policy of this state to coordinate and direct the use of information resources technologies by state agencies and to provide as soon as possible the most cost-effective and useful retrieval and exchange of information within and among the various agencies and branches of state government and from the agencies and branches of state government to the residents of this state and their elected representatives. The Department of Information Resources exists for these purposes.

Added by Acts 1993, 73rd Leg., ch. 268, Sec. 1, eff. Sept. 1, 1993.

Sec. 2054.002. SHORT TITLE. This chapter may be cited as the Information Resources Management Act.

Added by Acts 1993, 73rd Leg., ch. 268, Sec. 1, eff. Sept. 1, 1993.

Sec. 2054.003. DEFINITIONS. In this chapter:

(1) "Application" means a separately identifiable and interrelated set of information resources technologies that allows a state agency to manipulate information resources to support specifically defined objectives.

(2) "Board" means the governing board of the Department of Information Resources.

(2-a) "Business case" means a comparison of business solution costs and project benefits based on a solution assessment and validation for a major information resources project, which may include:

(A) alternative financing models, such as system as a service; and

(B) a readiness score of the project using an evidence-based scoring method delivered by an independent third party that includes measurement and corrective actions for the state agency's operational and technical strengths and weaknesses related to the project.

(3) "Data processing" means information technology equipment and related services designed for the automated storage, manipulation, and retrieval of data by electronic or mechanical means. The term includes:

(A) central processing units, front-end processing units, miniprocessors, microprocessors, and related peripheral equipment such as data storage devices, document scanners, data entry equipment, terminal controllers, data terminal equipment, computer-based word processing systems other than memory typewriters, and equipment and systems for computer networks;

(B) all related services, including feasibility studies, systems design, software development, and time-sharing services, provided by state employees or others; and

(C) the programs and routines used to employ and control the capabilities of data processing hardware, including operating systems, compilers, assemblers, utilities, library routines, maintenance routines, applications, and computer networking programs.

(4) "Department" means the Department of Information Resources.

(5) "Electronic government project" means the use of information technology to improve the access to and delivery of a government service, including a project that uses the Internet as a primary tool for the delivery of a government service or performance of a governmental function.

(6) "Executive director" means the executive director of the Department of Information Resources.

(7) "Information resources" means the procedures, equipment, and software that are employed, designed, built, operated, and maintained to collect, record, process, store, retrieve, display, and transmit information, and associated personnel including consultants and contractors.

(8) "Information resources technologies" means data processing and telecommunications hardware, software, services, supplies, personnel, facility resources, maintenance, and training.

(8-a) "Institution of higher education" has the meaning assigned by Section 61.003, Education Code.

(9) "Local government" means a county, municipality, special district, school district, junior college district, or other political subdivision of the state.

(10) "Major information resources project" means:

(A) any information resources technology project identified in a state agency's biennial operating plan whose development costs exceed $5 million and that:

(i) requires one year or longer to reach operations status;

(ii) involves more than one state agency; or

(iii) substantially alters work methods of state agency personnel or the delivery of services to clients;

(B) any information resources technology project designated by the legislature in the General Appropriations Act as a major information resources project; and

(C) any information resources technology project of a state agency designated for additional monitoring under Section 2261.258(a)(1) if the development costs for the project exceed $5 million.

(11) Repealed by Acts 2007, 80th Leg., R.S., Ch. 1208, Sec. 16(1), eff. September 1, 2007.

(12) "Project" means an initiative that:

(A) provides information resources technologies and creates products, services, or results within or among elements of a state agency; and

(B) is characterized by well-defined parameters, specific objectives, common benefits, planned activities, a scheduled completion date, and an established budget with a specified source of funding.

(13) "State agency" means a department, commission, board, office, council, authority, or other agency in the executive or judicial branch of state government that is created by the constitution or a statute of this state, including a university system or institution of higher education as defined by Section 61.003, Education Code.

(14) "Telecommunications" means any transmission, emission, or reception of signs, signals, writings, images, or sounds of intelligence of any nature by wire, radio, optical, or other electromagnetic systems. The term includes all facilities and equipment performing those functions that are owned, leased, or used by state agencies and branches of state government.

(15) "State electronic Internet portal" means the electronic government project or its successor project implemented under Subchapter I.

(16) "Quality assurance team" means the quality assurance team established under Section 2054.158.

Added by Acts 1993, 73rd Leg., ch. 268, Sec. 1, eff. Sept. 1, 1993. Amended by Acts 1999, 76th Leg., ch. 1499, Sec. 1.13, eff. Sept. 1, 1999; Acts 2001, 77th Leg., ch. 1272, Sec. 2.01, eff. June 15, 2001; Acts 2001, 77th Leg., ch. 1422, Sec. 3.01, eff. Sept. 1, 2001; Acts 2003, 78th Leg., ch. 1246, Sec. 1, eff. Sept. 1, 2003; Acts 2003, 78th Leg., ch. 1276, Sec. 9.019, eff. Sept. 1, 2003.

Amended by:

Acts 2005, 79th Leg., Ch. 1068 (H.B. 1516), Sec. 2.01, eff. September 1, 2005.

Acts 2007, 80th Leg., R.S., Ch. 1208 (H.B. 1789), Sec. 16(1), eff. September 1, 2007.

Acts 2009, 81st Leg., R.S., Ch. 393 (H.B. 1705), Sec. 2.01, eff. September 1, 2009.

Acts 2011, 82nd Leg., R.S., Ch. 973 (H.B. 1504), Sec. 10, eff. June 17, 2011.

Acts 2019, 86th Leg., R.S., Ch. 953 (S.B. 65), Sec. 2, eff. September 1, 2019.

Acts 2021, 87th Leg., R.S., Ch. 855 (S.B. 799), Sec. 2, eff. September 1, 2021.

Acts 2021, 87th Leg., R.S., Ch. 1021 (S.B. 1541), Sec. 1, eff. September 1, 2021.

Sec. 2054.004. DEPARTMENT. The Department of Information Resources is an agency of the state.

Added by Acts 1993, 73rd Leg., ch. 268, Sec. 1, eff. Sept. 1, 1993.

Sec. 2054.005. SUNSET PROVISION. (a) The Department of Information Resources is subject to Chapter 325 (Texas Sunset Act). Unless continued in existence as provided by that chapter, the department is abolished and this chapter expires September 1, 2025.

(b) Repealed by Acts 2013, 83rd Leg., R.S., Ch. 48, Sec. 22(2), eff. September 1, 2013.

Added by Acts 1993, 73rd Leg., ch. 268, Sec. 1, eff. Sept. 1, 1993. Amended by Acts 1997, 75th Leg., ch. 606, Sec. 1, eff. Sept. 1, 1997.

Amended by:

Acts 2007, 80th Leg., R.S., Ch. 928 (H.B. 3249), Sec. 3.11, eff. June 15, 2007.

Acts 2011, 82nd Leg., 1st C.S., Ch. 4 (S.B. 1), Sec. 23.02, eff. September 28, 2011.

Acts 2013, 83rd Leg., R.S., Ch. 48 (H.B. 2472), Sec. 1, eff. September 1, 2013.

Acts 2013, 83rd Leg., R.S., Ch. 48 (H.B. 2472), Sec. 22(2), eff. September 1, 2013.

Acts 2019, 86th Leg., R.S., Ch. 596 (S.B. 619), Sec. 3.04, eff. June 10, 2019.

Sec. 2054.006. LAWS NOT AFFECTED. (a) Except as specifically provided by this chapter, this chapter does not affect laws, rules, or decisions relating to the confidentiality or privileged status of categories of information or communications.

(b) This chapter does not enlarge the right of state government to require information, records, or communications from the people.

Added by Acts 1993, 73rd Leg., ch. 268, Sec. 1, eff. Sept. 1, 1993. Amended by Acts 2001, 77th Leg., ch. 792, Sec. 2, eff. June 14, 2001.

Sec. 2054.007. EXCEPTION: STATE LOTTERY OPERATIONS. (a) The lottery division of the Texas Lottery Commission is not subject to the planning and procurement requirements of this chapter.

(b) The electronic funds transfer system for the operation of the state lottery is not included in the information resources deployment review or the biennial operating plan of the comptroller. Operations of the comptroller that relate to the state lottery are not subject to the planning and procurement requirements of this chapter.

Added by Acts 1993, 73rd Leg., ch. 268, Sec. 1, eff. Sept. 1, 1993. Amended by Acts 1995, 74th Leg., ch. 76, Sec. 5.26(a), eff. Sept. 1, 1995; Acts 1997, 75th Leg., ch. 1035, Sec. 56, eff. June 19, 1997; Acts 1997, 75th Leg., ch. 1423, Sec. 8.60, eff. Sept. 1, 1997.

Amended by:

Acts 2007, 80th Leg., R.S., Ch. 691 (H.B. 1788), Sec. 2, eff. September 1, 2007.

Sec. 2054.0075. EXCEPTION: PUBLIC JUNIOR COLLEGE. This chapter does not apply to a public junior college or a public junior college district, except as necessary to comply with information security standards and for participation in shared technology services, including the electronic government project implemented under Subchapter I and statewide technology centers under Subchapter L.

Added by Acts 2011, 82nd Leg., R.S., Ch. 1285 (H.B. 1495), Sec. 1, eff. June 17, 2011.

Amended by:

Acts 2019, 86th Leg., R.S., Ch. 509 (S.B. 64), Sec. 8, eff. September 1, 2019.

Sec. 2054.008. CONTRACT NOTIFICATION. (a) In this section "major information system" includes:

(1) one or more computers that in the aggregate cost more than $100,000;

(2) a service related to computers, including computer software, that costs more than $100,000; and

(3) a telecommunications apparatus or device that serves as a voice, data, or video communications network for transmitting, switching, routing, multiplexing, modulating, amplifying, or receiving signals on the network and costs more than $100,000.

(b) A state agency shall provide written notice to the Legislative Budget Board of a contract for a major information system. The notice must be on a form prescribed by the Legislative Budget Board and filed not later than the 30th day after the date the agency enters into the contract.

(c) A university system or institution of higher education must provide written notice to the Legislative Budget Board under Subsection (b) only if the cost of the major information system exceeds $1 million. In this subsection, "university system" has the meaning assigned by Section 61.003, Education Code.

Added by Acts 1999, 76th Leg., ch. 281, Sec. 5, eff. Sept. 1, 1999.

Amended by:

Acts 2011, 82nd Leg., R.S., Ch. 1049 (S.B. 5), Sec. 2.06, eff. June 17, 2011.

Acts 2021, 87th Leg., R.S., Ch. 855 (S.B. 799), Sec. 3, eff. September 1, 2021.

Sec. 2054.010. REFERENCES TO PRECEDING AGENCY. Any reference in law to the Automated Information and Telecommunications Council means the Department of Information Resources.

Added by Acts 1993, 73rd Leg., ch. 268, Sec. 1, eff. Sept. 1, 1993.

Sec. 2054.011. STATEWIDE NETWORK APPLICATIONS ACCOUNT. (a) The statewide network applications account is established in the general revenue fund.

(b) Amounts credited to the statewide network applications account may be appropriated only for the purchase, improvement, or maintenance of information resources, information resources technologies or applications, or related services or items for use by a network of state agencies that may include agencies in the legislative branch of state government.

Added by Acts 1995, 74th Leg., ch. 76, Sec. 5.27(a), eff. Sept. 1, 1995.

SUBCHAPTER B. ADMINISTRATION OF DEPARTMENT


Sec. 2054.021. COMPOSITION OF BOARD; TERMS; TRAINING. (a) The department is governed by a board composed of seven voting members appointed by the governor with the advice and consent of the senate. One member must be employed by an institution of higher education as defined by Section 61.003, Education Code.

(b) Voting members of the board serve for staggered six-year terms with two or three members' terms expiring February 1 of each odd-numbered year.

(c) Two groups each composed of three ex officio members serve on the board on a rotating basis. The ex officio members serve as nonvoting members of the board. Only one group serves at a time. The first group is composed of the commissioner of insurance, the executive commissioner of the Health and Human Services Commission, and the executive director of the Texas Department of Transportation. Members of the first group serve for two-year terms that begin February 1 of every other odd-numbered year and that expire on February 1 of the next odd-numbered year. The second group is composed of the commissioner of education, the executive director of the Texas Department of Criminal Justice, and the executive director of the Parks and Wildlife Department. Members of the second group serve for two-year terms that begin February 1 of the odd-numbered years in which the terms of members of the first group expire and that expire on February 1 of the next odd-numbered year.

(d) An ex officio member may designate an employee on the management or senior staff level of the member's agency to serve in the member's place.

(e) Appointments to the board shall be made without regard to the race, color, disability, sex, religion, age, or national origin of the appointees.

(f) To be eligible to take office or serve as a voting or nonvoting member of the board, a person appointed to or scheduled to serve as an ex officio member of the board must complete at least one course of a training program that complies with this section. A voting or nonvoting board member must complete a training program that complies with Subsection (g) not later than the 180th day after the date on which the person takes office or begins serving as a member of the board.

(g) The training program must provide information to the person regarding:

(1) this chapter and the board to which the person is appointed to serve;

(2) the programs operated by the department;

(3) the role and functions of the department;

(4) the rules of the department, with an emphasis on the rules that relate to disciplinary and investigatory authority;

(5) the current budget for the department;

(6) the results of the most recent formal audit of the department;

(7) the requirements of the:

(A) open meetings law, Chapter 551;

(B) open records law, Chapter 552; and

(C) administrative procedure law, Chapter 2001;

(8) the requirements of the conflict of interest laws and other laws relating to public officials;

(9) any applicable ethics policies adopted by the department or the Texas Ethics Commission; and

(10) contract management training.

(h) A person appointed to the board is entitled to reimbursement for travel expenses incurred in attending the training program, as provided by the General Appropriations Act and as if the person were a member of the board.

Added by Acts 1993, 73rd Leg., ch. 268, Sec. 1, eff. Sept. 1, 1993; Amended by Acts 1997, 75th Leg., ch. 606, Sec. 2, eff. Sept. 1, 1997; Acts 2003, 78th Leg., ch. 1170, Sec. 22.01, eff. Sept. 1, 2003.

Amended by:

Acts 2005, 79th Leg., Ch. 265 (H.B. 7), Sec. 6.011, eff. September 1, 2005.

Acts 2007, 80th Leg., R.S., Ch. 9 (H.B. 675), Sec. 1, eff. April 23, 2007.

Acts 2013, 83rd Leg., R.S., Ch. 48 (H.B. 2472), Sec. 2, eff. September 1, 2013.

Sec. 2054.022. CONFLICT OF INTEREST. (a) A member of the board or the executive director may not:

(1) be a person required to register as a lobbyist under Chapter 305 because of the person's activities for compensation on behalf of a business entity that has, or on behalf of a trade association of business entities that have, a substantial interest in the information resources technologies industry;

(2) be an officer, employee, or paid consultant of a business entity that has, or of a trade association of business entities that have, a substantial interest in the information resources technologies industry and that may contract with state government;

(3) own, control, or have, directly or indirectly, more than a 10 percent interest in a business entity that has a substantial interest in the information resources technologies industry and that may contract with state government;

(4) receive more than 25 percent of the individual's income from a business entity that has a substantial interest in the information resources technologies industry and that may contract with state government;

(5) be interested in or connected with a contract or bid for furnishing a state agency with information resources technologies;

(6) be employed by a state agency as a consultant on information resources technologies; or

(7) accept or receive money or another thing of value from an individual, firm, or corporation to whom a contract may be awarded, directly or indirectly, by rebate, gift, or otherwise.

(b) A person who is the spouse of an officer, employee, or paid consultant of a business entity that has, or of a trade association of business entities that have, a substantial interest in the information resources technologies industry and that may contract with state government may not be a member of the board or the executive director.

(c) An employee of the department, other than the executive director, may not:

(1) be a person required to register as a lobbyist under Chapter 305 because of the person's activities for compensation on behalf of a business entity that has, or on behalf of a trade association of business entities that have, a substantial interest in the information resources technologies industry; or

(2) be employed by a state agency as a consultant on information resources technologies.

(d) For the purposes of this section, a trade association is a nonprofit, cooperative, and voluntarily joined association of business or professional competitors in this state designed to assist its members and its industry or profession in dealing with mutual business or professional problems and in promoting their common interest.

(e) The executive director shall dismiss an employee of the department who violates a prohibition under Subsection (c), and the board shall remove the executive director if the executive director violates a prohibition under Subsection (a).

Added by Acts 1993, 73rd Leg., ch. 268, Sec. 1, eff. Sept. 1, 1993. Amended by Acts 1997, 75th Leg., ch. 606, Sec. 3, eff. Sept. 1, 1997; Acts 2001, 77th Leg., ch. 1422, Sec. 14.01, eff. Sept. 1, 2001.

Amended by:

Acts 2013, 83rd Leg., R.S., Ch. 48 (H.B. 2472), Sec. 3, eff. September 1, 2013.

Sec. 2054.023. COMPENSATION; EXPENSES. (a) A member of the board may not receive compensation for services as a board member.

(b) A member is entitled to reimbursement for actual and necessary expenses reasonably incurred in connection with the performance of those services, subject to any applicable limitation on reimbursement provided by the General Appropriations Act.

(c) An ex officio member is entitled to reimbursement for those expenses under the rules of the member's office.

Added by Acts 1993, 73rd Leg., ch. 268, Sec. 1, eff. Sept. 1, 1993.

Sec. 2054.024. VACANCY. (a) The governor shall appoint a board member to fill a vacancy under the same procedure that applied to the original appointment for that position.

(b) If the presiding officer's position is vacant, the executive director shall perform nonvoting duties of the presiding officer until the governor designates a new presiding officer.

(c) If the final result of an action brought in a court of competent jurisdiction is that an ex officio or other member of the board may not serve on the board under the Texas Constitution, the appropriate individual shall promptly submit a list to the governor for the appointment of a replacement who may serve.

Added by Acts 1993, 73rd Leg., ch. 268, Sec. 1, eff. Sept. 1, 1993.

Sec. 2054.025. REMOVAL OF BOARD MEMBER. (a) It is a ground for removal from the board if a member:

(1) does not have at the time of appointment the qualifications or status required for appointment to the board;

(2) does not maintain during service on the board the qualifications or status required for initial appointment to the board;

(3) violates a prohibition established by Section 2054.022;

(4) cannot discharge because of illness or disability the member's duties for a substantial part of the term for which the member is appointed; or

(5) is absent from more than half of the regularly scheduled board meetings that the member is eligible to attend during a state fiscal year unless the absence is excused by majority vote of the board.

(b) The validity of an action of the board is not affected by the fact that it is taken while a ground for removal of a member of the board exists.

(c) If the executive director has knowledge that a potential ground for removal exists, the executive director shall inform the presiding officer. The presiding officer shall then inform the governor and the attorney general of the potential ground for removal. If the potential ground for removal involves the presiding officer, the executive director shall notify the next highest ranking officer of the board, who shall notify the governor and the attorney general that a potential ground for removal exists.

Added by Acts 1993, 73rd Leg., ch. 268, Sec. 1, eff. Sept. 1, 1993. Amended by Acts 1997, 75th Leg., ch. 606, Sec. 4, eff. Sept. 1, 1997.

Sec. 2054.026. LIMITATION ON LIABILITY. A member of the board is not liable in a civil action for an act performed in good faith in the performance of the member's duties.

Added by Acts 1993, 73rd Leg., ch. 268, Sec. 1, eff. Sept. 1, 1993.

Sec. 2054.027. MEETINGS; ACTION OF BOARD. (a) The board shall meet at least once in each quarter of the state fiscal year and may meet at other times at the call of the presiding officer or as provided by department rule.

(b) When a quorum is present, an affirmative vote of a majority of the members of the board present is necessary for an action of the board to be effective.

Added by Acts 1993, 73rd Leg., ch. 268, Sec. 1, eff. Sept. 1, 1993.

Sec. 2054.028. PRESIDING OFFICER. The governor shall designate a member of the board to serve as presiding officer at the discretion of the governor.

Added by Acts 1993, 73rd Leg., ch. 268, Sec. 1, eff. Sept. 1, 1993.

Sec. 2054.0285. EXECUTIVE DIRECTOR: CHIEF INFORMATION OFFICER; POWERS AND DUTIES. (a) The board shall employ an executive director. The executive director is the chief information officer for Texas state government.

(b) The executive director has authority for all aspects of information technology for state agencies, including:

(1) the use of technology to support state goals;

(2) functional support to state agencies;

(3) technology purchases;

(4) deployment of new technology;

(5) delivery of technology services; and

(6) provision of leadership on technology issues.

Added by Acts 2001, 77th Leg., ch. 1272, Sec. 4.01, eff. June 15, 2001.

Sec. 2054.0286. CHIEF DATA OFFICER. (a) The executive director, using existing department funds, shall employ a chief data officer to:

(1) improve the control and security of information collected by state agencies;

(2) promote between state agencies the sharing of information, including customer information;

(3) reduce information collection costs incurred by this state; and

(4) assist the department in the development and management of a data portal for use by state agencies.

(b) The chief data officer shall develop and implement best practices among state agencies to:

(1) improve interagency information coordination;

(2) reduce duplicative information collection;

(3) increase accountability and ensure compliance with statutes and rules requiring agencies to share information;

(4) improve information management and analysis to increase information security, uncover fraud and waste, reduce agency costs, improve agency operations, and verify compliance with applicable laws;

(5) encourage agencies to collect and post on the agencies' Internet websites or the data portal managed by the department information related to an agency's functions or other data maintained by the agency that is in an open file format and is machine-readable, exportable, and easily accessible by the public; and

(6) encourage the evaluation of open document formats for storing data and documents generated by state agencies.

(c) Each state agency shall cooperate with the chief data officer in fulfilling the requirements of this section.

Added by Acts 2015, 84th Leg., R.S., Ch. 1047 (H.B. 1912), Sec. 1, eff. September 1, 2015.

Amended by:

Acts 2019, 86th Leg., R.S., Ch. 604 (S.B. 819), Sec. 1, eff. September 1, 2019.

Sec. 2054.029. STAFF; SEPARATION OF RESPONSIBILITIES. (a) The board shall employ employees necessary to implement its duties.

(b) The executive director or the executive director's designee shall provide to members of the board and to the department's employees, as often as necessary, information regarding their qualifications for office or employment under this chapter and their responsibilities under applicable laws relating to standards of conduct for state officers or employees.

(c) The board shall develop and implement policies that clearly separate the policymaking responsibilities of the board and the management responsibilities of the executive director and the staff of the department.

Added by Acts 1993, 73rd Leg., ch. 268, Sec. 1, eff. Sept. 1, 1993. Amended by Acts 1997, 75th Leg., ch. 606, Sec. 5, eff. Sept. 1, 1997; Acts 2001, 77th Leg., ch. 1272, Sec. 4.01, eff. June 15, 2001.

Sec. 2054.030. MERIT PAY. (a) The executive director or the executive director's designee shall develop a system of annual performance evaluations that are based on documented employee performance.

(b) All merit pay for department employees must be based on the system established under this section.

Added by Acts 1993, 73rd Leg., ch. 268, Sec. 1, eff. Sept. 1, 1993. Amended by Acts 1997, 75th Leg., ch. 606, Sec. 6, eff. Sept. 1, 1997.

Sec. 2054.031. CAREER LADDER. (a) The executive director or the executive director's designee shall develop an intraagency career ladder program that addresses opportunities for mobility and advancement for employees within the department.

(b) The program shall require intraagency postings of all positions concurrently with any public posting.

Added by Acts 1993, 73rd Leg., ch. 268, Sec. 1, eff. Sept. 1, 1993; Amended by Acts 1997, 75th Leg., ch. 606, Sec. 7, eff. Sept. 1, 1997.

Sec. 2054.032. EQUAL EMPLOYMENT OPPORTUNITY. (a) The executive director or the executive director's designee shall prepare and maintain a written policy statement to assure implementation of a program of equal employment opportunity under which all personnel transactions are made without regard to race, color, disability, sex, religion, age, or national origin. The policy statement must include:

(1) personnel policies, including policies relating to recruitment, evaluation, selection, appointment, training, and promotion of personnel, that are in compliance with Chapter 21, Labor Code;

(2) a comprehensive analysis of the department workforce that meets federal and state laws, rules, and regulations and instructions promulgated directly from those laws, rules, and regulations;

(3) procedures by which a determination can be made about the extent of underuse in the department workforce of all persons for whom federal or state laws, rules, and regulations and instructions promulgated directly from those laws, rules, and regulations encourage a more equitable balance; and

(4) reasonable methods to appropriately address those areas of underuse.

(b) A policy statement prepared under Subsection (a) must cover an annual period, be updated annually and reviewed by the Commission on Human Rights for compliance with Subsection (a)(1), and be filed with the governor's office.

(c) The governor's office shall deliver a biennial report to the legislature based on the information received under Subsection (b). The report may be made separately or as a part of other biennial reports made to the legislature.

Added by Acts 1993, 73rd Leg., ch. 268, Sec. 1, eff. Sept. 1, 1993. Amended by Acts 1997, 75th Leg., ch. 606, Sec. 8, eff. Sept. 1, 1997.

Sec. 2054.033. ADVISORY COMMITTEES. (a) The board and the executive director, if authorized by the board, may appoint advisory committees as the department considers necessary to provide expertise to the department.

(b) A member of an advisory committee serves at the discretion of the board.

(c) A member of an advisory committee may not receive compensation for service on the committee. A member is entitled to reimbursement for actual and necessary expenses reasonably incurred in performing that service, subject to any applicable limitation on reimbursement provided by the General Appropriations Act.

(d) At least one member of each advisory committee must be an employee of a state agency.

Added by Acts 1993, 73rd Leg., ch. 268, Sec. 1, eff. Sept. 1, 1993.

Sec. 2054.0331. CUSTOMER ADVISORY COMMITTEE. (a) The board shall appoint a customer advisory committee under Section 2054.033.

(b) The advisory committee is composed of representatives of customers who receive services from each of the department's key programs, including state agencies with fewer than 100 employees, and the public.

(c) In making appointments to the advisory committee, the board shall, to the extent practicable, ensure that the committee is composed of a cross-section of the department's customers, including institutions of higher education, and the public.

(d) The advisory committee shall report to and advise the board on the status of the department's delivery of critical statewide services.

Added by Acts 2013, 83rd Leg., R.S., Ch. 48 (H.B. 2472), Sec. 4, eff. September 1, 2013.

Sec. 2054.0332. DATA MANAGEMENT ADVISORY COMMITTEE. (a) The board shall appoint a data management advisory committee.

(b) The advisory committee is composed of each data management officer designated by a state agency under Section 2054.137 and the department's chief data officer.

(c) The advisory committee shall:

(1) advise the board and department on establishing statewide data ethics, principles, goals, strategies, standards, and architecture;

(2) provide guidance and recommendations on governing and managing state agency data and data management systems, including recommendations to assist data management officers in fulfilling the duties assigned under Section 2054.137; and

(3) establish performance objectives for state agencies from this state's data-driven policy goals.

(d) Sections 2110.002 and 2110.008 do not apply to the advisory committee.

Added by Acts 2021, 87th Leg., R.S., Ch. 567 (S.B. 475), Sec. 1, eff. June 14, 2021.

Sec. 2054.034. DEPARTMENT FINANCES. (a) All money paid to the department under this chapter is subject to Subchapter F, Chapter 404.

(b) Repealed by Acts 2011, 82nd Leg., R.S., Ch. 1083, Sec. 25(70), eff. June 17, 2011.

Added by Acts 1997, 75th Leg., ch. 606, Sec. 9, eff. Sept. 1, 1997.

Amended by:

Acts 2011, 82nd Leg., R.S., Ch. 1083 (S.B. 1179), Sec. 25(70), eff. June 17, 2011.

Sec. 2054.0345. DETERMINATION OF ADMINISTRATIVE FEES. (a) The department shall adopt a process to determine the amount of the administrative fee the department charges to administer any of its programs, including fees charged for programs under Sections 2054.380 and 2170.057.

(b) The process must require that the amount of a fee directly relate to the amount necessary for the department to recover the cost of its operations, as determined by the department's annual budget process.

(c) The department shall develop clear procedures directing staff for each department program and the department's financial staff to work together to determine the amount of administrative fees. The procedures must require review and approval of all administrative fees by the board, the executive director, and the department's chief financial officer.

Added by Acts 2013, 83rd Leg., R.S., Ch. 48 (H.B. 2472), Sec. 5, eff. September 1, 2013.

Sec. 2054.0346. REPORTING OF ADMINISTRATIVE FEES. (a) The department shall report to the Legislative Budget Board all administrative fees that the department sets under Section 2054.0345 each fiscal year. The report must include:

(1) the underlying analysis and methodology used to determine the fee amounts; and

(2) the cost allocation charged to customers.

(b) The department shall post on the department's Internet website information about each administrative fee the department charges, including a description of how the fee is determined. The department must update this information when a contract amendment or other action results in a major change to the costs incurred or the price paid by the department or a customer of the department.

Added by Acts 2013, 83rd Leg., R.S., Ch. 48 (H.B. 2472), Sec. 5, eff. September 1, 2013.

Sec. 2054.035. PARTICIPATION AND ACCESSIBILITY. (a) The board shall develop and implement policies that provide the public with a reasonable opportunity to appear before the board and to speak on any issue under the jurisdiction of the department.

(b) The department shall prepare information of public interest describing the functions of the department and the procedures by which complaints are filed with and resolved by the department. The department shall make the information available to the public and appropriate state agencies.

(c) The board by rule shall establish methods by which consumers and service recipients are notified of the name, mailing address, and telephone number of the department for the purpose of directing complaints to the department. The board may provide for that notification:

(1) on each registration form, application, or written contract for services of an individual or entity regulated under this chapter;

(2) on a sign prominently displayed in the place of business of each individual or entity regulated under this chapter; or

(3) in a bill for service provided by an individual or entity regulated under this chapter.

(d) The department shall comply with federal and state laws related to program and facility accessibility. The executive director shall also prepare and maintain a written plan that describes how a person who does not speak English can be provided reasonable access to the department's programs and services.

Added by Acts 1997, 75th Leg., ch. 606, Sec. 9, eff. Sept. 1, 1997.

Sec. 2054.036. COMPLAINTS. (a) The department shall keep a file about each written complaint filed with the department that the department has authority to resolve. The department shall provide to the person filing the complaint and the persons or entities complained about the department's policies and procedures pertaining to complaint investigation and resolution. The department, at least quarterly and until final disposition of the complaint, shall notify the person filing the complaint and the persons or entities complained about of the status of the complaint unless the notice would jeopardize an undercover investigation.

(b) The department shall keep information about each complaint filed with the department. The information shall include:

(1) the date the complaint is received;

(2) the name of the complainant;

(3) the subject matter of the complaint;

(4) a record of all persons contacted in relation to the complaint;

(5) a summary of the results of the review or investigation of the complaint; and

(6) for complaints for which the department took no action, an explanation of the reason the complaint was closed without action.

Added by Acts 1997, 75th Leg., ch. 606, Sec. 9, eff. Sept. 1, 1997.

Sec. 2054.037. NEGOTIATED RULEMAKING; ALTERNATIVE DISPUTE RESOLUTION. (a) The board shall develop and implement a policy to encourage the use of:

(1) negotiated rulemaking procedures under Chapter 2008 for the adoption of department rules; and

(2) appropriate alternative dispute resolution procedures under Chapter 2009 to assist in the resolution of internal and external disputes under the department's jurisdiction.

(b) The department's procedures relating to alternative dispute resolution must conform, to the extent possible, to any model guidelines issued by the State Office of Administrative Hearings for the use of alternative dispute resolution by state agencies.

(c) The department shall:

(1) coordinate the implementation of the policy adopted under Subsection (a);

(2) provide training as needed to implement the procedures for negotiated rulemaking or alternative dispute resolution; and

(3) collect data concerning the effectiveness of those procedures.

Added by Acts 2013, 83rd Leg., R.S., Ch. 48 (H.B. 2472), Sec. 6, eff. September 1, 2013.

Sec. 2054.038. INTERNAL AUDITOR; POWERS AND DUTIES. (a) The board shall:

(1) appoint an internal auditor who reports directly to the board and serves at the will of the board; and

(2) provide staff and other resources to the internal auditor as appropriate.

(b) The internal auditor shall prepare an annual audit plan using risk assessment techniques to rank high-risk functions in the department. The internal auditor shall submit the annual audit plan to the board for consideration and approval. The board may change the plan as necessary or advisable.

(c) The internal auditor may bring before the board an issue outside of the annual audit plan that requires the immediate attention of the board.

(d) The internal auditor may not be assigned any operational or management responsibilities that impair the ability of the internal auditor to make an independent examination of the department's operations. The internal auditor may provide guidance or other advice before an operational or management decision is made but may not make the decision, approve the decision, or otherwise violate this subsection.

(e) The department shall give the internal auditor unrestricted access to the activities and records of the department unless restricted by other law.

Added by Acts 2013, 83rd Leg., R.S., Ch. 48 (H.B. 2472), Sec. 7, eff. September 1, 2013.

Sec. 2054.039. OPEN MEETINGS EXCEPTION FOR INTERNAL AUDITOR. A meeting between the board and the department's internal auditor to discuss issues related to fraud, waste, or abuse is not required to be an open meeting under Chapter 551.

Added by Acts 2013, 83rd Leg., R.S., Ch. 48 (H.B. 2472), Sec. 7, eff. September 1, 2013.

Sec. 2054.040. AUDIT SUBCOMMITTEE. (a) The board shall maintain an audit subcommittee of the board. The subcommittee shall oversee the department's internal auditor and any other audit issues that the board considers appropriate.

(b) The subcommittee shall evaluate whether the internal auditor has sufficient resources to perform the auditor's duties and ensure that sufficient resources are available.

Added by Acts 2013, 83rd Leg., R.S., Ch. 48 (H.B. 2472), Sec. 7, eff. September 1, 2013.

Sec. 2054.041. ADDITIONAL BOARD OVERSIGHT. (a) The board shall adopt a policy describing the board's role in setting a strategic direction for the department. The policy must address the board's role in developing new initiatives for and service offerings by the department, including requiring the board to evaluate and approve new initiatives for, or categories of, services offered by the department under the department's various programs.

(b) The board shall regularly evaluate the extent to which the department fulfills the department's information resources technology mission by providing cost-effective services and meeting customer needs.

(c) The board shall regularly evaluate department operations, including an evaluation of analytical data and information regarding trends in department revenue and expenses, as well as performance information.

Added by Acts 2013, 83rd Leg., R.S., Ch. 48 (H.B. 2472), Sec. 8, eff. September 1, 2013.

SUBCHAPTER C. GENERAL POWERS AND DUTIES OF DEPARTMENT


Sec. 2054.051. GENERAL DUTIES OF DEPARTMENT. (a) The department shall provide the leadership in and coordination of information resources management within state government.

(b) The department shall monitor national and international standards relating to information resources technologies, develop and publish policies, procedures, and standards relating to information resources management by state agencies, and ensure compliance with those policies, procedures, and standards.

(c) The department shall provide and coordinate an information resources management training program for the departments of state government.

(d) Repealed by Acts 2009, 81st Leg., R.S., Ch. 393, Sec. 2.07(1), eff. September 1, 2009.

(e) The department shall provide for all interagency use of information resources technologies by state agencies. The department may provide for interagency use of information resources technologies either directly or by certifying another state agency to provide specified uses of information resources technologies to other state agencies.

(f) The department shall identify opportunities for state agencies to coordinate with each other in the adoption and implementation of information resources technology projects.

(g) The department shall establish plans and policies for the system of telecommunications services managed and operated by the department.

(h) The department shall:

(1) coordinate with the quality assurance team to develop contracting standards for information resources technologies acquisition and purchased services; and

(2) work with state agencies to ensure deployment of standardized contracts.

Added by Acts 1993, 73rd Leg., ch. 268, Sec. 1, eff. Sept. 1, 1993. Amended by Acts 2001, 77th Leg., ch. 342, Sec. 1, eff. May 3, 2001; Acts 2001, 77th Leg., ch. 1422, Sec. 4.01, eff. Sept. 1, 2001.

Amended by:

Acts 2007, 80th Leg., R.S., Ch. 394 (S.B. 757), Sec. 1, eff. September 1, 2007.

Acts 2009, 81st Leg., R.S., Ch. 393 (H.B. 1705), Sec. 2.07(1), eff. September 1, 2009.

Acts 2013, 83rd Leg., R.S., Ch. 1051 (H.B. 3093), Sec. 1, eff. September 1, 2013.

Sec. 2054.052. GENERAL POWERS OF DEPARTMENT. (a) The department may adopt rules as necessary to implement its responsibility under this chapter.

(b) The department may require each state agency to report to the department:

(1) each agency's use of information resources technologies;

(2) the effect of those technologies on the duties and functions of the agency;

(3) the costs incurred by the agency in the acquisition and use of those technologies;

(4) the procedures followed in obtaining those technologies;

(5) the categories of information produced by the agency; and

(6) other information relating to information resources management that in the judgment of the department should be reported.

(c) At the request of a state agency, the department may provide technical and managerial assistance relating to information resources management, including automation feasibility studies, systems analysis, and design, training, and technology evaluation.

(d) The department may report to the governor and to the presiding officer of each house of the legislature any factors that in the opinion of the department are outside the duties of the department but that inhibit or promote the effective exchange and use of information in state government.

(e) The department may:

(1) acquire, apply for, register, secure, hold, protect, and renew under the laws of the State of Texas, the United States, any state in the United States, or any nation:

(A) a patent for the invention, discovery, or improvement of any new and useful process, machine, manufacture, composition of matter, art, or method, including any new use of a known process, machine, manufacture, composition of matter, art, or method;

(B) a copyright for an original work of authorship fixed in any tangible medium of expression, now known or later developed, from which it can be perceived, reproduced, or otherwise communicated, either directly or with the aid of a machine or device;

(C) a trademark, service mark, collective mark, or certification mark for a word, name, symbol, device, or slogan that the department uses to identify and distinguish its goods and services from other goods and services; or

(D) other evidence of protection or exclusivity issued for intellectual property;

(2) contract with a person or entity for the reproduction, distribution, public performance, display, advertising, marketing, lease, licensing, sale, use, or other distribution of the department's intellectual property;

(3) obtain under a contract described in Subdivision (2) a royalty, license right, or other appropriate means of securing reasonable compensation for the exercise of rights with respect to the department's intellectual property; and

(4) waive, increase, or reduce the amount of compensation secured by contract under Subdivision (3) if the department determines that the waiver, increase, or reduction will:

(A) further a goal or mission of the department; and

(B) result in a net benefit to the state.

(f) Except as provided by Section 2054.115(c), money paid to the department under this section shall be deposited to the credit of the general revenue fund.

(g) The department may accept or refuse a gift or grant of money, services, or property on behalf of the state for any public purpose related to the duties of the department.

Added by Acts 1993, 73rd Leg., ch. 268, Sec. 1, eff. Sept. 1, 1993. Amended by Acts 1995, 74th Leg., ch. 76, Sec. 5.26(b), eff. Sept. 1, 1995; Acts 2003, 78th Leg., ch. 825, Sec. 1, eff. Sept. 1, 2003.

Amended by:

Acts 2007, 80th Leg., R.S., Ch. 8 (H.B. 674), Sec. 1, eff. April 23, 2007.

Sec. 2054.0525. CUSTOMERS ELIGIBLE FOR DEPARTMENT SERVICES. If the executive director determines that participation is in the best interest of this state, the following entities are eligible customers for services the department provides:

(1) a state agency;

(2) a local government;

(3) the legislature or a legislative agency;

(4) the supreme court, the court of criminal appeals, or a court of appeals;

(5) a public hospital owned or operated by this state or a political subdivision or municipal corporation of this state, including a hospital district or hospital authority;

(6) an independent organization certified under Section 39.151, Utilities Code, for the ERCOT power region;

(7) the Texas Permanent School Fund Corporation;

(8) an assistance organization, as defined by Section 2175.001;

(9) an open-enrollment charter school, as defined by Section 5.001, Education Code;

(10) a private school, as defined by Section 5.001, Education Code;

(11) a private or independent institution of higher education, as defined by Section 61.003, Education Code;

(12) a public safety entity, as defined by 47 U.S.C. Section 1401;

(13) a volunteer fire department, as defined by Section 152.001, Tax Code; and

(14) a governmental entity of another state.

Added by Acts 2023, 88th Leg., R.S., Ch. 242 (H.B. 4553), Sec. 1, eff. September 1, 2023.

Sec. 2054.053. LEGISLATIVE BUDGET INSTRUCTIONS; APPROPRIATION REQUESTS. (a) The department may identify, develop, and recommend to the Legislative Budget Board issues related to information resources management to be considered when developing the legislative budget instructions to state agencies. The department shall inform the governor of issues that are recommended to the Legislative Budget Board under this subsection.

(b) At the request of a state agency, the department may assist the agency in the preparation of projects to be submitted as part of the agency's legislative appropriation request and may make recommendations on any proposed projects. The recommendations under this subsection apply to a project and not to a specific procurement or set of specifications.

Added by Acts 1993, 73rd Leg., ch. 268, Sec. 1, eff. Sept. 1, 1993.

Sec. 2054.054. CLIENT OMNIBUS REGISTRY AND EXCHANGE DATA BASES. (a) The department may develop and maintain a client omnibus registry and exchange data bases to cover public and private health and human services, programs, and clients and to facilitate the exchange of data among the state's health and human services agencies.

(b) The department must assure in maintaining the information that:

(1) health and mental health communications and records privileged under Chapter 611, Health and Safety Code, Subtitle B, Title 3, Occupations Code, and the Texas Rules of Evidence remain confidential and privileged;

(2) personally identifiable health and mental health communications and records of persons involved in the receipt or delivery of health or human services are confidential and privileged; and

(3) a private source is not required to provide confidential health or mental health communications or records unless a law specifically requires disclosure.

Added by Acts 1993, 73rd Leg., ch. 268, Sec. 1, eff. Sept. 1, 1993. Amended by Acts 2001, 77th Leg., ch. 1420, Sec. 14.767, eff. Sept. 1, 2001.

Sec. 2054.0541. STATEWIDE HEALTH CARE DATA COLLECTION SYSTEM. The department shall assist the Texas Health Care Information Council and the Texas Department of Health with planning, analyses, and management functions relating to the procurement, use, and implementation of a statewide health care data collection system under Chapter 108, Health and Safety Code.

Added by Acts 1995, 74th Leg., ch. 726, Sec. 4, eff. Sept. 1, 1995.

Sec. 2054.055. PERFORMANCE REPORT. (a) Not later than November 15 of each even-numbered year, the board shall review and approve and the department shall present a report on the use of information resources technologies by state government.

(b) The report must:

(1) assess the progress made toward meeting the goals and objectives of the state strategic plan for information resources management;

(2) describe major accomplishments of the state or a specific state agency in information resources management;

(3) describe major problems in information resources management confronting the state or a specific state agency;

(4) provide a summary of the total expenditures for information resources and information resources technologies by the state;

(5) make recommendations for improving the effectiveness and cost-efficiency of the state's use of information resources;

(6) describe the status, progress, benefits, and efficiency gains of the state electronic Internet portal project, including any significant issues regarding contract performance;

(7) provide a financial summary of the state electronic Internet portal project, including project costs and revenues;

(8) provide a summary of the amount and use of Internet-based training conducted by each state agency and institution of higher education;

(9) provide a summary of agency and statewide results in providing access to electronic and information resources to individuals with disabilities as required by Subchapter M;

(10) assess the progress made toward accomplishing the goals of the plan for a state telecommunications network and developing a system of telecommunications services as provided by Subchapter H; and

(11) identify proposed major information resources projects for the next state fiscal biennium, including project costs through stages of the project and across state fiscal years from project initiation to implementation.

(b-1) The report under this section shall address consolidated telecommunications system performance, centralized capitol complex telephone system performance, telecommunications system needs, and recommended statutory changes to enhance system capability and cost-effectiveness. In this subsection, "centralized capitol complex telephone system" and "consolidated telecommunications system" have the meanings assigned by Section 2054.2011.

(b-2) The information required under Subsection (b)(11) must include:

(1) final total cost of ownership budget data for the entire life cycle of the major information resources project, including capital and operational costs that itemize staffing costs, contracted services, hardware purchased or leased, software purchased or leased, travel, and training;

(2) the original project schedule and the final actual project schedule;

(3) data on the progress toward meeting the original goals and performance measures of the project, specifically those related to operating budget savings;

(4) lessons learned on the project, performance evaluations of any vendors used in the project, and reasons for project delays or cost increases; and

(5) the benefits, cost avoidance, and cost savings generated by major technology resources projects.

(c) The department shall submit the report to the governor and to the legislature.

(d) The department may make interim reports that it considers necessary.

(e) The department is entitled to obtain any information about a state agency's information resources and information resources technologies that the department determines is necessary to prepare a report under this section.

Added by Acts 1993, 73rd Leg., ch. 268, Sec. 1, eff. Sept. 1, 1993. Amended by Acts 1995, 74th Leg., ch. 76, Sec. 5.26(c), eff. Sept. 1, 1995; Acts 2001, 77th Leg., ch. 1272, Sec. 1.02, eff. June 15, 2001.

Amended by:

Acts 2007, 80th Leg., R.S., Ch. 394 (S.B. 757), Sec. 2, eff. September 1, 2007.

Acts 2007, 80th Leg., R.S., Ch. 691 (H.B. 1788), Sec. 3, eff. September 1, 2007.

Acts 2007, 80th Leg., R.S., Ch. 1208 (H.B. 1789), Sec. 1, eff. September 1, 2007.

Acts 2009, 81st Leg., R.S., Ch. 87 (S.B. 1969), Sec. 11.018, eff. September 1, 2009.

Acts 2009, 81st Leg., R.S., Ch. 393 (H.B. 1705), Sec. 1.07, eff. September 1, 2009.

Acts 2011, 82nd Leg., R.S., Ch. 973 (H.B. 1504), Sec. 11, eff. June 17, 2011.

Acts 2013, 83rd Leg., R.S., Ch. 1051 (H.B. 3093), Sec. 2, eff. September 1, 2013.

Acts 2019, 86th Leg., R.S., Ch. 953 (S.B. 65), Sec. 3, eff. September 1, 2019.

Sec. 2054.056. COMPUTER SERVICES. The department may provide computer services under interagency contracts to state agencies that choose to contract with the department.

Added by Acts 1993, 73rd Leg., ch. 268, Sec. 1, eff. Sept. 1, 1993. Amended by Acts 1995, 74th Leg., ch. 76, Sec. 5.26(d), eff. Sept. 1, 1995.

Sec. 2054.0565. USE OF CONTRACTS BY OTHER ENTITIES. (a) The department may include terms in a procurement contract entered into by the department, including a contract entered into under Section 2157.068, that allow the contract to be used by another state agency, a political subdivision of this state, a governmental entity of another state, or an assistance organization as defined by Section 2175.001.

(b) A political subdivision that purchases an item or service using a contract under this section satisfies any other law requiring the political subdivision to seek competitive bids for that item or service.

(c) Notwithstanding any other law, a state governmental entity that is not a state agency as defined by Section 2054.003 may use a contract as provided by Subsection (a) without being subject to a rule, statute, or contract provision, including a provision in a contract entered into under Section 2157.068, that would otherwise require the state governmental entity to:

(1) sign an interagency agreement; or

(2) disclose the items purchased or the value of the purchase.

(d) A state governmental entity that is not a state agency as defined by Section 2054.003 that uses a contract as provided by Subsection (a) may prohibit a vendor from disclosing the items purchased, the use of the items purchased, and the value of the purchase.

Added by Acts 2005, 79th Leg., Ch. 1068 (H.B. 1516), Sec. 1.01, eff. September 1, 2005.

Amended by:

Acts 2007, 80th Leg., R.S., Ch. 1081 (H.B. 2918), Sec. 2, eff. September 1, 2007.

Acts 2007, 80th Leg., R.S., Ch. 1081 (H.B. 2918), Sec. 3, eff. September 1, 2007.

Sec. 2054.058. CONSIDERATION OF VENDOR INCENTIVES. When contracting with a vendor to perform a task related to an electronic government project, the department shall consider methods of payments, including considering whether a percentage of money to be saved could be used to provide an incentive to the vendor to complete the project on time and under budget.

Added by Acts 2001, 77th Leg., ch. 1272, Sec. 4.02, eff. June 15, 2001.

Sec. 2054.059. CYBERSECURITY. From available funds, the department shall:

(1) establish and administer a clearinghouse for information relating to all aspects of protecting the cybersecurity of state agency information;

(2) develop strategies and a framework for:

(A) the securing of cyberinfrastructure by state agencies, including critical infrastructure; and

(B) cybersecurity risk assessment and mitigation planning;

(3) develop and provide training to state agencies on cybersecurity measures and awareness;

(4) provide assistance to state agencies on request regarding the strategies and framework developed under Subdivision (2); and

(5) promote public awareness of cybersecurity issues.

Added by Acts 2001, 77th Leg., ch. 545, Sec. 1, eff. Sept. 1, 2001. Renumbered from Government Code Sec. 2054.063 by Acts 2003, 78th Leg., ch. 1275, Sec. 2(80), eff. Sept. 1, 2003.

Amended by:

Acts 2013, 83rd Leg., R.S., Ch. 477 (S.B. 1134), Sec. 1, eff. September 1, 2013.

Sec. 2054.0591. CYBERSECURITY REPORT.

(a) Not later than November 15 of each even-numbered year, the department shall submit to the governor, the lieutenant governor, the speaker of the house of representatives, and the standing committee of each house of the legislature with primary jurisdiction over state government operations a report identifying preventive and recovery efforts the state can undertake to improve cybersecurity in this state. The report must include:

(1) an assessment of the resources available to address the operational and financial impacts of a cybersecurity event;

(2) a review of existing statutes regarding cybersecurity and information resources technologies;

(3) recommendations for legislative action to increase the state's cybersecurity and protect against adverse impacts from a cybersecurity event; and

(4) an evaluation of a program that provides an information security officer to assist small state agencies and local governments that are unable to justify hiring a full-time information security officer.

(b) The department or a recipient of a report under this section may redact or withhold information confidential under Chapter 552, including Section 552.139, or other state or federal law that is contained in the report in response to a request under Chapter 552 without the necessity of requesting a decision from the attorney general under Subchapter G, Chapter 552.

Added by Acts 2017, 85th Leg., R.S., Ch. 955 (S.B. 1910), Sec. 1, eff. September 1, 2017.

Amended by:

Acts 2019, 86th Leg., R.S., Ch. 509 (S.B. 64), Sec. 9, eff. September 1, 2019.

Sec. 2054.0592. CYBERSECURITY EMERGENCY FUNDING. If a cybersecurity event creates a need for emergency funding, the department may request that the governor or Legislative Budget Board make a proposal under Chapter 317 to provide funding to manage the operational and financial impacts from the cybersecurity event.

Added by Acts 2017, 85th Leg., R.S., Ch. 955 (S.B. 1910), Sec. 1, eff. September 1, 2017.

Sec. 2054.0593. CLOUD COMPUTING STATE RISK AND AUTHORIZATION MANAGEMENT PROGRAM. (a) In this section, "cloud computing service" has the meaning assigned by Section 2157.007.

(b) The department shall establish a state risk and authorization management program to provide a standardized approach for security assessment, authorization, and continuous monitoring of cloud computing services that process the data of a state agency. The program must allow a vendor to demonstrate compliance by submitting documentation that shows the vendor's compliance with a risk and authorization management program of:

(1) the federal government; or

(2) another state that the department approves.

(c) The department by rule shall prescribe:

(1) the categories and characteristics of cloud computing services subject to the state risk and authorization management program; and

(2) the requirements for certification through the program of vendors that provide cloud computing services.

(d) A state agency shall require each vendor contracting with the agency to provide cloud computing services for the agency to comply with the requirements of the state risk and authorization management program. The department shall evaluate vendors to determine whether a vendor qualifies for a certification issued by the department reflecting compliance with program requirements.

(e) A state agency may not enter or renew a contract with a vendor to purchase cloud computing services for the agency that are subject to the state risk and authorization management program unless the vendor demonstrates compliance with program requirements.

(f) A state agency shall require a vendor contracting with the agency to provide cloud computing services for the agency that are subject to the state risk and authorization management program to maintain program compliance and certification throughout the term of the contract.

Added by Acts 2021, 87th Leg., R.S., Ch. 567 (S.B. 475), Sec. 2, eff. June 14, 2021.

Sec. 2054.0594. INFORMATION SHARING AND ANALYSIS ORGANIZATION. (a) The department shall establish an information sharing and analysis organization to provide a forum for state agencies, local governments, public and private institutions of higher education, and the private sector to share information regarding cybersecurity threats, best practices, and remediation strategies.

(b) The department shall provide administrative support to the information sharing and analysis organization.

(c) A participant in the information sharing and analysis organization shall assert any exception available under state or federal law, including Section 552.139, in response to a request for public disclosure of information shared through the organization. Section 552.007 does not apply to information described by this subsection.

(d) The department shall establish a framework for regional cybersecurity working groups to execute mutual aid agreements that allow state agencies, local governments, regional planning commissions, public and private institutions of higher education, the private sector, and the incident response team established under Subchapter N-2 to assist with responding to a cybersecurity event in this state. A working group may be established within the geographic area of a regional planning commission established under Chapter 391, Local Government Code. The working group may establish a list of available cybersecurity experts and share resources to assist in responding to the cybersecurity event and recovery from the event.

Added by Acts 2017, 85th Leg., R.S., Ch. 683 (H.B. 8), Sec. 5, eff. September 1, 2017.

Amended by:

Acts 2019, 86th Leg., R.S., Ch. 509 (S.B. 64), Sec. 10, eff. September 1, 2019.

Acts 2021, 87th Leg., R.S., Ch. 567 (S.B. 475), Sec. 3, eff. June 14, 2021.

Sec. 2054.060. DIGITAL SIGNATURE. (a) A digital signature may be used to authenticate a written electronic communication sent to a state agency if it complies with rules adopted by the department.

(b) A digital signature may be used to authenticate a written electronic communication sent to a local government if it complies with rules adopted by the governing body of the local government. Before adopting the rules, the governing body of the local government shall consider the rules adopted by the department and, to the extent possible and practicable, shall make the governing body's rules consistent with the department's rules.

(c) This section does not preclude any symbol from being valid as a signature under other applicable law, including Section 1.201(39), Business & Commerce Code.

(d) The use of a digital signature under this section is subject to criminal laws pertaining to fraud and computer crimes, including Chapters 32 and 33, Penal Code.

(e) In this section:

(1) "Digital signature" means an electronic identifier intended by the person using it to have the same force and effect as the use of a manual signature.

(2) "Local government" has the meaning assigned by Section 791.003, but does not include an agency in the judicial branch of local government.

(3) "State agency" does not include an agency in the judicial branch of state government.

Added by Acts 1997, 75th Leg., ch. 528, Sec. 2, eff. Sept. 1, 1997. Amended by Acts 2003, 78th Leg., ch. 785, Sec. 25, eff. Sept. 1, 2003.

Sec. 2054.061. USE OF CONSULTANTS AND OUTSIDE STAFF. (a) The department shall develop clear criteria for the appropriate use of consultants and outside staff by the department to temporarily augment the department's existing staff.

(b) The department shall annually analyze:

(1) the department's staffing needs;

(2) the need for and cost-effectiveness of contracting for consultants and outside staff;

(3) whether the department could use department staff to accomplish tasks proposed for the consultants and outside staff;

(4) whether and what type of training or additional resources are necessary for the department to use the department's own staff to accomplish tasks proposed for the consultants or outside staff; and

(5) whether entering into an agreement with a public junior college district or public technical institute under Section 2054.0701 is appropriate to assist the department in meeting staffing needs.

(c) In conjunction with the budget process, the department shall provide the analysis to the board for approval. The department may not hire or train any consultants or outside staff unless it has been approved during this budget process.

Added by Acts 2013, 83rd Leg., R.S., Ch. 48 (H.B. 2472), Sec. 9, eff. September 1, 2013.

Amended by:

Acts 2023, 88th Leg., R.S., Ch. 473 (H.B. 584), Sec. 1, eff. September 1, 2023.

Sec. 2054.062. INFORMATION RESOURCES TECHNOLOGIES CONSOLIDATION. (a) The department shall develop a consistent and clear method of measuring the costs and progress of an information resources technology consolidation initiative, including a consolidation under Subchapter L.

(b) The department shall work with any entity involved in an information resources technology consolidation to develop an agreed on methodology for collecting and validating data to determine a baseline assessment of costs. The department shall use the data both in the department's initial cost projections and in any later cost comparison. The department shall coordinate with the internal auditor for guidance, subject to Section 2054.038(d), on developing a methodology that provides an objective assessment of costs and project status.

(c) Using the methodology agreed on under Subsection (b), the department shall evaluate actual costs and cost savings related to the consolidation. The department shall also evaluate the progress of the department's information resources consolidation projects compared to the initially projected timelines for implementation. The evaluation results must break out the information on both statewide and individual entity levels.

(d) The department shall annually report the evaluation results to:

(1) the board;

(2) the Legislative Budget Board; and

(3) customers involved in the consolidation.

(e) The department shall post on the department's Internet website the report required by this section.

Added by Acts 2013, 83rd Leg., R.S., Ch. 48 (H.B. 2472), Sec. 10, eff. September 1, 2013.

Sec. 2054.063. ELECTRONIC REPORTING TO STATE AGENCIES. The department shall advise and consult with state agencies to assess opportunities for allowing persons to electronically file with an agency information that the agency requires a person to report. The department shall identify the cost of implementing an electronic reporting procedure and any barriers to electronic reporting. The department may:

(1) survey state agencies to identify:

(A) electronic reporting efforts currently being used by an agency;

(B) common needs among agencies; and

(C) opportunities to use a standardized approach to electronic reporting;

(2) identify the costs associated with electronic reporting;

(3) identify reports that may be filed electronically;

(4) advise an agency regarding ways the agency may effectively and economically allow electronic reporting to the agency; and

(5) develop and implement a plan to adopt electronic reporting in state government, whenever it is effective and efficient to do so.

Added by Acts 2001, 77th Leg., ch. 36, Sec. 1, eff. Sept. 1, 2001.

Sec. 2054.064. BOARD APPROVAL OF CONTRACTS. The board by rule shall establish approval requirements for all contracts, including a monetary threshold above which board approval is required before the contract may be executed.

Added by Acts 2011, 82nd Leg., 1st C.S., Ch. 4 (S.B. 1), Sec. 23.03, eff. September 28, 2011.

Sec. 2054.065. REVIEW OF CERTAIN CONTRACT SOLICITATIONS. (a) In this section:

(1) "Major contract" means a contract that has a value of at least $1 million.

(2) "Team" means the Contract Advisory Team established under Subchapter C, Chapter 2262.

(b) For any solicitation of a major contract the department is required to submit for review by the team, the department shall:

(1) implement any recommendations made by the team regarding the solicitation; or

(2) provide a written explanation of why the team's recommendations cannot be implemented.

Added by Acts 2013, 83rd Leg., R.S., Ch. 48 (H.B. 2472), Sec. 10, eff. September 1, 2013.

Sec. 2054.066. DEPARTMENT REVIEW. (a) The department, in consultation with the quality assurance team, the Information Technology Council for Higher Education, and the Legislative Budget Board, shall review existing statutes, procedures, data, and organizational structures to identify opportunities to increase efficiency, customer service, and transparency in information resources technologies. The department must:

(1) identify and address financial data needed to comprehensively evaluate information resources technologies spending from an enterprise perspective;

(2) review best practices in information resources technologies governance, including private sector practices and lessons learned from other states; and

(3) review existing statutes regarding information resources technologies governance, standards, and financing to identify inconsistencies between current law and best practices.

(b) The department shall report its findings and recommendations to the governor, lieutenant governor, speaker of the house of representatives, Senate Committee on Government Organization, and House Technology Committee not later than December 1, 2014.

Added by Acts 2013, 83rd Leg., R.S., Ch. 1051 (H.B. 3093), Sec. 3, eff. September 1, 2013.

Sec. 2054.067. POSTING OF CERTAIN DOCUMENTS RELATING TO CONTRACT SOLICITATIONS. (a) The department shall post all solicitation documents related to a contract of the department, including contracts under Chapter 2157, to the centralized accounting and payroll system authorized under Sections 2101.035 and 2101.036, or any successor system used to implement the enterprise resource planning component of the uniform statewide accounting project.

(b) The documents posted under Subsection (a) must include documents showing the criteria by which the department evaluated each vendor responding to the contract solicitation and, if applicable, an explanation of why the vendor was selected by the department under Section 2157.068(b).

Added by Acts 2015, 84th Leg., R.S., Ch. 326 (S.B. 20), Sec. 5, eff. September 1, 2015.

Sec. 2054.068. INFORMATION TECHNOLOGY INFRASTRUCTURE REPORT. (a) In this section, "information technology" includes information resources and information resources technologies.

(b) The department shall collect from each state agency information on the status and condition of the agency's information technology infrastructure, including information regarding:

(1) the agency's information security program;

(2) an inventory of the agency's servers, mainframes, cloud services, and other information technology equipment;

(3) identification of vendors that operate and manage the agency's information technology infrastructure; and

(4) any additional related information requested by the department.

(c) A state agency shall provide the information required by Subsection (b) to the department according to a schedule determined by the department.

(d) Not later than November 15 of each even-numbered year, the department shall submit to the governor, chair of the house appropriations committee, chair of the senate finance committee, speaker of the house of representatives, lieutenant governor, and staff of the Legislative Budget Board a consolidated report of the information submitted by state agencies under Subsection (b).

(e) The consolidated report required by Subsection (d) must:

(1) include an analysis and assessment of each state agency's security and operational risks; and

(2) for a state agency found to be at higher security and operational risks, include a detailed analysis of agency efforts to address the risks and related vulnerabilities.

(f) With the exception of information that is confidential under Chapter 552, including Section 552.139, or other state or federal law, the consolidated report submitted under Subsection (d) is public information and must be released or made available to the public on request. A governmental body as defined by Section 552.003 may withhold information confidential under Chapter 552, including Section 552.139, or other state or federal law that is contained in a consolidated report released under this subsection without the necessity of requesting a decision from the attorney general under Subchapter G, Chapter 552.

(g) This section does not apply to an institution of higher education or university system, as defined by Section 61.003, Education Code.

Added by Acts 2017, 85th Leg., R.S., Ch. 555 (S.B. 532), Sec. 2, eff. September 1, 2017.

Amended by:

Acts 2019, 86th Leg., R.S., Ch. 509 (S.B. 64), Sec. 11, eff. September 1, 2019.

Sec. 2054.069. PRIORITIZED CYBERSECURITY AND LEGACY SYSTEM PROJECTS REPORT. (a) Not later than October 1 of each even-numbered year, the department shall submit a report to the Legislative Budget Board that prioritizes, for the purpose of receiving funding, state agency:

(1) cybersecurity projects; and

(2) projects to modernize or replace legacy systems, as defined by Section 2054.571.

(b) Each state agency shall coordinate with the department to implement this section.

(c) A state agency shall assert any exception available under state or federal law, including Section 552.139, in response to a request for public disclosure of information contained in or written, produced, collected, assembled, or maintained in connection with the report under Subsection (a). Section 552.007 does not apply to information described by this subsection.

Added by Acts 2019, 86th Leg., R.S., Ch. 509 (S.B. 64), Sec. 12, eff. September 1, 2019.

Sec. 2054.0691. DIGITAL TRANSFORMATION GUIDE. (a) The department shall establish a digital transformation guide to assist state agencies with:

(1) modernizing agency operations and services with respect to electronic data; and

(2) converting agency information into electronic data.

(b) The department may provide:

(1) mobile application development assistance;

(2) paper document and form inventory assistance;

(3) paperless or paper-on-request operational process planning and development; and

(4) electronic notification and digital communication between the agency and the public.

Added by Acts 2019, 86th Leg., R.S., Ch. 604 (S.B. 819), Sec. 2, eff. September 1, 2019.

Redesignated from Government Code, Section 2054.069 by Acts 2021, 87th Leg., R.S., Ch. 915 (H.B. 3607), Sec. 21.001(48), eff. September 1, 2021.

Sec. 2054.070. CENTRAL REPOSITORY FOR PUBLICLY ACCESSIBLE ELECTRONIC DATA. (a) The department shall:

(1) establish a central repository of publicly accessible electronic data as the official open data Internet website for this state;

(2) designate the repository as the Texas Open Data Portal; and

(3) ensure that state agencies and political subdivisions of this state are granted shared access to the repository that allows the agencies and political subdivisions to easily post publicly accessible information to the repository.

(b) Each state agency shall prioritize using the central repository of electronic data established under Subsection (a) and actively collaborate with the department on publicly accessible data issues.

Added by Acts 2019, 86th Leg., R.S., Ch. 604 (S.B. 819), Sec. 2, eff. September 1, 2019.

Sec. 2054.0701. STATE INFORMATION TECHNOLOGY CREDENTIAL. (a) In this section, "public technical institute" has the meaning assigned by Section 61.003, Education Code.

(b) The department may enter into an agreement with a public junior college district under Section 130.0081, Education Code, or a public technical institute under Section 135.06, Education Code, or other applicable law to offer a program leading to a state information technology credential to address shortages in the state information resources workforce.

(c) A program offered under this section must:

(1) be approved by the Texas Higher Education Coordinating Board in accordance with Section 61.0512, Education Code;

(2) develop the knowledge and skills necessary for an entry-level information technology position in a state agency; and

(3) include a one-year apprenticeship with:

(A) the department;

(B) another relevant state agency;

(C) an organization working on a major information resources project; or

(D) a regional network security center established under Section 2059.202.

(d) The executive director shall update the department's intra-agency career ladder program to ensure that an associate degree together with a credential awarded under this section may be substituted for a four-year baccalaureate degree.

(e) The classification officer in the office of the state auditor shall review the state's position classification plan to determine whether an associate degree together with a credential awarded under this section may be substituted for a four-year baccalaureate degree and revise relevant job descriptions accordingly.

(f) If a program offered under this section is not fully funded through tuition and other money of the public junior college district or public technical institute available for the purpose, the department may:

(1) use any money available to the department for the purpose to offer a program under this section; and

(2) solicit and accept gifts, grants, and donations from any public or private source for purposes of offering a program under this section.

Added by Acts 2023, 88th Leg., R.S., Ch. 473 (H.B. 584), Sec. 2, eff. September 1, 2023.

SUBCHAPTER D. INFORMATION RESOURCES MANAGERS


Sec. 2054.071. IDENTITY OF MANAGER; CONSOLIDATION. (a) Each state agency shall designate an employee of the agency to serve as the agency's information resources manager.

(b) An employee designated under Subsection (a) may be designated to serve as a joint information resources manager by two or more state agencies. The department must approve the joint designation.

Added by Acts 1993, 73rd Leg., ch. 268, Sec. 1, eff. Sept. 1, 1993.

Amended by:

Acts 2005, 79th Leg., Ch. 1068 (H.B. 1516), Sec. 1.02, eff. September 1, 2005.

Acts 2007, 80th Leg., R.S., Ch. 691 (H.B. 1788), Sec. 5, eff. September 1, 2007.

Acts 2019, 86th Leg., R.S., Ch. 604 (S.B. 819), Sec. 3, eff. September 1, 2019.

Sec. 2054.074. RESPONSIBILITY TO PREPARE OPERATING PLANS. (a) The information resources manager shall prepare the biennial operating plans under Subchapter E.

(b) A joint information resources manager may, to the extent appropriate, consolidate the operating plans of each agency for which the manager serves under Section 2054.071.

Added by Acts 1993, 73rd Leg., ch. 268, Sec. 1, eff. Sept. 1, 1993. Amended by Acts 1995, 74th Leg., ch. 76, Sec. 5.26(e), eff. Sept. 1, 1995; Acts 1997, 75th Leg., ch. 606, Sec. 10, eff. Sept. 1, 1997.

Amended by:

Acts 2005, 79th Leg., Ch. 1068 (H.B. 1516), Sec. 1.03, eff. September 1, 2005.

Sec. 2054.075. COOPERATION WITH INFORMATION RESOURCES MANAGER. (a) Each state agency shall cooperate as necessary with its information resources manager to enable that individual to perform the manager's duties.

(b) Each state agency information resources manager is part of the agency's executive management and reports directly to the executive head or deputy executive head of the agency. Each state agency shall report to the department the extent and results of its compliance with this subsection and include with the report an organizational chart showing the structure of the personnel in the agency's executive management. The department shall report the extent and results of state agencies' compliance with this subsection to the legislature.

Added by Acts 1993, 73rd Leg., ch. 268, Sec. 1, eff. Sept. 1, 1993. Amended by Acts 1997, 75th Leg., ch. 606, Sec. 11, eff. Sept. 1, 1997.

Amended by:

Acts 2019, 86th Leg., R.S., Ch. 573 (S.B. 241), Sec. 1.11, eff. September 1, 2019.

Sec. 2054.076. TRAINING AND CONTINUING EDUCATION. (a) The department periodically shall analyze the training needs of information resources managers and adjust its initial training and continuing education guidelines based on its analyses. The department's analyses must take into account the different training needs of information resources managers at both large and small state agencies.

(b) The department shall provide mandatory guidelines to state agencies regarding the initial and continuing education requirements needed for information resources managers and require information resources managers to report their compliance with the requirements to the department.

(b-1) The department shall provide mandatory guidelines to state agencies regarding the continuing education requirements for cybersecurity training that must be completed by all information resources employees of the agencies. The department shall consult with the Information Technology Council for Higher Education on applying the guidelines to institutions of higher education.

(c) The department's initial training and continuing education guidelines must require information resources managers to receive training and continuing education in:

(1) implementing quality assurance programs;

(2) training the people who use the agency's information resources and information resources technologies; and

(3) balancing the technical aspects of information resources and information resources technologies with the agency's business needs.

(d) An individual who is appointed the information resources manager of a state agency before September 1, 1992, is exempt from the requirements of the department regarding initial education needed for that position.

(e) The department may provide educational materials and seminars for state agencies and information resources managers.

Added by Acts 1993, 73rd Leg., ch. 268, Sec. 1, eff. Sept. 1, 1993. Amended by Acts 1997, 75th Leg., ch. 606, Sec. 12, eff. Sept. 1, 1997.

Amended by:

Acts 2017, 85th Leg., R.S., Ch. 683 (H.B. 8), Sec. 6, eff. September 1, 2017.

Sec. 2054.077. VULNERABILITY REPORTS. (a) In this section, a term defined by Section 33.01, Penal Code, has the meaning assigned by that section.

(b) The information security officer of a state agency shall prepare or have prepared a report, including an executive summary of the findings of the biennial report, not later than June 1 of each even-numbered year, assessing the extent to which a computer, a computer program, a computer network, a computer system, a printer, an interface to a computer system, including mobile and peripheral devices, computer software, or data processing of the agency or of a contractor of the agency is vulnerable to unauthorized access or harm, including the extent to which the agency's or contractor's electronically stored information is vulnerable to alteration, damage, erasure, or inappropriate use.

(c) Except as provided by this section, a vulnerability report and any information or communication prepared or maintained for use in the preparation of a vulnerability report is confidential and is not subject to disclosure under Chapter 552.

(d) The information security officer shall provide an electronic copy of the vulnerability report on its completion to:

(1) the department;

(2) the state auditor;

(3) the agency's executive director;

(4) the agency's designated information resources manager; and

(5) any other information technology security oversight group specifically authorized by the legislature to receive the report.

(e) Separate from the executive summary described by Subsection (b), a state agency shall prepare a summary of the agency's vulnerability report that does not contain any information the release of which might compromise the security of the state agency's or state agency contractor's computers, computer programs, computer networks, computer systems, printers, interfaces to computer systems, including mobile and peripheral devices, computer software, data processing, or electronically stored information. The summary is available to the public on request.

Added by Acts 2001, 77th Leg., ch. 792, Sec. 1, eff. June 14, 2001.

Amended by:

Acts 2009, 81st Leg., R.S., Ch. 183 (H.B. 1830), Sec. 5, eff. September 1, 2009.

Acts 2017, 85th Leg., R.S., Ch. 683 (H.B. 8), Sec. 7, eff. September 1, 2017.

Acts 2019, 86th Leg., R.S., Ch. 509 (S.B. 64), Sec. 13, eff. September 1, 2019.

Acts 2021, 87th Leg., R.S., Ch. 856 (S.B. 800), Sec. 9, eff. September 1, 2021.

SUBCHAPTER E. STRATEGIC AND OPERATING PLANS; INFORMATION


RESOURCES DEPLOYMENT REVIEW


Sec. 2054.091. PREPARATION OF STATE STRATEGIC PLAN. (a) The executive director shall prepare a state strategic plan for information resources management for the board's review and approval.

(b) In preparing the state strategic plan, the executive director shall assess and report on:

(1) practices of state agencies regarding information resources management, including interagency and interbranch communication and interagency resource sharing;

(2) current and future information resources management technologies and practices and their potential application to state government;

(3) return on investment guidelines established by the department to help state agencies to implement major information resources projects more effectively; and

(4) any issue the department determines is relevant to the development of the state strategic plan.

(c) Each state agency shall cooperate with the executive director in providing information that will enable the executive director to assess agency practices.

(d) The executive director shall appoint an advisory committee to assist in the preparation of the state strategic plan. The members of the advisory committee appointed by the executive director must be approved by the board and must include officers or employees of state government.

(e) Repealed by Acts 2001, 77th Leg., ch. 1422, Sec. 4.30, eff. Sept. 1, 2001.

Added by Acts 1993, 73rd Leg., ch. 268, Sec. 1, eff. Sept. 1, 1993. Amended by Acts 2001, 77th Leg., ch. 1422, Sec. 4.02, 4.30, eff. Sept. 1, 2001; Acts 2003, 78th Leg., ch. 1246, Sec. 2, eff. Sept. 1, 2003.

Amended by:

Acts 2009, 81st Leg., R.S., Ch. 393 (H.B. 1705), Sec. 1.01, eff. September 1, 2009.

Sec. 2054.092. CONTENT OF STATE STRATEGIC PLAN. (a) The state strategic plan must be prepared in coordination with the quality assurance team and state agency information resources managers.

(b) The plan must:

(1) provide a strategic direction for information resources management in state government for the five fiscal years following adoption of the plan;

(2) outline a state information architecture that contains a logically consistent set of principles, policies, and standards to guide the engineering of state government's information technology systems and infrastructure in a way that ensures compatibility and alignment with state government's needs;

(3) designate and report on critical electronic government projects to be directed by the department, including a project for electronic purchasing;

(4) provide information about best practices to assist state agencies in adopting effective information management methods, including the design, deployment, and management of information resources projects, cost-benefit analyses, and staff reengineering methods to take full advantage of technological advancements;

(5) provide long-range policy guidelines for information resources in state government, including the implementation of national, international, and department standards for information resources technologies;

(6) identify major issues faced by state agencies related to the acquisition of computer hardware, computer software, and information resources technology services and develop a statewide approach to address the issues, including:

(A) developing performance measures for purchasing and contracting; and

(B) identifying opportunities to reuse computer software code purchased with public funds;

(7) identify priorities for:

(A) the implementation of information resources technologies according to the relative economic and social impact on the state; and

(B) return on investment and cost-benefit analysis strategies; and

(8) provide information about best practices to assist state agencies in adopting methods for design, deployment, and management of telecommunications services.

Added by Acts 1993, 73rd Leg., ch. 268, Sec. 1, eff. Sept. 1, 1993. Amended by Acts 2001, 77th Leg., ch. 545, Sec. 2, eff. Sept. 1, 2001; Acts 2003, 78th Leg., ch. 1246, Sec. 3, eff. Sept. 1, 2003.

Amended by:

Acts 2007, 80th Leg., R.S., Ch. 394 (S.B. 757), Sec. 3, eff. September 1, 2007.

Acts 2007, 80th Leg., R.S., Ch. 691 (H.B. 1788), Sec. 7, eff. September 1, 2007.

Acts 2009, 81st Leg., R.S., Ch. 87 (S.B. 1969), Sec. 11.019, eff. September 1, 2009.

Sec. 2054.0925. TELECOMMUNICATIONS IN STATE STRATEGIC PLAN. (a) The plan under Section 2054.092 must address matters relating to a state telecommunications network that will effectively and efficiently meet the long-term requirements of state government for voice, video, and computer communications, with the goal of achieving a single centralized telecommunications network for state government.

(b) The telecommunications elements of the plan under Section 2054.092 must recognize that all state agencies, including institutions of higher education, are a single entity for purposes of purchasing and the determination of tariffs.

(c) The telecommunications elements of the plan under Section 2054.092 must incorporate efficiencies obtained through the use of shared transmission services and open systems architecture as they become available, building on existing systems as appropriate.

Added by Acts 1997, 75th Leg., ch. 606, Sec. 20, eff. Sept. 1, 1997. Amended by Acts 2001, 77th Leg., ch. 1422, Sec. 4.08, eff. Sept. 1, 2001.

Amended by:

Acts 2007, 80th Leg., R.S., Ch. 394 (S.B. 757), Sec. 5, eff. September 1, 2007.

Renumbered from Government Code, Section 2054.204 and amended by Acts 2009, 81st Leg., R.S., Ch. 393 (H.B. 1705), Sec. 1.04, eff. September 1, 2009.

Sec. 2054.093. AMENDMENT OF STATE STRATEGIC PLAN. (a) After approval and adoption of the state strategic plan by the board, the board may amend the plan at any time in response to technological advancements, changes in legislation, practical experience, or new issues relating to information resources management.

(b) The board shall adopt a revised plan not later than November 1 of each odd-numbered year.

Added by Acts 1993, 73rd Leg., ch. 268, Sec. 1, eff. Sept. 1, 1993.

Sec. 2054.094. SUBMISSION OF STATE STRATEGIC PLAN. The board shall send the state strategic plan and each amended or revised plan to the governor and to the Legislative Budget Board.

Added by Acts 1993, 73rd Leg., ch. 268, Sec. 1, eff. Sept. 1, 1993.

Sec. 2054.095. AGENCY INFORMATION RESOURCES STRATEGIC PLANNING INSTRUCTIONS. (a) The department shall prepare instructions for use by state agencies in preparing the strategic plan required by Section 2056.002.

(b) Except as otherwise modified by the Legislative Budget Board or the governor, instructions under Subsection (a) must require each state agency's strategic plan to include:

(1) a description of the agency's information resources management organizations, policies, and practices, including the extent to which the agency uses its project management practices, as defined by Section 2054.152;

(2) a description of how the agency's information resources programs support and promote its mission, goals, and objectives and the goals and policies of the state strategic plan for information resources; and

(3) other planning components that the department may prescribe.

Added by Acts 1993, 73rd Leg., ch. 268, Sec. 1, eff. Sept. 1, 1993. Amended by Acts 1997, 75th Leg., ch. 606, Sec. 13, eff. Sept. 1, 1997; Acts 2001, 77th Leg., ch. 188, Sec. 2, eff. Sept. 1, 2001; Acts 2003, 78th Leg., ch. 1246, Sec. 4, eff. Sept. 1, 2003.

Amended by:

Acts 2007, 80th Leg., R.S., Ch. 691 (H.B. 1788), Sec. 8, eff. September 1, 2007.

Acts 2009, 81st Leg., R.S., Ch. 393 (H.B. 1705), Sec. 2.02, eff. September 1, 2009.

Sec. 2054.0965. INFORMATION RESOURCES DEPLOYMENT REVIEW. (a) Not later than March 31 of each even-numbered year, a state agency shall complete a review of the operational aspects of the agency's information resources deployment following instructions developed by the department.

(b) Except as otherwise modified by rules adopted by the department, the review must include:

(1) an inventory of the agency's major information systems, as defined by Section 2054.008, and other operational or logistical components related to deployment of information resources as prescribed by the department;

(2) an inventory of the agency's major databases and applications;

(3) a description of the agency's existing and planned telecommunications network configuration;

(4) an analysis of how information systems, components, databases, applications, and other information resources have been deployed by the agency in support of:

(A) applicable achievement goals established under Section 2056.006 and the state strategic plan adopted under Section 2056.009;

(B) the state strategic plan for information resources; and

(C) the agency's business objectives, mission, and goals;

(5) agency information necessary to support the state goals for interoperability and reuse; and

(6) confirmation by the agency of compliance with state statutes, rules, and standards relating to information resources.

Added by Acts 2007, 80th Leg., R.S., Ch. 691 (H.B. 1788), Sec. 9, eff. September 1, 2007.

Amended by:

Acts 2017, 85th Leg., R.S., Ch. 555 (S.B. 532), Sec. 3, eff. September 1, 2017.

Sec. 2054.097. ANALYSIS OF INFORMATION RESOURCES DEPLOYMENT REVIEW. (a) A state agency shall send its information resources deployment review to the quality assurance team for analysis.

(a-1) If the department determines that an agency's deployment decision is not in compliance with the state strategic plan, a state statute, or department rules or standards, the department shall require the agency to develop a corrective action plan that specifies the manner in which deficiencies will be corrected. The department shall report the status of corrective action plans to the state auditor and the Legislative Budget Board.

(b) Any member of the quality assurance team may report to the governor and the presiding officer of each house of the legislature that an agency's deployment decision is not in compliance with the state strategic plan, a state statute, or department rules or standards.

Added by Acts 1993, 73rd Leg., ch. 268, Sec. 1, eff. Sept. 1, 1993. Amended by Acts 1997, 75th Leg., ch. 606, Sec. 14, eff. Sept. 1, 1997; Acts 2001, 77th Leg., ch. 188, Sec. 4, eff. Sept. 1, 2001; Acts 2003, 78th Leg., ch. 1246, Sec. 6, eff. Sept. 1, 2003.

Amended by:

Acts 2007, 80th Leg., R.S., Ch. 691 (H.B. 1788), Sec. 10, eff. September 1, 2007.

Sec. 2054.100. BIENNIAL OPERATING PLAN OF STATE AGENCY. (a) Each state agency shall submit an operating plan to the Legislative Budget Board, the quality assurance team, and the governor each state fiscal biennium in accordance with the directions of the Legislative Budget Board.

(b) The plan must describe the agency's current and proposed projects for the biennium, including how the projects will:

(1) benefit individuals in this state and benefit the state as a whole;

(2) use, to the fullest extent, technology owned or adapted by other state agencies;

(3) employ, to the fullest extent, the department's information technology standards, including Internet-based technology standards;

(4) expand, to the fullest extent, to serve residents of this state or to serve other state agencies;

(5) develop on time and on budget;

(6) produce quantifiable returns on investment; and

(7) meet any other criteria developed by the department or the quality assurance team.

(c) A state agency shall amend its biennial operating plan when necessary to reflect changes in the plan during a biennium. At a minimum, an agency shall amend its biennial operating plan to reflect significant new or changed information resources initiatives or information resources technologies initiatives contained in the agency's legislative appropriations request. Not later than the date designated by the Legislative Budget Board in its directions, an agency shall submit an amended plan to reflect new or changed initiatives contained in the agency's legislative appropriations request.

(d) The biennial operating plan of an institution of higher education is required to include only operational projects and infrastructure projects. The instructions provided under Section 2054.101 may not require an institution of higher education to include other projects in the plan.

Added by Acts 1993, 73rd Leg., ch. 268, Sec. 1, eff. Sept. 1, 1993. Amended by Acts 1995, 74th Leg., ch. 76, Sec. 5.26(f), eff. Sept. 1, 1995; Acts 1997, 75th Leg., ch. 606, Sec. 15, eff. Sept. 1, 1997; Acts 2001, 77th Leg., ch. 188, Sec. 5, eff. Sept. 1, 2001; Acts 2003, 78th Leg., ch. 1246, Sec. 7, eff. Sept. 1, 2003; Acts 2003, 78th Leg., ch. 1266, Sec. 3.01, eff. June 20, 2003.

Amended by:

Acts 2009, 81st Leg., R.S., Ch. 183 (H.B. 1830), Sec. 6, eff. September 1, 2009.

Acts 2019, 86th Leg., R.S., Ch. 573 (S.B. 241), Sec. 1.12, eff. September 1, 2019.

Sec. 2054.101. INSTRUCTIONS FOR PREPARING OPERATING PLANS. (a) The Legislative Budget Board may provide instructions to guide state agencies in their preparation of biennial operating plans.

(b) The instructions may:

(1) specify the format of the plans;

(2) specify the information required to be included in the plans; and

(3) list the general criteria that the Legislative Budget Board may use to evaluate the plans.

Added by Acts 1993, 73rd Leg., ch. 268, Sec. 1, eff. Sept. 1, 1993. Amended by Acts 1995, 74th Leg., ch. 76, Sec. 5.26(g), eff. Sept. 1, 1995; Acts 2001, 77th Leg., ch. 188, Sec. 6, eff. Sept. 1, 2001.

Sec. 2054.1015. PLANNED PROCUREMENT SCHEDULES FOR COMMODITY ITEMS. (a) In this section:

(1) "Commodity items" has the meaning assigned by Section 2157.068.

(2) "State agency" does not include an institution of higher education.

(b) The department may require a state agency to provide to the department a planned procurement schedule for commodity items if the department determines that the information in the schedule can be used to provide a benefit to the state. If required by the department, a state agency must provide a planned procurement schedule for commodity items to the department before the agency's operating plan may be approved under Section 2054.102.

(c) The department shall use information contained in the schedules to plan future vendor solicitations of commodity items or for any other activity that provides a benefit to the state.

(d) A state agency shall notify the department and the Legislative Budget Board if the agency makes a substantive change to a planned procurement schedule for commodity items.

(e) The department shall specify hardware configurations for state commodity items in its instructions for the preparation of planned procurement schedules.

(f) Each state agency shall use the hardware configurations specified under Subsection (e) in developing the agency's planned procurement schedules.

Added by Acts 2005, 79th Leg., Ch. 1068 (H.B. 1516), Sec. 1.05, eff. September 1, 2005.

Amended by:

Acts 2007, 80th Leg., R.S., Ch. 691 (H.B. 1788), Sec. 11, eff. September 1, 2007.

Acts 2009, 81st Leg., R.S., Ch. 393 (H.B. 1705), Sec. 2.03, eff. September 1, 2009.

Acts 2013, 83rd Leg., R.S., Ch. 1312 (S.B. 59), Sec. 48, eff. September 1, 2013.

Sec. 2054.102. EVALUATION AND APPROVAL OF OPERATING PLANS. (a) The Legislative Budget Board may specify procedures for submission, review, approval, and disapproval of biennial operating plans and amendments, including procedures for review or reconsideration of the Legislative Budget Board's disapproval of a biennial operating plan or biennial operating plan amendment. The Legislative Budget Board shall review and approve or disapprove the biennial operating plan for a state fiscal biennium on or before the 60th day after the last day of the regular legislative session held during the calendar year during which that state fiscal biennium begins.

(a-1) If an amendment to a biennial operating plan is submitted to the Legislative Budget Board on a date that falls during the period beginning September 1 of an even-numbered year and ending the last day of the following regular legislative session, the Legislative Budget Board shall review and approve or disapprove the amendment on or before the 60th day after the last day of that regular legislative session.

(a-2) If an amendment to a biennial operating plan is submitted to the Legislative Budget Board on a date that falls outside of the period described by Subsection (a-1), the Legislative Budget Board shall review and approve or disapprove the amendment on or before the 60th day after the date the amendment is submitted.

(a-3) The Legislative Budget Board may extend the deadline for the Legislative Budget Board's action on an amendment to a biennial operating plan by the number of days the review of the amendment is delayed while board staff waits for the submission of additional information regarding the amendment requested by the staff as necessary for the completion of the review.

(a-4) An amendment to a biennial operating plan is considered to be approved if the Legislative Budget Board does not disapprove the amendment before the later of:

(1) the day following the last day of the period for approval or disapproval of the amendment as provided by Subsection (a-1) or (a-2), as applicable; or

(2) the day following the last day of the period for approval or disapproval of the amendment as extended under Subsection (a-3).

(b) The governing board of the department shall adopt rules as necessary to establish department standards.

(b-1) The Legislative Budget Board, in consultation with the department and the Information Technology Council for Higher Education, shall establish criteria to evaluate state agency biennial operating plans. In developing the criteria, the board shall include criteria on:

(1) the feasibility of proposed information resources projects for the biennium;

(2) the consistency of the plan with the state strategic plan;

(3) the appropriate provision of public electronic access to information;

(4) evidence of business process streamlining and gathering of business and technical requirements; and

(5) services, costs, and benefits.

(c) The department shall provide the Legislative Budget Board with a list of agencies that have not complied with department standards, provisions of the state strategic plan, or corrective action plans. An agency identified on a list under this subsection shall develop a corrective action plan approved by the department that specifies the manner in which deficiencies will be corrected before components of or amendments to the agency's biennial operating plan may be approved by the Legislative Budget Board.

Added by Acts 1993, 73rd Leg., ch. 268, Sec. 1, eff. Sept. 1, 1993. Amended by Acts 1995, 74th Leg., ch. 76, Sec. 5.26(h), eff. Sept. 1, 1995; Acts 2001, 77th Leg., ch. 188, Sec. 7, eff. Sept. 1, 2001; Acts 2003, 78th Leg., ch. 1246, Sec. 8, eff. Sept. 1, 2003.

Amended by:

Acts 2013, 83rd Leg., R.S., Ch. 1051 (H.B. 3093), Sec. 4, eff. September 1, 2013.

Acts 2015, 84th Leg., R.S., Ch. 1203 (S.B. 1455), Sec. 12, eff. September 1, 2015.

Sec. 2054.103. SUBMISSION OF OPERATING PLANS. Each state agency shall send a copy of its biennial operating plan and of any amendments to the plan, as approved by the Legislative Budget Board, to the governor and the state auditor not later than the 30th day after the date the Legislative Budget Board approves the plan or amendment, as applicable.

Added by Acts 1993, 73rd Leg., ch. 268, Sec. 1, eff. Sept. 1, 1993. Amended by Acts 1995, 74th Leg., ch. 76, Sec. 5.26(i), eff. Sept. 1, 1995; Acts 1997, 75th Leg., ch. 606, Sec. 16, eff. Sept. 1, 1997; Acts 2001, 77th Leg., ch. 188, Sec. 8, eff. Sept. 1, 2001.

Amended by:

Acts 2019, 86th Leg., R.S., Ch. 573 (S.B. 241), Sec. 1.13, eff. September 1, 2019.

Sec. 2054.104. DENIAL OF ACCESS TO APPROPRIATIONS ON FAILURE TO SUBMIT OPERATING PLAN. (a) If a state agency fails to comply with Section 2054.103, the governor may direct the comptroller to deny the agency access to the agency's appropriations that relate to the management of information resources.

(b) The denial of access may continue until the governor is satisfied with the state agency's compliance with this section.

Amended by Acts 1995, 74th Leg., ch. 76, Sec. 5.26(j), eff. Sept. 1, 1995.

SUBCHAPTER F. OTHER POWERS AND DUTIES OF STATE AGENCIES


Sec. 2054.111. USE OF STATE ELECTRONIC INTERNET PORTAL PROJECT. (a) In this section, "local government" and "project" have the meanings assigned by Section 2054.251.

(b) A state agency shall consider using the project for agency services provided on the Internet, including:

(1) financial transactions;

(2) applications for licenses, permits, registrations, and other related documents from the public;

(3) electronic signatures; and

(4) any other applications that require security.

(c) If a state agency chooses not to use the project under Subsection (b), the agency must provide documentation to the department that shows the services and security required by the agency. The department shall prescribe the documentation required.

(d) A state agency that uses the project shall comply with rules adopted by the department, including any rules regarding:

(1) the appearance of the agency's Internet site and the ease with which the site can be used;

(2) the use of the project seal; and

(3) marketing efforts under Subsection (g).

(e) A state agency or local government that uses the project may charge a fee under Subchapter I if:

(1) the fee is necessary to recover the actual costs directly and reasonably incurred by the agency or local government because of the project for:

(A) the use of electronic payment methods; or

(B) interfacing with other information technology systems;

(2) the fee does not include an amount to recover state agency or local government employee costs;

(3) the state agency or local government approves the amount of the fee using the state agency's or local government's standard approval process for fee increases;

(4) the chief financial officer for the state agency or local government certifies that the amount of the fee is necessary to recover the actual costs incurred because of the project; and

(5) the department approves the amount of the fee.

(f) A local government may not charge a fee under Subsection (e) that is otherwise prohibited under Section 195.006 or 195.007, Local Government Code.

(g) A state agency that uses the project shall assist the department with marketing efforts regarding the use of the project.

Added by Acts 2001, 77th Leg., ch. 342, Sec. 5, eff. May 3, 2001. Amended by Acts 2003, 78th Leg., ch. 70, Sec. 1, eff. May 16, 2003; Acts 2003, 78th Leg., ch. 1216, Sec. 1, eff. June 20, 2003.

Amended by:

Acts 2005, 79th Leg., Ch. 1260 (H.B. 2048), Sec. 1, eff. June 18, 2005.

Acts 2005, 79th Leg., Ch. 1292 (H.B. 2593), Sec. 1, eff. June 18, 2005.

Acts 2011, 82nd Leg., R.S., Ch. 973 (H.B. 1504), Sec. 12, eff. June 17, 2011.

Sec. 2054.1115. ELECTRONIC PAYMENTS ON STATE ELECTRONIC INTERNET PORTAL. (a) A state agency or local government that uses the state electronic Internet portal may use electronic payment methods, including the acceptance of credit and debit cards, for:

(1) point-of-sale transactions, including:

(A) person-to-person transactions;

(B) transactions that use an automated process to facilitate a person-to-person transaction; and

(C) transactions completed by a person at an unattended self-standing computer station using an automated process;

(2) telephone transactions; or

(3) mail transactions.

(b) The state agency or local government may charge a reasonable fee, as provided by Section 2054.111 or Subchapter I, to recover costs incurred through electronic payment methods used under this section.

Added by Acts 2003, 78th Leg., ch. 1216, Sec. 2, eff. June 20, 2003.

Amended by:

Acts 2005, 79th Leg., Ch. 1260 (H.B. 2048), Sec. 2, eff. June 18, 2005.

Acts 2005, 79th Leg., Ch. 1292 (H.B. 2593), Sec. 2, eff. June 18, 2005.

Acts 2007, 80th Leg., R.S., Ch. 389 (S.B. 687), Sec. 1, eff. June 15, 2007.

Acts 2011, 82nd Leg., R.S., Ch. 973 (H.B. 1504), Sec. 13, eff. June 17, 2011.

Acts 2011, 82nd Leg., R.S., Ch. 973 (H.B. 1504), Sec. 14, eff. June 17, 2011.

Sec. 2054.112. SECURITY REVIEW FOR NEW INTERNET SITES. Each state agency shall review its requirements for forms, data collection, and notarization when planning to deliver a service through the Internet to determine if the information is necessary and, if necessary, the appropriate level of authentication. Based on this review, the agency shall:

(1) eliminate any unnecessary requirements; and

(2) adjust security to the appropriate level for any necessary requirements.

Added by Acts 2001, 77th Leg., ch. 342, Sec. 5, eff. May 3, 2001.

Sec. 2054.113. DUPLICATION WITH STATE ELECTRONIC INTERNET PORTAL. (a) This section does not apply to a state agency that is a university system or institution of higher education as defined by Section 61.003, Education Code.

(b) A state agency may not duplicate an infrastructure component of the state electronic Internet portal, unless the department approves the duplication. In this subsection, "infrastructure" does not include the development of applications, and the supporting platform, for electronic government projects.

(c) Before a state agency may contract with a third party for Internet application development that duplicates a state electronic Internet portal function, including a function of a native mobile application, the state agency must notify the department of its intent to bid for such services at the same time that others have the opportunity to bid. The department may exempt a state agency from this section if it determines the agency has fully complied with Section 2054.111.

Added by Acts 2001, 77th Leg., ch. 1272, Sec. 2.02, eff. June 15, 2001. Amended by Acts 2003, 78th Leg., ch. 1216, Sec. 3, eff. June 20, 2003.

Amended by:

Acts 2005, 79th Leg., Ch. 1260 (H.B. 2048), Sec. 3, eff. June 18, 2005.

Acts 2007, 80th Leg., R.S., Ch. 1208 (H.B. 1789), Sec. 2, eff. September 1, 2007.

Acts 2011, 82nd Leg., R.S., Ch. 973 (H.B. 1504), Sec. 15, eff. June 17, 2011.

Acts 2021, 87th Leg., R.S., Ch. 270 (H.B. 3130), Sec. 1, eff. September 1, 2021.

Sec. 2054.115. SALE OR LEASE OF SOFTWARE. (a) A state agency that develops automated information systems software may enter a contract with an individual or company for the sale, lease, marketing, or other distribution of the software.

(b) The state agency shall obtain under the contract a royalty, license right, or other appropriate means of securing appropriate compensation for the development of the software.

(c) Money received under the contract shall be deposited to the credit of the fund from which the development of the software was financed.

(d) To the extent of a conflict between this section and another provision of state law relating to automated information systems software, the other provision prevails.

Added by Acts 1993, 73rd Leg., ch. 268, Sec. 1, eff. Sept. 1, 1993.

Sec. 2054.116. SPANISH LANGUAGE CONTENT ON AGENCY WEBSITES. (a) In this section, "person of limited English proficiency" means a person whose primary language is other than English and whose English language skills are such that the person has difficulty interacting effectively with a state agency.

(b) Each state agency shall make a reasonable effort to ensure that Spanish-speaking persons of limited English proficiency can meaningfully access state agency information online.

(c) In determining whether a state agency is providing meaningful access, an agency shall consider:

(1) the number or proportion of Spanish-speaking persons of limited English proficiency in the agency's eligible service population;

(2) the frequency with which Spanish-speaking persons of limited English proficiency seek information regarding the agency's programs;

(3) the importance of the services provided by the agency's programs; and

(4) the resources available to the agency.

(d) In making a reasonable effort to provide meaningful access, the state agency must avoid:

(1) providing information in Spanish that is limited in scope;

(2) unreasonably delaying the provision of information in Spanish; and

(3) providing program information, including forms, notices, and correspondence, in English only.

(e) This section does not apply to interactive applications provided through the state electronic Internet portal.

Added by Acts 2005, 79th Leg., Ch. 683 (S.B. 213), Sec. 1, eff. September 1, 2005.

Amended by:

Acts 2011, 82nd Leg., R.S., Ch. 973 (H.B. 1504), Sec. 16, eff. June 17, 2011.

Sec. 2054.117. ELECTRONIC DATA PROCESSING CENTER. (a) Each state agency, if practicable, shall use the electronic data processing center operated by the comptroller in performing any of the agency's accounting and data processing activities that can be practically adapted to the use of the center's equipment.

(b) The comptroller shall permit the use of the center's computer and other data processing equipment by state agencies with or without charge under rules that ensure the proper use of the equipment for the efficient and economical management of state government.

Added by Acts 1993, 73rd Leg., ch. 268, Sec. 1, eff. Sept. 1, 1993.

Sec. 2054.118. MAJOR INFORMATION RESOURCES PROJECT. (a) A state agency may not spend appropriated funds for a major information resources project unless the project has been approved by:

(1) the Legislative Budget Board in the agency's biennial operating plan; and

(2) the quality assurance team.

(b) The department shall develop rules or guidelines for its review of major information resources projects and project management practices for the projects. The department shall also assist the Legislative Budget Board in evaluating the determinations about comparative costs and benefits that state agencies make under Subsection (c).

(c) A state agency that proposes to spend appropriated funds for a major information resources project must first determine:

(1) the comparative benefits of using agency personnel contrasted with using outside contractors to design the project; and

(2) the comparative total costs of leasing and of purchasing the information resources and information resources technologies involved in the project, with those costs to be determined after taking into account the use of the resources and technologies over their lifetimes.

(d) Before a state agency may initially spend appropriated funds for a major information resources project, the state agency must quantitatively define the expected outcomes and outputs for the project and provide that information to the quality assurance team.

Added by Acts 1995, 74th Leg., ch. 76, Sec. 5.26(k), eff. Sept. 1, 1995. Amended by Acts 1997, 75th Leg., ch. 606, Sec. 17, eff. Sept. 1, 1997; Acts 2001, 77th Leg., ch. 188, Sec. 9, eff. Sept. 1, 2001; Acts 2001, 77th Leg., ch. 1422, Sec. 3.03, eff. Sept. 1, 2001; Acts 2003, 78th Leg., ch. 1246, Sec. 9, eff. Sept. 1, 2003.

Amended by:

Acts 2007, 80th Leg., R.S., Ch. 1208 (H.B. 1789), Sec. 3, eff. September 1, 2007.

Sec. 2054.1181. OVERSIGHT OF MAJOR INFORMATION RESOURCES PROJECTS. (a) The department shall provide additional oversight services, including risk management, quality assurance services, independent project monitoring, and project management, for major information resources projects described by Section 2054.003(10)(C) and for other major information resources projects selected for oversight by the governor, lieutenant governor, or speaker of the house of representatives. A state agency with a project subject to oversight shall pay for oversight by the department and quality assurance team based on a funding model developed by the department. The department may contract with a vendor to provide the necessary oversight at the department's direction.

(b) In performing its duties under this section, the department shall:

(1) develop policies for the additional oversight of projects required by Subsection (a);

(2) implement project management standards;

(3) use effective risk management strategies;

(4) establish standards that promote the ability of information resources systems to operate with each other; and

(5) use industry best practices and process reengineering when feasible.

(c) Repealed by Acts 2003, 78th Leg., ch. 1246, Sec. 29, eff. Sept. 1, 2003.

(d) The quality assurance team shall evaluate major information resources projects to determine if the projects are operating on time and within budget.

(e) If the quality assurance team determines that a major information resources project is poorly managed or has excessive cost overruns, the quality assurance team may:

(1) establish a corrective action plan, including modifications to the design, deployment, or costs related to the project; or

(2) discontinue the project, subject to Legislative Budget Board approval.

(f) Repealed by Acts 2019, 86th Leg., R.S., Ch. 953 (S.B. 65), Sec. 30(2), eff. September 1, 2019.

(g) The quality assurance team may require a state agency to provide information on:

(1) the status of a major information resources project;

(2) the costs for a major information resources project;

(3) the risk associated with a major information resources project; and

(4) a major information resources project's general potential for success.

(h) On request by the quality assurance team, the state auditor shall audit and review major information resources projects and the information provided by the state agencies under this section.

(i) On request by the quality assurance team, the comptroller shall provide assistance regarding:

(1) verifying the accuracy of information provided by state agencies on project costs under this section; and

(2) determining a state agency's compliance with this section.

(j) A state agency may not amend a contract subject to review under Section 2054.158(b)(4) if the contract is at least 10 percent over budget or the associated major information resources project is at least 10 percent behind schedule unless the agency:

(1) conducts a cost-benefit analysis with respect to canceling or continuing the project; and

(2) submits the analysis described by Subdivision (1) to the quality assurance team.

Added by Acts 2001, 77th Leg., ch. 1422, Sec. 3.02, eff. Sept. 1, 2001. Amended by Acts 2003, 78th Leg., ch. 1246, Sec. 10, 29, eff. Sept. 1, 2003.

Amended by:

Acts 2017, 85th Leg., R.S., Ch. 556 (S.B. 533), Sec. 2, eff. September 1, 2017.

Acts 2019, 86th Leg., R.S., Ch. 953 (S.B. 65), Sec. 4, eff. September 1, 2019.

Acts 2019, 86th Leg., R.S., Ch. 953 (S.B. 65), Sec. 30(2), eff. September 1, 2019.

Acts 2021, 87th Leg., R.S., Ch. 855 (S.B. 799), Sec. 4, eff. September 1, 2021.

Sec. 2054.1182. EVALUATION OF COMPLETED MAJOR INFORMATION RESOURCES PROJECTS. (a) After a major information resources project has been completed, a state agency shall evaluate and report to the quality assurance team on whether the project met the agency's objectives or other expectations.

(b) The state auditor may:

(1) provide an independent evaluation of the completed project to ensure the validity of the results reported under Subsection (a); and

(2) send the evaluation to the legislative audit committee.

Added by Acts 2003, 78th Leg., ch. 1246, Sec. 11, eff. Sept. 1, 2003.

Amended by:

Acts 2007, 80th Leg., R.S., Ch. 1208 (H.B. 1789), Sec. 4, eff. September 1, 2007.

Sec. 2054.1183. ANNUAL REPORT ON MAJOR INFORMATION RESOURCES PROJECTS. (a) Not later than December 1 of each year, the quality assurance team shall report on the status of major information resources projects to the:

(1) governor;

(2) lieutenant governor;

(3) speaker of the house of representatives;

(4) presiding officer of the committee in the house of representatives with primary responsibility for appropriations; and

(5) presiding officer of the committee in the senate with primary responsibility for appropriations.

(b) The annual report must include:

(1) the current status of each major information resources project; and

(2) information regarding the performance indicators developed under Section 2054.159 for each major information resources project at each stage of the project's life cycle.

Added by Acts 2003, 78th Leg., ch. 1246, Sec. 11, eff. Sept. 1, 2003.

Amended by:

Acts 2017, 85th Leg., R.S., Ch. 897 (H.B. 3275), Sec. 1, eff. January 1, 2018.

Sec. 2054.120. ELECTRONIC MAIL ADDRESS. (a) A state agency shall establish an Internet electronic mail address for the agency. The state agency may publish the electronic mail address and use electronic mail to communicate with the public. The state agency may consult with the Department of Information Resources to establish its electronic mail address.

(b) In this section, "Internet" means the largest nonproprietary nonprofit cooperative public computer network, popularly known as the Internet.

Added by Acts 1997, 75th Leg., ch. 535, Sec. 1, eff. May 31, 1997; Acts 1997, 75th Leg., ch. 606, Sec. 18, eff. Sept. 1, 1997.

Sec. 2054.121. COORDINATION WITH INSTITUTIONS OF HIGHER EDUCATION. (a) An institution of higher education shall coordinate its use of information technologies with other such institutions to more effectively provide education, research, and community service.

(b) The Information Technology Council for Higher Education consists of the chief information officer or equivalent employee of:

(1) The Texas A&M University System;

(2) The University of Texas System;

(3) The Texas State University System;

(4) The University of North Texas System;

(5) The University of Houston System;

(6) The Texas Tech University System; and

(7) one institution of higher education, other than a public junior college, not included in a university system listed in this subsection who is selected by a majority of the chief executive officers of all the institutions of higher education, other than public junior colleges, not included in a listed university system.

(c) Before adopting a proposed rule that applies to institutions of higher education, the department shall prepare, in consultation with the council established by Subsection (b), an analysis of the impact of the rule on institutions of higher education that includes consideration of:

(1) the impact of the rule on the mission of higher education, student populations, and federal grant requirements;

(2) alternate methods of implementation to achieve the purpose of the rule; and

(3) exempting institutions of higher education from all or part of the requirements of the rule.

(d) The department shall include its analysis as part of the notice of the proposed rule that the agency files with the secretary of state for publication in the Texas Register and shall provide copies to the governor, the lieutenant governor, and the speaker of the house of representatives.

(e) Each department rule that applies to institutions of higher education and that is in effect on September 1, 2003, ceases to apply to institutions of higher education on September 1, 2004, unless readopted by the department on or after September 1, 2003, in a form that expressly applies to institutions of higher education.

Added by Acts 1999, 76th Leg., ch. 1499, Sec. 1.14, eff. Sept. 1, 1999. Amended by Acts 2003, 78th Leg., ch. 1266, Sec. 3.02, eff. June 20, 2003.

Sec. 2054.1211. REPORTING REQUIREMENTS OF INSTITUTIONS OF HIGHER EDUCATION. The department and the Information Technology Council for Higher Education established under Section 2054.121(b) shall review all plans and reports required of institutions of higher education under this chapter. After September 1, 2014, an institution of higher education is not required to prepare or submit a plan or report generally required of a state agency under this chapter except to the extent expressly provided by a rule adopted by the department on or after September 1, 2013.

Added by Acts 2013, 83rd Leg., R.S., Ch. 1312 (S.B. 59), Sec. 49, eff. September 1, 2013.

Sec. 2054.122. COORDINATED TECHNOLOGY TRAINING. A state agency each calendar quarter shall coordinate agency training for the use of information resources technologies with training offered or coordinated by the department. The agency shall use training offered or coordinated by the department if it meets agency requirements and is cost-competitive.

Added by Acts 1999, 76th Leg., ch. 1499, Sec. 1.14, eff. Sept. 1, 1999.

Sec. 2054.124. POWER MANAGEMENT SOFTWARE. (a) After researching the software available, the department shall by competitive bid select power management software to be used, if technically feasible, by state agencies to reduce the amount of energy required to operate state computer networks and networked personal computers.

(b) Expired.

(c) An institution of higher education shall purchase, lease, or otherwise acquire and use power management software only if the department, in consultation with the Information Technology Council for Higher Education, determines that the institution of higher education's use of power management software would provide cost savings to this state. In making a determination under this subsection, the department must perform the analysis described by Section 2054.121(c). The analysis must include an assessment of how the use of power management software affects the security of electronic data, including data protected from public disclosure by state or federal law.

Added by Acts 2007, 80th Leg., R.S., Ch. 171 (H.B. 66), Sec. 1, eff. September 1, 2007.

Sec. 2054.125. LINKING AND INDEXING INTERNET SITES. (a) All state agencies that maintain a generally accessible Internet site shall cooperate to facilitate useful electronic links among the sites. State agencies shall attempt to link their sites in such a manner that different sites from which persons can be expected to need information concurrently are linked.

(b) Each state agency that maintains a generally accessible Internet site shall establish the site so that the site can be located easily through electronic means.

(c) The department on request shall assist an agency to comply with this section.

(d) Each state agency that maintains a generally accessible Internet site and that uses the state electronic Internet portal shall include a link to the state electronic Internet portal on the front page of the Internet site.

Added by Acts 1999, 76th Leg., ch. 1233, Sec. 3, eff. June 18, 1999. Renumbered from Sec. 2054.121 by Acts 2001, 77th Leg., ch. 1420, Sec. 21.001(68), eff. Sept. 1, 2001. Amended by Acts 2003, 78th Leg., ch. 70, Sec. 2, eff. May 16, 2003; Acts 2003, 78th Leg., ch. 1216, Sec. 4, eff. June 20, 2003.

Amended by:

Acts 2011, 82nd Leg., R.S., Ch. 973 (H.B. 1504), Sec. 17, eff. June 17, 2011.

Sec. 2054.126. POSTING OF INFORMATION ON INTERNET. (a) The department shall adopt a policy that:

(1) prescribes terms under which a person may use, copy information from, or link to a generally accessible Internet site maintained by or for a state agency; and

(2) protects the personal information of members of the public who access information from or through a generally accessible Internet site maintained by or for a state agency.

(b) The department shall post the policy on its Internet site. A state agency shall prominently post a link to the policy statement on a generally accessible Internet site maintained by or for the agency.

(c) The policy shall include a statement:

(1) generally allowing the use and reproduction of information on a state agency's Internet site without the state agency's permission, subject to specified conditions;

(2) generally allowing linking from a web page to a page on a state agency's Internet site without the state agency's permission, subject to specified conditions;

(3) prohibiting a state agency from charging a fee to access, use, reproduce information on, or link to its Internet site except to the extent the state agency is specifically authorized to do so by the legislature;

(4) requiring that the state agency's Internet site be credited as the source of information reproduced from the site and requiring that the date that the material was reproduced from the site be clearly stated;

(5) prohibiting a state agency from selling or releasing an e-mail address of a member of the public unless the member of the public affirmatively consents to the sale or release of the e-mail address; and

(6) specifying other policies necessary to protect from public disclosure personal information submitted by a member of the public to a state agency's Internet site to the extent the information is:

(A) confidential;

(B) excepted from the requirements of Section 552.021; or

(C) protected by other law intended to protect a person's privacy interests.

(d) Each state agency, other than an institution of higher education, that receives an aggregate amount of appropriations in the General Appropriations Act for a state fiscal biennium that exceeds $175 million shall post the following information during the biennium on a generally accessible Internet site maintained by or for the agency:

(1) an analysis of all agency expenditures during the two preceding state fiscal years that lists each county in the state and states for each county the amount of agency expenditures made in or for the benefit of the county;

(2) if the information required to substantially comply with Subdivision (1) is not available, an analysis that approximates compliance with Subdivision (1) to the greatest possible extent by listing agency expenditures according to geographic regions of the state, to the extent possible, and by each field office of the agency;

(3) a profile of the governing officer or of each member of the governing body of the agency that includes, among other information, the office address of the officer or member;

(4) a listing and description of all contracts with vendors that have a value exceeding $100,000 that the agency has entered into and that are currently being performed or for which performance has not yet begun;

(5) a brief description of the agency's duties; and

(6) an electronic link to the agency's rules as published in the electronic version of the Texas Administrative Code and an electronic link to any written procedure of the agency relating to agency hearings that is not contained in the electronic version of the Texas Administrative Code.

(e) Each state agency that maintains a generally accessible Internet site or for which a generally accessible Internet site is maintained may post on the site any nonconfidential information related to the agency's programs, activities, or functions.

(f) Each state agency that maintains a generally accessible Internet site or for which a generally accessible Internet site is maintained shall include a link on the agency's Internet site to the state expenditure database established under Section 403.024. In this subsection, "state agency" has the meaning assigned by Section 403.013.

Added by Acts 1999, 76th Leg., ch. 1573, Sec. 1, eff. Oct. 1, 1999. Amended by Acts 2001, 77th Leg., ch. 545, Sec. 3, eff. Sept. 1, 2001; Acts 2001, 77th Leg., ch. 710, Sec. 1, eff. Sept. 1, 2001. Renumbered from Government Code Sec. 2054.121 by Acts 2001, 77th Leg., ch. 1420, Sec. 21.001(69), eff. Sept. 1, 2001. Amended by Acts 2003, 78th Leg., ch. 1275, Sec. 2(81), eff. Sept. 1, 2003.

Amended by:

Acts 2007, 80th Leg., R.S., Ch. 1270 (H.B. 3430), Sec. 4, eff. October 1, 2007.

Sec. 2054.1264. POSTING OF COST-EFFICIENCY SUGGESTIONS AND IDEAS ON STATE AGENCY WEBSITE. (a) In this section, "state agency" does not include an institution of higher education, as defined by Section 61.003, Education Code.

(b) Except as provided by Subsection (d) and to the extent possible using available resources, each state agency that has 1,500 or more employees shall post on the agency's intranet website or generally accessible Internet website an electronic form or link allowing an employee of the agency to submit suggestions and ideas on how to make the agency more cost-efficient. The system for submitting suggestions and ideas must allow an employee to elect to submit a suggestion or idea that includes the employee's name or to submit an anonymous suggestion or idea. If an employee elects to submit anonymously, the suggestion or idea may not be traceable to the employee and the system for anonymous submission may not record data linking the suggestion or idea to the computer used for the submission.

(c) Except as provided by Subsection (d), each state agency that posts a form or link as provided by Subsection (b) shall post on the agency's generally accessible Internet website a link allowing members of the public to:

(1) monitor, in real time or on a weekly, monthly, or quarterly basis, submissions made under Subsection (b); and

(2) vote for the public's favorite submission.

(d) The department may exclude from the requirements of this section a state agency if the agency has a preexisting program or link that the department determines substantially meets the requirements of this section.

(e) The department shall adopt rules establishing procedures and required formats for implementing this section. The rules adopted under this subsection must require that submissions under Subsection (b) and votes under Subsection (c) be moderated to exclude overtly political or offensive material.

Added by Acts 2013, 83rd Leg., R.S., Ch. 1126 (H.B. 1128), Sec. 1, eff. September 1, 2013.

Sec. 2054.1265. POSTING HIGH-VALUE DATA SETS ON INTERNET. (a) In this section:

(1) "High-value data set" means information that can be used to increase state agency accountability and responsiveness, improve public knowledge of the agency and its operations, further the core mission of the agency, create economic opportunity, or respond to need and demand as identified through public consultation. The term does not include information that is confidential or protected from disclosure under state or federal law.

(2) "State agency" means a board, commission, office, department, or other agency in the executive, judicial, or legislative branch of state government. The term includes an institution of higher education as defined by Section 61.003, Education Code.

(b) Each state agency shall post on a generally accessible Internet website maintained by or for the agency each high-value data set created or maintained by the agency, if the agency:

(1) determines that, using existing resources, the agency can post the data set on the Internet website at no additional cost to the state;

(2) enters into a contract advantageous to the state under which the contractor posts the data set on the Internet website at no additional cost to the state; or

(3) receives a gift or grant specifically for the purpose of posting one or more of the agency's high-value data sets on the Internet website.

(c) A high-value data set posted by a state agency under this section must be raw data in open standard format that allows the public to search, extract, organize, and analyze the information.

(d) The web page on which a state agency's high-value data set is posted must:

(1) use the agency's Internet website home page address and include the uniform resource locator suffix "data"; and

(2) have a conspicuously displayed link on either the agency's Internet website home page or another intuitive location accessible from the agency's Internet website home page.

(e) A state agency may accept a gift or grant for the purpose of posting one or more of the agency's high-value data sets on an Internet website.

(f) A state agency that posts a high-value data set on the Internet website maintained by or for the agency shall provide the department with a brief description of the data set and a link to the data set. The department shall post the description and link on the state electronic Internet portal.

Added by Acts 2011, 82nd Leg., R.S., Ch. 1328 (S.B. 701), Sec. 1, eff. September 1, 2011.

Amended by:

Acts 2013, 83rd Leg., R.S., Ch. 740 (S.B. 279), Sec. 1, eff. September 1, 2013.

Sec. 2054.127. INTERNET WEBSITE DEVELOPMENT: GRANTS AND ASSISTANCE. The department shall encourage each state agency to seek available grants and to work with public educational institutions and members of the business and industry community for the purpose of Internet website development and maintenance.

Added by Acts 2001, 77th Leg., ch. 545, Sec. 4, eff. Sept. 1, 2001.

Sec. 2054.128. ENVIRONMENTAL AND NATURAL RESOURCES AGENCIES INTERNET PORTAL. (a) State agencies that have jurisdiction over matters related to environmental protection or quality or to the development, conservation, or preservation of natural resources shall develop, in mutual cooperation with the department, a single information link, through the state electronic Internet portal, to provide electronic access to information and services related to the agencies' authority and duties, including access to agency rules and other public information.

(b) The department shall coordinate the efforts of the agencies in developing the information link to ensure that the efforts produce a link that is compatible with efforts of the task force conducted under Section 2054.062.

Added by Acts 2001, 77th Leg., ch. 613, Sec. 1, eff. Sept. 1, 2001. Renumbered from Government Code Sec. 2054.127 by Acts 2003, 78th Leg., ch. 1275, Sec. 2(82), eff. Sept. 1, 2003.

Amended by:

Acts 2007, 80th Leg., R.S., Ch. 1208 (H.B. 1789), Sec. 5, eff. September 1, 2007.

Acts 2011, 82nd Leg., R.S., Ch. 973 (H.B. 1504), Sec. 18, eff. June 17, 2011.

Sec. 2054.129. ADVERTISING ONLINE OPTIONS. Each state agency shall advertise the options for completing transactions with that agency online.

Added by Acts 2005, 79th Leg., Ch. 1260 (H.B. 2048), Sec. 4, eff. June 18, 2005.

Sec. 2054.130. REMOVAL OF DATA FROM DATA PROCESSING EQUIPMENT; RULES. (a) A state agency shall permanently remove data from data processing equipment before disposing of or otherwise transferring the equipment to a person who is not a state agency or other agent of the state. This section applies only to equipment that will not be owned by the state after the disposal or other transfer.

(b) The department shall adopt rules to implement this section. The rules must include rules that:

(1) specify what types of data processing equipment are covered by this section, including computer hard drives and other memory components;

(2) explain the acceptable methods for removal of data; and

(3) adopt appropriate forms for use by state agencies in documenting the removal process, including forms for documenting completion of the process.

Added by Acts 2005, 79th Leg., Ch. 686 (S.B. 255), Sec. 1, eff. September 1, 2005.

Sec. 2054.131. ELECTRONIC BENEFITS ENROLLMENT AND ADMINISTRATION SYSTEM. (a) In this section, "work site benefits plan" means a plan or other arrangement to provide to officers, employees, or former officers or employees:

(1) insurance, including health, life, and disability insurance and health benefits plans;

(2) flexible spending accounts; or

(3) savings or retirement benefits.

(b) If the department and the Legislative Budget Board each determine that a cost savings may be realized through a private vendor selected under this section, the department may implement a project that establishes a common electronic infrastructure through which each state agency, including any retirement system created by statute or by the constitution, shall:

(1) require its work site benefits plan participants to electronically:

(A) enroll in any work site benefits plans provided to the person by the state or a state agency;

(B) add, change, or delete benefits;

(C) sign any payroll deduction agreements to implement a contribution made to a plan in which the participant enrolls;

(D) terminate participation in a voluntary plan;

(E) initiate account investment changes and withdrawals in a retirement plan;

(F) obtain information regarding plan benefits; and

(G) communicate with the plan administrator; and

(2) administer its work site benefits plans electronically by using the project to:

(A) enroll new plan participants and, when appropriate, terminate plan participation;

(B) generate eligibility and enrollment reports for plan participants;

(C) link plan administration with payroll administration to facilitate payroll deductions for a plan;

(D) facilitate single-source billing arrangements between the agency and a plan provider; and

(E) transmit and receive information regarding the plan.

(c) The electronic infrastructure established under Subsection (b) may include the state electronic Internet portal, the Internet, intranets, extranets, and wide area networks.

(d) If the department implements an electronic infrastructure project under this section, the department shall select and contract with a single private vendor to implement the project. The contract must require the application of the project to all state agencies without cost to the state until the project is initially implemented.

(e) The private vendor selected under Subsection (d) must offer existing information resources technology for use in the project that:

(1) will be available to all state agencies, including retirement systems;

(2) includes each agency's work site benefits plan participants;

(3) will use, to the extent possible, the department's information technology standards, including information security, privacy and disaster recovery, and Internet-based technology standards;

(4) includes applications and a supporting platform that are already developed and used in connection with the electronic enrollment of work site benefits plans offered by other multiple plan providers;

(5) is available for use with a wide variety of plan and benefit providers;

(6) can be easily modified to permit changes in benefits offered by the state or a state agency;

(7) provides a solution to overcome limitations caused by the incompatibility of different legacy systems used by different state agencies and plan providers;

(8) is available for use over the Internet through existing or new websites or portals; and

(9) is supported, to the extent necessary, by:

(A) laptop and desktop enrollment and administration capabilities; and

(B) a telephone call center.

Added by Acts 2003, 78th Leg., 3rd C.S., ch. 10, Sec. 13.01, eff. Oct. 20, 2003.

Amended by:

Acts 2011, 82nd Leg., R.S., Ch. 973 (H.B. 1504), Sec. 19, eff. June 17, 2011.

Acts 2017, 85th Leg., R.S., Ch. 24 (S.B. 706), Sec. 2, eff. September 1, 2017.

Sec. 2054.132. POSTING OF FORMS REQUIRED. Each state agency shall make available on its Internet website each of its forms used by the public.

Added by Acts 2005, 79th Leg., Ch. 672 (S.B. 96), Sec. 1, eff. September 1, 2005.

Sec. 2054.133. INFORMATION SECURITY PLAN. (a) Each state agency shall develop, and periodically update, an information security plan for protecting the security of the agency's information.

(b) In developing the plan, the state agency shall:

(1) consider any vulnerability report prepared under Section 2054.077 for the agency;

(2) incorporate the network security services provided by the department to the agency under Chapter 2059;

(3) identify and define the responsibilities of agency staff who produce, access, use, or serve as custodians of the agency's information;

(4) identify risk management and other measures taken to protect the agency's information from unauthorized access, disclosure, modification, or destruction;

(5) include:

(A) the best practices for information security developed by the department; or

(B) a written explanation of why the best practices are not sufficient for the agency's security; and

(6) omit from any written copies of the plan information that could expose vulnerabilities in the agency's network or online systems.

(c) Not later than June 1 of each even-numbered year, each state agency shall submit a copy of the agency's information security plan to the department. Subject to available resources, the department may select a portion of the submitted security plans to be assessed by the department in accordance with department rules.

(d) Each state agency's information security plan is confidential and exempt from disclosure under Chapter 552.

(e) Each state agency shall include in the agency's information security plan a written document that is signed by the head of the agency, the chief financial officer, and each executive manager designated by the state agency and states that those persons have been made aware of the risks revealed during the preparation of the agency's information security plan.

(f) Not later than November 15 of each even-numbered year, the department shall submit a written report to the governor, the lieutenant governor, and each standing committee of the legislature with primary jurisdiction over matters related to the department evaluating information security for this state's information resources. In preparing the report, the department shall consider the information security plans submitted by state agencies under this section, any vulnerability reports submitted under Section 2054.077, and other available information regarding the security of this state's information resources. The department shall omit from any written copies of the report information that could expose specific vulnerabilities in the security of this state's information resources.

Added by Acts 2013, 83rd Leg., R.S., Ch. 1222 (S.B. 1597), Sec. 1, eff. September 1, 2013.

Amended by:

Acts 2015, 84th Leg., R.S., Ch. 369 (S.B. 34), Sec. 1, eff. September 1, 2015.

Acts 2017, 85th Leg., R.S., Ch. 683 (H.B. 8), Sec. 10, eff. September 1, 2017.

Acts 2017, 85th Leg., R.S., Ch. 955 (S.B. 1910), Sec. 3, eff. September 1, 2017.

Acts 2019, 86th Leg., R.S., Ch. 509 (S.B. 64), Sec. 15, eff. September 1, 2019.

Acts 2019, 86th Leg., R.S., Ch. 573 (S.B. 241), Sec. 1.14, eff. September 1, 2019.

Sec. 2054.134. DEVICE AND INTERNET BROWSER COMPATIBILITY. (a) In this section, "wireless communication device" means a device capable of using a commercial mobile service as defined by 47 U.S.C. Section 332.

(b) The department shall identify the three most commonly used Internet browsers and post a list containing those browsers in a conspicuous location on the department's Internet website. The department shall biennially review and, if necessary, update the list required under this subsection.

(c) Each state agency that maintains a generally accessible Internet website or for which a generally accessible Internet website is maintained shall ensure that the website is compatible with:

(1) a wireless communication device; and

(2) the most recent version of each Internet browser listed by the department as required under Subsection (b).

Added by Acts 2015, 84th Leg., R.S., Ch. 513 (H.B. 855), Sec. 1, eff. September 1, 2015.

Sec. 2054.135. DATA USE AGREEMENT. (a) Each state agency shall develop a data use agreement for use by the agency that meets the particular needs of the agency and is consistent with rules adopted by the department that relate to information security standards for state agencies.

(b) A state agency shall update the data use agreement at least biennially, but may update the agreement at any time as necessary to accommodate best practices in data management.

(c) A state agency shall distribute the data use agreement developed under this section, and each update to that agreement, to employees of the agency who handle sensitive information, including financial, medical, personnel, or student data. The employee shall sign the data use agreement distributed and each update to the agreement.

(d) To the extent possible, a state agency shall provide employees described by Subsection (c) with cybersecurity awareness training to coincide with the distribution of:

(1) the data use agreement required under this section; and

(2) each biennial update to that agreement.

Added by Acts 2015, 84th Leg., R.S., Ch. 965 (S.B. 1877), Sec. 1, eff. September 1, 2015.

Redesignated from Government Code, Section 2054.134 by Acts 2017, 85th Leg., R.S., Ch. 324 (S.B. 1488), Sec. 24.001(23), eff. September 1, 2017.

Sec. 2054.136. DESIGNATED INFORMATION SECURITY OFFICER. Each state agency shall designate an information security officer who:

(1) reports to the agency's executive-level management;

(2) has authority over information security for the entire agency;

(3) possesses the training and experience required to perform the duties required by department rules; and

(4) to the extent feasible, has information security duties as the officer's primary duties.

Added by Acts 2017, 85th Leg., R.S., Ch. 955 (S.B. 1910), Sec. 4, eff. September 1, 2017.

Sec. 2054.137. DESIGNATED DATA MANAGEMENT OFFICER. (a) Each state agency with more than 150 full-time employees shall designate a full-time employee of the agency to serve as a data management officer.

(b) The data management officer for a state agency shall:

(1) coordinate with the chief data officer to ensure the agency performs the duties assigned under Section 2054.0286;

(2) in accordance with department guidelines, establish an agency data governance program to identify the agency's data assets, exercise authority and management over the agency's data assets, and establish related processes and procedures to oversee the agency's data assets; and

(3) coordinate with the agency's information security officer, the agency's records management officer, and the Texas State Library and Archives Commission to:

(A) implement best practices for managing and securing data in accordance with state privacy laws and data privacy classifications;

(B) ensure the agency's records management programs apply to all types of data storage media;

(C) increase awareness of and outreach for the agency's records management programs within the agency; and

(D) conduct a data maturity assessment of the agency's data governance program in accordance with the requirements established by department rule.

(c) In accordance with department guidelines, the data management officer for a state agency shall post on the Texas Open Data Portal established by the department under Section 2054.070 at least three high-value data sets as defined by Section 2054.1265. The high-value data sets may not include information that is confidential or protected from disclosure under state or federal law.

(d) The data management officer for a state agency may delegate in writing to another agency employee the duty to:

(1) implement a specific requirement of Subsection (b) or (c); or

(2) participate in the advisory committee established under Section 2054.0332.

Added by Acts 2021, 87th Leg., R.S., Ch. 567 (S.B. 475), Sec. 4, eff. June 14, 2021.

Sec. 2054.138. SECURITY CONTROLS FOR STATE AGENCY DATA. Each state agency entering into or renewing a contract with a vendor authorized to access, transmit, use, or store data for the agency shall include a provision in the contract requiring the vendor to meet the security controls the agency determines are proportionate with the agency's risk under the contract based on the sensitivity of the agency's data. The vendor must periodically provide to the agency evidence that the vendor meets the security controls required under the contract.

Added by Acts 2021, 87th Leg., R.S., Ch. 567 (S.B. 475), Sec. 4, eff. June 14, 2021.

SUBCHAPTER G. PROJECT MANAGEMENT PRACTICES


Sec. 2054.151. PURPOSE AND FINDINGS. (a) The legislature intends that state agency information resources and information resources technologies projects will be successfully completed on time and within budget and that the projects will function and provide benefits in the manner the agency projected in its plans submitted to the department and in its appropriations requests submitted to the legislature.

(b) The legislature finds that to ensure the successful completion of all information resources projects, all projects must be managed using project management practices.

Added by Acts 1997, 75th Leg., ch. 606, Sec. 19, eff. Sept. 1, 1997.

Amended by:

Acts 2007, 80th Leg., R.S., Ch. 1208 (H.B. 1789), Sec. 7, eff. September 1, 2007.

Sec. 2054.152. DEFINITION. In this subchapter, "project management practices" includes the documented and repeatable activities through which a state agency applies knowledge, skills, tools, and techniques to satisfy project activity requirements.

Added by Acts 1997, 75th Leg., ch. 606, Sec. 19, eff. Sept. 1, 1997.

Amended by:

Acts 2007, 80th Leg., R.S., Ch. 1208 (H.B. 1789), Sec. 8, eff. September 1, 2007.

Acts 2009, 81st Leg., R.S., Ch. 393 (H.B. 1705), Sec. 2.04, eff. September 1, 2009.

Sec. 2054.153. DEPARTMENT GUIDELINES. (a) The department by rule shall establish guidelines for project management practices that take into account varying levels of project size and complexity.

(b) In developing the guidelines, the department shall:

(1) consult with state agencies; and

(2) accommodate existing project management practices of state agencies.

Added by Acts 1997, 75th Leg., ch. 606, Sec. 19, eff. Sept. 1, 1997.

Amended by:

Acts 2007, 80th Leg., R.S., Ch. 1208 (H.B. 1789), Sec. 9, eff. September 1, 2007.

Sec. 2054.154. DEPARTMENT ASSISTANCE. The department shall establish a comprehensive technical assistance program to aid state agencies in developing and implementing their own project management practices.

Added by Acts 1997, 75th Leg., ch. 606, Sec. 19, eff. Sept. 1, 1997.

Amended by:

Acts 2007, 80th Leg., R.S., Ch. 1208 (H.B. 1789), Sec. 10, eff. September 1, 2007.

Sec. 2054.156. STATE AGENCY DUTIES. (a) Each state agency shall manage information resources projects based on project management practices that are consistent with the department's guidelines under Section 2054.153.

(b) The agency's information resources manager shall oversee the implementation of the agency's project management practices.

Without reference to the amendment of this subsection, this subsection was repealed by Acts 2007, 80th Leg., R.S., Ch. 691 (H.B. 1788), Sec. 14, effective September 1, 2007.


(c) The agency's information resources manager shall demonstrate in the agency strategic plan the extent to which the agency uses its project management practices.

Added by Acts 1997, 75th Leg., ch. 606, Sec. 19, eff. Sept. 1, 1997.

Amended by:

Acts 2007, 80th Leg., R.S., Ch. 691 (H.B. 1788), Sec. 14, eff. September 1, 2007.

Acts 2007, 80th Leg., R.S., Ch. 1208 (H.B. 1789), Sec. 11, eff. September 1, 2007.

Sec. 2054.157. OVERSIGHT BY DEPARTMENT. (a) The department may make formal recommendations to a state agency regarding the agency's need to develop, implement, or improve its project management practices.

(b) The department shall report on state agencies' progress in developing and implementing project management practices as part of the department's biennial performance report.

Added by Acts 1997, 75th Leg., ch. 606, Sec. 19, eff. Sept. 1, 1997.

Amended by:

Acts 2007, 80th Leg., R.S., Ch. 1208 (H.B. 1789), Sec. 12, eff. September 1, 2007.

Sec. 2054.158. QUALITY ASSURANCE TEAM; DUTIES. (a) The comptroller, state auditor, Legislative Budget Board, and department shall:

(1) create a quality assurance team to perform the duties specified in this chapter and other law;

(2) specify in writing the responsibilities of the comptroller, state auditor, Legislative Budget Board, and department in performing the duties; and

(3) create an automated project review system.

(b) The quality assurance team shall:

(1) develop and recommend policies and procedures to improve the development, implementation, and return on investment for state agency information resources technology projects;

(2) except as provided by Subsection (e), review a state agency's business case prepared for a major information resources project under Section 2054.303 and make recommendations to improve the implementation of the project;

(3) provide annual training for state agency procurement and contract management staff on best practices and methodologies for information technology contracts;

(4) review and provide recommendations on the final negotiated terms of a contract for the development or implementation of a major information resources project with a value of at least $10 million; and

(5) provide a report to the governor, lieutenant governor, speaker of the house of representatives, and presiding officer of the standing committee of each house of the legislature with primary jurisdiction over appropriations by December 1 of each even-numbered year that includes:

(A) the performance indicator report required by Section 2054.159(a);

(B) a summary of any major issues identified in state agency reports submitted under Section 2054.159(f);

(C) an appendix containing any justifications submitted to the quality assurance team under Section 2054.160(d); and

(D) any additional information considered appropriate by the quality assurance team.

(c) The state auditor serves on the quality assurance team as an advisor.

(d) The comptroller by rule shall develop guidelines for the additional or reduced monitoring of major information resources projects and associated contracts of state agencies during the periods described by Sections 2261.258(c)(2)(A), (B), and (C).

(e) The quality assurance team may waive the review authorized by Subsection (b)(2) for any project for which the team determines that a waiver of the review is appropriate because of the project's associated risk.

Added by Acts 2003, 78th Leg., ch. 1246, Sec. 13, eff. Sept. 1, 2003.

Amended by:

Acts 2013, 83rd Leg., R.S., Ch. 676 (H.B. 1965), Sec. 1, eff. September 1, 2013.

Acts 2017, 85th Leg., R.S., Ch. 556 (S.B. 533), Sec. 3, eff. September 1, 2017.

Acts 2019, 86th Leg., R.S., Ch. 953 (S.B. 65), Sec. 5, eff. September 1, 2019.

Sec. 2054.159. MAJOR INFORMATION RESOURCES PROJECT MONITORING. (a) For the entire life cycle of each major information resources project, the quality assurance team shall monitor and report on performance indicators for each project, including schedule, cost, scope, and quality.

(b) The department by rule shall develop the performance indicators the quality assurance team is required to monitor under Subsection (a). In adopting rules under this subsection, the department shall consider applicable information technology industry standards.

(c) Repealed by Acts 2019, 86th Leg., R.S., Ch. 953 (S.B. 65), Sec. 30(4), eff. September 1, 2019.

(d) Repealed by Acts 2019, 86th Leg., R.S., Ch. 953 (S.B. 65), Sec. 30(4), eff. September 1, 2019.

(e) The department shall create and maintain on the department's Internet website a user-friendly data visualization tool that provides an analysis and visual representation of the performance indicators developed under Subsection (b) for each major information resources project.

(f) For each major information resources project, a state agency shall provide the quality assurance team any verification and validation report or quality assurance report related to the project not later than the 10th day after the date the agency receives a request for the report.

(g) The quality assurance team may request any information necessary to determine a major information resources project's potential risk.

Added by Acts 2017, 85th Leg., R.S., Ch. 897 (H.B. 3275), Sec. 2, eff. January 1, 2018.

Amended by:

Acts 2019, 86th Leg., R.S., Ch. 953 (S.B. 65), Sec. 6, eff. September 1, 2019.

Acts 2019, 86th Leg., R.S., Ch. 953 (S.B. 65), Sec. 30(4), eff. September 1, 2019.

Sec. 2054.160. REVIEW OF CONTRACT FOR MAJOR INFORMATION RESOURCES PROJECT. (a) For each contract for the development or implementation of a major information resources project with a value of at least $10 million, a state agency shall:

(1) submit the proposed terms of the contract to the quality assurance team before the start of negotiations; and

(2) submit the final negotiated unsigned contract to the quality assurance team for review under Section 2054.158(b)(4).

(b) After the quality assurance team makes a recommendation under Section 2054.158(b)(4), a state agency shall:

(1) comply with the recommendation; or

(2) submit to the quality assurance team a written explanation regarding why the recommendation is not applicable to the contract under review.

(c) Before amending a contract related to a major information resources project, a state agency must notify the governor, lieutenant governor, speaker of the house of representatives, presiding officer of the standing committee of each house of the legislature with primary jurisdiction over appropriations, and quality assurance team if:

(1) the total value of the amended contract exceeds or will exceed the initial contract value by 10 percent or more; or

(2) the amendment requires the contractor to provide consultative services, technical expertise, or other assistance in defining project scope or deliverables.

(d) A state agency shall provide to the quality assurance team a justification for an amendment subject to Subsection (c).

Added by Acts 2019, 86th Leg., R.S., Ch. 953 (S.B. 65), Sec. 7, eff. September 1, 2019.

Sec. 2054.161. DATA CLASSIFICATION, SECURITY, AND RETENTION REQUIREMENTS. On initiation of an information resources technology project, including an application development project and any information resources projects described in this subchapter, a state agency shall classify the data produced from or used in the project and determine appropriate data security and applicable retention requirements under Section 441.185 for each classification.

Added by Acts 2021, 87th Leg., R.S., Ch. 567 (S.B. 475), Sec. 5, eff. June 14, 2021.

SUBCHAPTER H. TELECOMMUNICATIONS PLANNING


Sec. 2054.2011. DEFINITIONS. In this subchapter:

(1) "Centralized capitol complex telephone system" means the system described in Section 2170.059.

(2) "Consolidated telecommunications system" has the meaning assigned by Section 2170.001.

Added by Acts 2001, 77th Leg., ch. 1422, Sec. 4.05, eff. Sept. 1, 2001.

Sec. 2054.203. TELECOMMUNICATIONS PLANNING AND POLICY. (a) The department shall comprehensively collect and manage telecommunications network configuration information about existing and planned telecommunications networks throughout state government.

(b) The department may require state agencies to submit to the department the agencies' network configuration information, but the department must use existing reports to gather the information if possible and minimize the reporting burden on agencies to the extent possible.

(c) The department shall establish plans and policies for a system of telecommunications services.

(d) The department shall develop a statewide telecommunications operating plan for all state agencies. The plan shall implement a statewide network and include technical specifications.

(e) The department shall adopt appropriate policies and standards that govern the cost-effective and efficient management, operation, and use of state telecommunications services and shall distribute those policies and standards to all state agencies.

(f) Each state agency shall comply with the rules, policies, standards, and guidelines the department adopts under this section.

(g) Strategic planning for all state telecommunications services shall be performed in accordance with the guiding principles of the state strategic plan for information resources management.

Added by Acts 1997, 75th Leg., ch. 606, Sec. 20, eff. Sept. 1, 1997. Amended by Acts 2001, 77th Leg., ch. 1422, Sec. 4.07, eff. Sept. 1, 2001.

Amended by:

Acts 2007, 80th Leg., R.S., Ch. 394 (S.B. 757), Sec. 4, eff. September 1, 2007.

Acts 2009, 81st Leg., R.S., Ch. 393 (H.B. 1705), Sec. 1.03, eff. September 1, 2009.

Sec. 2054.205. DEVELOPMENT OF SYSTEM. (a) The department shall develop functional requirements for a statewide system of telecommunications services for all state agencies. Existing networks, as configured on September 1, 1991, of institutions of higher education are exempt from the requirements.

(b) The department shall develop requests for information and proposals for a statewide system of telecommunications services for all state agencies.

Added by Acts 1997, 75th Leg., ch. 606, Sec. 20, eff. Sept. 1, 1997. Amended by Acts 2001, 77th Leg., ch. 1422, Sec. 4.09, eff. Sept. 1, 2001; Acts 2003, 78th Leg., ch. 1068, Sec. 4, eff. June 20, 2003.

Amended by:

Acts 2007, 80th Leg., R.S., Ch. 394 (S.B. 757), Sec. 6, eff. September 1, 2007.

Acts 2009, 81st Leg., R.S., Ch. 393 (H.B. 1705), Sec. 1.05, eff. September 1, 2009.

Sec. 2054.2051. OVERSIGHT OF SYSTEMS. (a) The department shall develop service objectives for the consolidated telecommunications system and the centralized capitol complex telephone system.

(b) The department shall develop performance measures to establish cost-effective operations and staffing of the consolidated telecommunications system and the centralized capitol complex telephone system.

(c) The department shall review the status of all projects related to and the financial performance of the consolidated telecommunications system and the centralized capitol complex telephone system, including:

(1) a comparison between actual performance and projected goals at least once every three months; and

(2) any benefit of contracting with private vendors to provide some or all of the systems at least once each year.

Added by Acts 2001, 77th Leg., ch. 1422, Sec. 4.10, eff. Sept. 1, 2001. Amended by Acts 2003, 78th Leg., ch. 1246, Sec. 14, eff. Sept. 1, 2003.

Amended by:

Acts 2007, 80th Leg., R.S., Ch. 394 (S.B. 757), Sec. 7, eff. September 1, 2007.

Acts 2009, 81st Leg., R.S., Ch. 393 (H.B. 1705), Sec. 1.06, eff. September 1, 2009.

SUBCHAPTER I. STATE ELECTRONIC INTERNET PORTAL PROJECT


Sec. 2054.251. DEFINITIONS. In this subchapter:

(1) Repealed by Acts 2005, 79th Leg., Ch. 1260, Sec. 24(1), eff. June 18, 2005.

(2) Repealed by Acts 2005, 79th Leg., Ch. 1260, Sec. 24(1), eff. June 18, 2005.

(3) "Licensing entity" means a department, commission, board, office, or other agency of the state or a political subdivision of the state that issues an occupational license.

(4) "Local government" means a county, municipality, special district, school district, junior college district, or other political subdivision of the state.

(5) "Occupational license" means a license, certificate, registration, permit, or other form of authorization, including a renewal of the authorization, that:

(A) a person must obtain to practice or engage in a particular business, occupation, or profession; or

(B) a facility must obtain before a particular business, occupation, or profession is practiced or engaged in within the facility.

(6) "Project" means the project implemented under Section 2054.252.

Added by Acts 2001, 77th Leg., ch. 342, Sec. 3, eff. May 3, 2001. Amended by Acts 2003, 78th Leg., ch. 1216, Sec. 5, eff. June 20, 2003.

Amended by:

Acts 2005, 79th Leg., Ch. 1260 (H.B. 2048), Sec. 24(1), eff. June 18, 2005.

Acts 2005, 79th Leg., Ch. 1292 (H.B. 2593), Sec. 12(1), eff. June 18, 2005.

Sec. 2054.252. STATE ELECTRONIC INTERNET PORTAL PROJECT. (a) The department shall implement a state electronic Internet portal project that establishes a common electronic infrastructure through which state agencies and local governments, including licensing entities, may by any method:

(1) send and receive documents or required payments to and from:

(A) members of the public;

(B) persons who are regulated by the agencies or local governments; and

(C) the agencies and local governments;

(2) receive applications for original and renewal licenses and permits, including occupational licenses, complaints about occupational license holders, and other documents for filing from members of the public and persons who are regulated by a state agency or local government that, when secure access is necessary, can be electronically validated by the agency, local government, member of the public, or regulated person;

(3) send original and renewal occupational licenses to persons regulated by licensing entities;

(4) send profiles of occupational license holders to persons regulated by licensing entities and to the public;

(5) store information; and

(6) provide and receive any other service to and from the agencies and local governments or the public.

(b) The electronic infrastructure established by the department under Subsection (a) may include the Internet, intranets, extranets, and wide area networks.

(b-1) The department may include in the electronic infrastructure established under Subsection (a) a method by which a state agency or local government may track payments, including cash and credit card payments, received by the state agency or local government, whether or not the payments are made through the infrastructure.

(c) The department may implement this section in phases. Each state agency or local government that chooses to participate in the project and each licensing entity shall comply with the schedule established by the department.

(d) The department may contract with a private vendor to implement this section.

(e) The department shall charge fees to licensing entities as provided by this subchapter in amounts sufficient to cover the cost of implementing this section with respect to licensing entities. The department shall charge a subscription fee to be paid by each licensing entity. The department may not charge the subscription fee until the service for which the fee is charged is available on the Internet. If the department determines that the transaction costs exceed the maximum increase in occupational license issuance or renewal fees allowed under Subsection (g), the department may also charge a reasonable convenience fee to be recovered from a license holder who uses the project for online issuance or renewal of a license.

(f) The department may exempt a licensing entity from subscription fees under Subsection (e) if the department determines that the licensing entity has established an Internet portal that is performing the functions described by Subsection (a).

(g) Each licensing entity shall increase the occupational license issuance or renewal fees imposed by the licensing entity by an amount sufficient to cover the cost of the subscription fee imposed on the licensing entity under Subsection (e) but not to exceed:

(1) $5 for an annual occupational license;

(2) $10 for a biennial occupational license; or

(3) the amount necessary to cover the cost of the subscription fee imposed on the licensing entity under Subsection (e) for permits or facilities licenses.

(h) The department shall provide an opportunity for a person to make a contribution to the trafficked persons program account established under Section 50.0153, Health and Safety Code, when the person accesses the state electronic Internet portal for a purpose described by Subsection (a) that involves submitting a payment to this state. The department may deduct from the donations made under this subsection an amount equal to the department's reasonable expenses associated with administering this subsection. Money contributed under this subsection shall be deposited to the credit of the account.

(i) The department shall collaborate with the Texas Department of Motor Vehicles, the Department of Public Safety, and any other state agency to maximize donations to the trafficked persons program account established under Section 50.0153, Health and Safety Code.

Added by Acts 2001, 77th Leg., ch. 342, Sec. 3, eff. May 3, 2001. Amended by Acts 2003, 78th Leg., ch. 1216, Sec. 15, eff. June 20, 2003.

Amended by:

Acts 2005, 79th Leg., Ch. 1260 (H.B. 2048), Sec. 6, eff. June 18, 2005.

Acts 2005, 79th Leg., Ch. 1260 (H.B. 2048), Sec. 24(2), eff. June 18, 2005.

Acts 2005, 79th Leg., Ch. 1292 (H.B. 2593), Sec. 3, eff. June 18, 2005.

Acts 2005, 79th Leg., Ch. 1292 (H.B. 2593), Sec. 12(2), eff. June 18, 2005.

Acts 2007, 80th Leg., R.S., Ch. 389 (S.B. 687), Sec. 2, eff. June 15, 2007.

Acts 2011, 82nd Leg., R.S., Ch. 973 (H.B. 1504), Sec. 21, eff. June 17, 2011.

Acts 2011, 82nd Leg., R.S., Ch. 973 (H.B. 1504), Sec. 22, eff. June 17, 2011.

Acts 2021, 87th Leg., R.S., Ch. 704 (H.B. 2633), Sec. 6, eff. September 1, 2021.

Sec. 2054.259. GENERAL POWERS AND DUTIES OF DEPARTMENT. The department shall:

(1) develop policies related to operation of the project;

(2) approve or disapprove services to be provided by the project;

(3) operate and promote the project;

(4) oversee contract performance for the project;

(5) comply with department financial requirements;

(6) oversee money generated for the operation and expansion of the project;

(7) develop project pricing policies, including policies regarding any fees that a state agency, including the department, or a local government may charge for a transaction that uses the project;

(8) evaluate participation in the project to determine if performance efficiencies or other benefits and opportunities are gained through project implementation; and

(9) perform periodic security audits of the operational facilities of the project.

Added by Acts 2001, 77th Leg., ch. 342, Sec. 3, eff. May 3, 2001. Amended by Acts 2003, 78th Leg., ch. 1216, Sec. 13, eff. June 20, 2003.

Amended by:

Acts 2005, 79th Leg., Ch. 1260 (H.B. 2048), Sec. 7, eff. June 18, 2005.

Text of section as added by Acts 2005, 79th Leg., R.S., Ch. 1260 (H.B. 2048), Sec. 8


For text of section as added by Acts 2005, 79th Leg., Ch. 1292 (H.B. 2593), Sec. 6, see other Sec. 2054.2591.


Sec. 2054.2591. FEES. (a) The department shall set fees that a state agency, including the department, or a local government may charge for a transaction that uses the project. The department shall set fees at amounts sufficient to recover the direct and indirect costs of the project.

(b) A fee set by the department for using the project is in addition to any other statutory fees. The revenue collected from the fees must be used to support the project, including the recovery of project costs.

Added by Acts 2005, 79th Leg., Ch. 1260 (H.B. 2048), Sec. 8, eff. June 18, 2005.

Text of section as added by Acts 2005, 79th Leg., R.S., Ch. 1292 (H.B. 2593), Sec. 6


For text of section as added by Acts 2005, 79th Leg., Ch. 1260 (H.B. 2048), Sec. 8, see other Sec. 2054.2591.


Sec. 2054.2591. FEES. (a) The authority shall set fees that a state agency, including the authority, or a local government may charge for a transaction that uses the project. The authority shall set fees at amounts sufficient to recover the direct and indirect costs of the project and provide a reasonable rate of return to the authority.

(b) The authority shall charge a state agency or local government a fee for all services provided to that entity.

(c) A fee set by the authority for using the project is in addition to any other statutory fees. The revenue collected from the fees must be used to support the project, including the recovery of project costs.

(d) No fee may be charged to a person authorized to file electronically under Section 195.003, Local Government Code, for filing, recording, access to, or electronic copies of a real property record subject to the provisions of Chapter 195, Local Government Code, except as provided in Section 195.006 or 195.007, Local Government Code.

Added by Acts 2005, 79th Leg., Ch. 1292 (H.B. 2593), Sec. 6, eff. June 18, 2005.

Sec. 2054.2592. FEE EXEMPTION; BARBER AND COSMETOLOGY BOARDS. The department may not charge the State Board of Barber Examiners or the Texas Cosmetology Commission a fee to use the project for the issuance or renewal of an occupational license.

Added by Acts 2005, 79th Leg., Ch. 1260 (H.B. 2048), Sec. 8, eff. June 18, 2005.

Sec. 2054.260. REPORTING REQUIREMENTS. (a) Not later than November 15 of each even-numbered year, the department shall report on the status, progress, benefits, and efficiency gains of the project. The department shall provide the report to:

(1) the presiding officer of each house of the legislature;

(2) the chair of each committee in the legislature that has primary jurisdiction over the department;

(3) the governor; and

(4) each state agency or local government participating in the project.

(b) Not later than November 15 of each even-numbered year, the department shall report on financial matters, including project costs and revenues, and on any significant issues regarding contract performance on the project.

(c) The department shall provide the report to:

(1) the presiding officer of each house of the legislature; and

(2) the chair of each committee in the legislature with primary jurisdiction over the department.

Added by Acts 2001, 77th Leg., ch. 342, Sec. 3, eff. May 3, 2001.

Amended by:

Acts 2005, 79th Leg., Ch. 1260 (H.B. 2048), Sec. 9, eff. June 18, 2005.

Reenacted by Acts 2007, 80th Leg., R.S., Ch. 921 (H.B. 3167), Sec. 7.0042, eff. September 1, 2007.

Amended by:

Acts 2013, 83rd Leg., R.S., Ch. 48 (H.B. 2472), Sec. 11, eff. September 1, 2013.

Sec. 2054.2605. REPORTING REQUIREMENTS: LICENSING ENTITIES. (a) Each licensing entity shall report to the Legislative Budget Board on the licensing entity's progress in using the project in performing the functions described by Section 2054.252(a).

(b) This section applies only to a licensing entity for which the department has begun implementation of the project under the schedule established by the department.

(c) A report required by this section shall be submitted every six months according to a reporting schedule established by the Legislative Budget Board.

Added by Acts 2001, 77th Leg., ch. 342, Sec. 3, eff. May 3, 2001.

Amended by:

Acts 2005, 79th Leg., Ch. 1260 (H.B. 2048), Sec. 10, eff. June 18, 2005.

Sec. 2054.2606. REPORTING PROFILE INFORMATION. (a) The following licensing entities shall establish a profile system consisting of the specific license holder information prescribed by Subsection (c):

(1) Texas Board of Chiropractic Examiners, with respect to chiropractors;

(2) Texas Department of Licensing and Regulation, with respect to podiatrists;

(3) State Board of Dental Examiners, with respect to dentists;

(4) Texas Optometry Board, with respect to optometrists and therapeutic optometrists;

(5) Texas Board of Physical Therapy Examiners, with respect to physical therapists and physical therapy facilities;

(6) Texas Board of Occupational Therapy Examiners, with respect to occupational therapists and occupational therapy facilities;

(7) Texas Behavioral Health Executive Council, with respect to psychologists; and

(8) Texas State Board of Pharmacy, with respect to pharmacists and pharmacies.

(b) A licensing entity other than a licensing entity listed in Subsection (a) is encouraged to establish a profile system consisting of the specific license holder information prescribed by Subsection (c).

(c) A licensing entity that establishes a profile system under this section shall determine the information to be included in the system and the manner for collecting and reporting the information. At a minimum, the entity shall include the following information in the profile system:

(1) the name of the license holder and the address and telephone number of the license holder's primary practice location;

(2) whether the license holder's patient, client, user, customer, or consumer service areas, as applicable, are accessible to disabled persons, as defined by federal law;

(3) the type of language translating services, including translating services for a person with impairment of hearing, that the license holder provides for patients, clients, users, customers, or consumers, as applicable;

(4) if applicable, insurance information, including whether the license holder participates in the state child health plan under Chapter 62, Health and Safety Code, or the Medicaid program;

(5) the education and training received by the license holder, as required by the licensing entity;

(6) any specialty certification held by the license holder;

(7) the number of years the person has practiced as a license holder; and

(8) if applicable, any hospital affiliation of the license holder.

(d) The department shall adopt rules to prescribe the amount of the fee to be collected by a state agency that establishes a profile system for its license holders.

(e) The department shall adopt additional rules as necessary to assist in the funding and administration of the profile systems established by state agencies, including rules prescribing policies for vendor contracts relating to the collection and entry of profile data.

Added by Acts 2001, 77th Leg., ch. 342, Sec. 3, eff. May 3, 2001.

Amended by:

Acts 2005, 79th Leg., Ch. 1260 (H.B. 2048), Sec. 11, eff. June 18, 2005.

Acts 2019, 86th Leg., R.S., Ch. 467 (H.B. 4170), Sec. 19.005, eff. September 1, 2019.

Acts 2019, 86th Leg., R.S., Ch. 768 (H.B. 1501), Sec. 3.003, eff. September 1, 2019.

Sec. 2054.261. ASSISTANCE AND COORDINATION WITH OTHER GOVERNMENTAL ENTITIES. (a) The department shall:

(1) assist state agencies and local governments in researching and identifying potential funding sources for the project;

(2) assist state agencies and local governments in using the project;

(3) assist the legislature and other state leadership in coordinating electronic government initiatives; and

(4) coordinate operations between state agencies and local governments to achieve integrated planning for the project.

(b) The department by rule shall adopt standards for state agency Internet websites to ensure consistency and compatibility with the project. Each state agency shall make its Internet website conform to the standards.

Added by Acts 2001, 77th Leg., ch. 342, Sec. 3, eff. May 3, 2001.

Amended by:

Acts 2005, 79th Leg., Ch. 1260 (H.B. 2048), Sec. 12, eff. June 18, 2005.

Acts 2007, 80th Leg., R.S., Ch. 389 (S.B. 687), Sec. 3, eff. June 15, 2007.

Sec. 2054.262. RULES. The department shall adopt rules regarding operation of the project.

Added by Acts 2001, 77th Leg., ch. 342, Sec. 3, eff. May 3, 2001.

Amended by:

Acts 2005, 79th Leg., Ch. 1260 (H.B. 2048), Sec. 13, eff. June 18, 2005.

Sec. 2054.263. SEAL. The department shall adopt an icon, symbol, brand, seal, or other identifying device to represent the project.

Added by Acts 2001, 77th Leg., ch. 342, Sec. 3, eff. May 3, 2001.

Amended by:

Acts 2005, 79th Leg., Ch. 1260 (H.B. 2048), Sec. 14, eff. June 18, 2005.

Sec. 2054.266. DONATIONS AND GRANTS. The department may request and accept a donation or grant from any person for use by the department in implementing or managing the project.

Added by Acts 2001, 77th Leg., ch. 342, Sec. 3, eff. May 3, 2001.

Amended by:

Acts 2005, 79th Leg., Ch. 1260 (H.B. 2048), Sec. 15, eff. June 18, 2005.

Sec. 2054.268. CONTRACTS; CONFLICT OF INTEREST. A contract entered into between the authority and another state agency or a local government is not void for the sole reason that a member of the authority also serves on the governing body of the state agency or local government with which the contract was entered.

Added by Acts 2003, 78th Leg., ch. 1216, Sec. 14, eff. June 20, 2003.

Sec. 2054.269. INTELLECTUAL PROPERTY RIGHTS. The department may exercise all intellectual property rights regarding the project, including prevention of other persons from using names or designs similar to those used by the project to market products.

Added by Acts 2003, 78th Leg., ch. 1216, Sec. 14, eff. June 20, 2003.

Sec. 2054.271. AUTHENTICATION OF INDIVIDUAL IDENTITIES AND SIGNATURES; RULES. (a) The department or another state agency or local government that uses the project may use the Department of Public Safety's or another state agency's database, as appropriate, to authenticate an individual's identity on the project.

(b) The authentication allowed by this section may be used by the state agency or local government as an alternative to requiring a notarized document, a document signed by a third party, or an original signature on a document.

(c) The department may adopt rules regarding the use of a standardized database for authentication under this section.

Added by Acts 2003, 78th Leg., ch. 1216, Sec. 14, eff. June 20, 2003.

Amended by:

Acts 2005, 79th Leg., Ch. 1260 (H.B. 2048), Sec. 16, eff. June 18, 2005.

Sec. 2054.272. BUSINESS PERMITS AND LICENSES INTERNET PORTAL. (a) A state agency that has jurisdiction over matters related to occupational licenses, including a licensing entity of this state, shall develop in cooperation with the department a link through the state electronic Internet portal.

(b) The link shall provide streamlined access to each occupational license listed on the state electronic Internet portal.

(c) The department may not charge a fee to implement this section.

Added by Acts 2005, 79th Leg., Ch. 672 (S.B. 96), Sec. 2, eff. September 1, 2005.

Amended by:

Acts 2007, 80th Leg., R.S., Ch. 921 (H.B. 3167), Sec. 7.0043, eff. September 1, 2007.

Acts 2011, 82nd Leg., R.S., Ch. 973 (H.B. 1504), Sec. 23, eff. June 17, 2011.

Sec. 2054.2721. INDEPENDENT ANNUAL AUDIT. (a) Not later than August 1 of each year, any private vendor chosen to implement or manage the project shall have an audit of the vendor's finances associated with the management and operation of the project performed by an independent certified public accountant selected by the state. The vendor shall pay for the audit and shall have a copy of the audit provided to the department.

(b) Not later than August 15 of each year, the department shall provide a copy of the audit report to:

(1) the presiding officer of each house of the legislature; and

(2) the chair of each committee in the legislature with primary jurisdiction over the department.

(c) The department shall keep a copy of the audit report and make the audit report available for inspection by any interested person during regular business hours.

Added by Acts 2005, 79th Leg., Ch. 1292 (H.B. 2593), Sec. 9, eff. June 18, 2005.

Renumbered from Government Code, Sections 2054.272 and 2054.273 and reenacted by Acts 2007, 80th Leg., R.S., Ch. 921 (H.B. 3167), Sec. 7.005, eff. September 1, 2007.

Sec. 2054.273. COLLECTION AND FORWARDING OF FEES. (a) A state agency or a vendor, as determined by the department, shall collect all fees charged to use the project. If a state agency collects the fees charged to use the project, the state agency shall forward the fees to the vendor, if the state has contracted with a vendor under Section 2054.252(d). If the state has not contracted with a vendor, the state agency shall forward to the state an amount equal to the state's share of the fees. If a vendor collects or receives the fees charged for use of the project, it shall forward to the state an amount equal to the state's share of the fees as provided by the vendor's contract with the department.

(b) A person that pays a fee for using the project may recover the fee in the ordinary course of business.

Added by Acts 2005, 79th Leg., Ch. 1292 (H.B. 2593), Sec. 10, eff. June 18, 2005.

Amended by:

Acts 2007, 80th Leg., R.S., Ch. 921 (H.B. 3167), Sec. 7.0051, eff. September 1, 2007.

Sec. 2054.274. RECOVERY OF FEES. A person that pays a fee for using the project may recover the fee in the ordinary course of business.

Added by Acts 2005, 79th Leg., Ch. 1260 (H.B. 2048), Sec. 17, eff. June 18, 2005.

SUBCHAPTER J. TEXAS PROJECT DELIVERY FRAMEWORK


Sec. 2054.301. APPLICABILITY. This subchapter applies only to a major information resources project.

Added by Acts 2005, 79th Leg., Ch. 1068 (H.B. 1516), Sec. 1.06, eff. September 1, 2005.

Amended by:

Acts 2007, 80th Leg., R.S., Ch. 1081 (H.B. 2918), Sec. 4, eff. September 1, 2007.

Acts 2019, 86th Leg., R.S., Ch. 953 (S.B. 65), Sec. 8, eff. September 1, 2019.

Sec. 2054.302. GUIDELINES; FORMS. (a) A state agency shall prepare each document required by this subchapter in a manner consistent with department guidelines.

(b) The department shall develop and provide guidelines and forms for the documents required by this subchapter.

(c) The department shall work with state agencies in developing the guidelines and forms.

Added by Acts 2005, 79th Leg., Ch. 1068 (H.B. 1516), Sec. 1.06, eff. September 1, 2005.

Amended by:

Acts 2019, 86th Leg., R.S., Ch. 953 (S.B. 65), Sec. 9, eff. September 1, 2019.

Sec. 2054.303. BUSINESS CASE AND STATEWIDE IMPACT ANALYSIS.

(a) For each proposed major information resources project, a state agency must prepare:

(1) a business case providing the initial justification for the project; and

(2) if the state agency has been assigned the rating under Section 2261.258(a)(1):

(A) a statewide impact analysis of the project's effect on the state's common information resources infrastructure; and

(B) a technical architectural assessment of the project, if requested by the quality assurance team.

(b) The agency shall file the documents with the quality assurance team when the agency files its legislative appropriations request.

(c) The department shall use the analysis to ensure that the proposed project does not unnecessarily duplicate existing statewide information resources technology.

(d) After the quality assurance team makes a recommendation relating to a business case under Section 2054.158(b)(2), a state agency shall:

(1) comply with the recommendation; or

(2) submit to the quality assurance team a written explanation regarding why the recommendation is not applicable to the project under review.

Added by Acts 2005, 79th Leg., Ch. 1068 (H.B. 1516), Sec. 1.06, eff. September 1, 2005.

Amended by:

Acts 2007, 80th Leg., R.S., Ch. 1081 (H.B. 2918), Sec. 5, eff. September 1, 2007.

Acts 2007, 80th Leg., R.S., Ch. 1208 (H.B. 1789), Sec. 13, eff. September 1, 2007.

Acts 2017, 85th Leg., R.S., Ch. 556 (S.B. 533), Sec. 4, eff. September 1, 2017.

Acts 2019, 86th Leg., R.S., Ch. 953 (S.B. 65), Sec. 10, eff. September 1, 2019.

Sec. 2054.304. PROJECT PLANS. (a) A state agency shall develop a project plan for each major information resources project.

(b) The state agency must file the project plan with the quality assurance team before the agency spends more than 10 percent of allocated funds for the project.

(c) Repealed by Acts 2019, 86th Leg., R.S., Ch. 953 (S.B. 65), Sec. 30(5), eff. September 1, 2019.

(d) In each project plan for a major information resources project, the state agency shall consider incorporating into the project the applicable best practices recommended in the quality assurance team's annual report.

(e) A state agency contract for a major information resources project must comply with the requirements in the comptroller's contract management guide developed under Section 2262.051.

Added by Acts 2005, 79th Leg., Ch. 1068 (H.B. 1516), Sec. 1.06, eff. September 1, 2005.

Amended by:

Acts 2007, 80th Leg., R.S., Ch. 937 (H.B. 3560), Sec. 2.05, eff. September 1, 2007.

Acts 2007, 80th Leg., R.S., Ch. 1081 (H.B. 2918), Sec. 6, eff. September 1, 2007.

Acts 2009, 81st Leg., R.S., Ch. 87 (S.B. 1969), Sec. 11.021, eff. September 1, 2009.

Acts 2017, 85th Leg., R.S., Ch. 556 (S.B. 533), Sec. 5, eff. September 1, 2017.

Acts 2019, 86th Leg., R.S., Ch. 573 (S.B. 241), Sec. 1.15, eff. September 1, 2019.

Acts 2019, 86th Leg., R.S., Ch. 953 (S.B. 65), Sec. 11, eff. September 1, 2019.

Acts 2019, 86th Leg., R.S., Ch. 953 (S.B. 65), Sec. 30(5), eff. September 1, 2019.

Sec. 2054.305. PROCUREMENT PLAN AND METHOD FOR MONITORING CONTRACTS. Before issuing a solicitation for a contract subject to review under Section 2054.158(b)(4), the state agency must develop, consistent with any acquisition plan provided in the guide developed under Section 2262.051:

(1) a procurement plan with anticipated service levels and performance standards for each contractor; and

(2) a method to monitor changes to the scope of each contract.

Added by Acts 2005, 79th Leg., Ch. 1068 (H.B. 1516), Sec. 1.06, eff. September 1, 2005.

Amended by:

Acts 2007, 80th Leg., R.S., Ch. 1081 (H.B. 2918), Sec. 7, eff. September 1, 2007.

Acts 2019, 86th Leg., R.S., Ch. 953 (S.B. 65), Sec. 12, eff. September 1, 2019.

Sec. 2054.306. POST-IMPLEMENTATION REVIEW. After implementation of a major information resources project, a state agency shall prepare a post-implementation review. The agency shall provide the review to the agency's executive director and the quality assurance team.

Added by Acts 2005, 79th Leg., Ch. 1068 (H.B. 1516), Sec. 1.06, eff. September 1, 2005.

Amended by:

Acts 2007, 80th Leg., R.S., Ch. 1208 (H.B. 1789), Sec. 14, eff. September 1, 2007.

Sec. 2054.307. APPROVAL OF DOCUMENTS AND CONTRACT CHANGES. (a) A state agency's executive director, or the executive director's designee, must approve:

(1) each document required by this subchapter; and

(2) if the department requires the approval, any other document related to this subchapter.

(b) The state agency's executive director must approve a proposed contract amendment or change order for a major information resources project if the amendment or change order:

(1) changes the monetary value of the contract by more than 10 percent; or

(2) significantly changes the completion date of the contract.

Added by Acts 2005, 79th Leg., Ch. 1068 (H.B. 1516), Sec. 1.06, eff. September 1, 2005.

Amended by:

Acts 2019, 86th Leg., R.S., Ch. 953 (S.B. 65), Sec. 13, eff. September 1, 2019.

SUBCHAPTER K. ELECTRONIC SYSTEM FOR OCCUPATIONAL LICENSING TRANSACTIONS


Sec. 2054.351. DEFINITIONS. In this subchapter, "licensing entity" and "occupational license" have the meanings assigned those terms by Section 2054.251.

Added by Acts 2001, 77th Leg., ch. 353, Sec. 1, eff. Sept. 1, 2001. Amended by Acts 2003, 78th Leg., ch. 1216, Sec. 6, eff. June 20, 2003. Renumbered from Government Code Sec. 2054.251 by Acts 2003, 78th Leg., ch. 1275, Sec. 2(83), eff. Sept. 1, 2003.

Amended by:

Acts 2005, 79th Leg., Ch. 1260 (H.B. 2048), Sec. 18, eff. June 18, 2005.

Sec. 2054.352. APPLICABILITY.

(a) The following licensing entities shall participate in the system established under Section 2054.353:

(1) Texas Board of Chiropractic Examiners;

(2) Judicial Branch Certification Commission;

(3) State Board of Dental Examiners;

(4) Texas Funeral Service Commission;

(5) Texas Medical Board;

(6) Texas Board of Nursing;

(7) Texas Optometry Board;

(8) Department of Agriculture, for licenses issued under Chapter 1951, Occupations Code;

(9) Texas State Board of Pharmacy;

(10) Executive Council of Physical Therapy and Occupational Therapy Examiners;

(11) Texas State Board of Plumbing Examiners;

(12) Texas Behavioral Health Executive Council;

(13) State Board of Veterinary Medical Examiners;

(14) Texas Real Estate Commission;

(15) Texas Appraiser Licensing and Certification Board;

(16) Texas Department of Licensing and Regulation;

(17) Texas State Board of Public Accountancy;

(18) State Board for Educator Certification;

(19) Texas Board of Professional Engineers and Land Surveyors;

(20) Health and Human Services Commission;

(21) Texas Board of Architectural Examiners;

(22) Texas Racing Commission;

(23) Texas Commission on Law Enforcement; and

(24) Texas Private Security Board.

(b) The department may add additional agencies as system capabilities are developed.

(c) A licensing entity other than an entity listed by Subsection (a) may participate in the system established under Section 2054.353, subject to the approval of the department.

Added by Acts 2001, 77th Leg., ch. 353, Sec. 1, eff. Sept. 1, 2001. Amended by Acts 2003, 78th Leg., ch. 553, Sec. 2.007, eff. Feb. 1, 2004; Acts 2003, 78th Leg., ch. 1216, Sec. 7, eff. June 20, 2003. Renumbered from Government Code Sec. 2054.252 and amended by Acts 2003, 78th Leg., ch. 1275, Sec. 2(83), 3(28), eff. Sept. 1, 2003.

Amended by:

Acts 2005, 79th Leg., Ch. 728 (H.B. 2018), Secs. 8.017, 8.018, eff. September 1, 2005.

Acts 2005, 79th Leg., Ch. 798 (S.B. 411), Sec. 4.03, eff. September 1, 2005.

Acts 2005, 79th Leg., Ch. 1260 (H.B. 2048), Sec. 19, eff. June 18, 2005.

Acts 2007, 80th Leg., R.S., Ch. 889 (H.B. 2426), Sec. 59, eff. September 1, 2007.

Acts 2007, 80th Leg., R.S., Ch. 890 (H.B. 2458), Sec. 2.03, eff. September 1, 2007.

Acts 2009, 81st Leg., R.S., Ch. 213 (S.B. 1005), Sec. 27, eff. May 27, 2009.

Acts 2009, 81st Leg., R.S., Ch. 450 (H.B. 2447), Sec. 39, eff. September 1, 2009.

Acts 2011, 82nd Leg., R.S., Ch. 91 (S.B. 1303), Sec. 11.017, eff. September 1, 2011.

Acts 2013, 83rd Leg., R.S., Ch. 42 (S.B. 966), Sec. 2.26, eff. September 1, 2014.

Acts 2013, 83rd Leg., R.S., Ch. 93 (S.B. 686), Sec. 2.36, eff. May 18, 2013.

Acts 2019, 86th Leg., R.S., Ch. 467 (H.B. 4170), Sec. 19.006, eff. September 1, 2019.

Acts 2019, 86th Leg., R.S., Ch. 768 (H.B. 1501), Sec. 3.004, eff. September 1, 2019.

Acts 2019, 86th Leg., R.S., Ch. 1232 (H.B. 1523), Sec. 2.06, eff. September 1, 2019.

Acts 2021, 87th Leg., R.S., Ch. 915 (H.B. 3607), Sec. 9.014, eff. September 1, 2021.

Sec. 2054.353. ELECTRONIC SYSTEM FOR OCCUPATIONAL LICENSING TRANSACTIONS. (a) The department shall administer a common electronic system using the Internet through which a licensing entity can electronically:

(1) send occupational licenses and other documents to persons regulated by the licensing entity and to the public;

(2) receive applications for occupational licenses and other documents for filing from persons regulated by the licensing entity and from the public, including documents that can be electronically signed if necessary; and

(3) receive required payments from persons regulated by the licensing entity and from the public.

(b) The department may implement this section in phases. Each licensing entity that participates in the system established under this section shall comply with the schedule established by the department.

(c) The department may use any Internet portal established under a demonstration project administered by the department.

(d) The department may exempt a licensing entity from participating in the system established by this section if the department determines that:

(1) the licensing entity has established an Internet portal that allows the performance of the functions described by Subsection (a); or

(2) online license renewal for the licensing entity would not be cost-effective or in the best interest of the project.

Added by Acts 2001, 77th Leg., ch. 353, Sec. 1, eff. Sept. 1, 2001. Amended by Acts 2003, 78th Leg., ch. 1216, Sec. 9, eff. June 20, 2003. Renumbered from Government Code Sec. 2054.253 by Acts 2003, 78th Leg., ch. 1275, Sec. 2(83), eff. Sept. 1, 2003.

Amended by:

Acts 2005, 79th Leg., Ch. 1260 (H.B. 2048), Sec. 20, eff. June 18, 2005.

Sec. 2054.354. STEERING COMMITTEE. (a) The steering committee for electronic occupational licensing transactions consists of a representative of each of the following, appointed by its governing body:

(1) each licensing entity listed by Section 2054.352(a); and

(2) the department.

(b) The governing body of a licensing entity described by Section 2054.352(c) may appoint a representative to the committee.

(c) A member of the committee serves at the will of the entity that appointed the member.

(d) The representative of the department is the presiding officer of the committee. The committee shall meet as prescribed by committee procedures or at the call of the presiding officer.

(e) The committee shall advise the department regarding the department's implementation of Section 2054.353.

(f) Chapter 2110 does not apply to the size, composition, or duration of the committee. Any reimbursement of the expenses of a member of the committee may be paid only from funds available to the governmental entity the member represents.

Added by Acts 2001, 77th Leg., ch. 353, Sec. 1, eff. Sept. 1, 2001. Amended by Acts 2003, 78th Leg., ch. 1216, Sec. 10, eff. June 20, 2003. Renumbered from Government Code Sec. 2054.254 and amended by Acts 2003, 78th Leg., ch. 1275, Sec. 2(83), 3(29), eff. Sept. 1, 2003.

Amended by:

Acts 2005, 79th Leg., Ch. 728 (H.B. 2018), Sec. 8.019, eff. September 1, 2005.

Sec. 2054.355. CHANGE OF ADDRESS AND OTHER INFORMATION. (a) The system adopted under Section 2054.253, as added by Chapter 353, Acts of the 77th Legislature, Regular Session, 2001, must allow a person regulated by one or more licensing authorities to file a single change of address on-line with the department. The department shall provide the new address to each appropriate licensing authority.

(b) The department may expand the system to include additional categories of updated information that license holders may need to provide to more than one licensing authority.

(c) If the department uses the state electronic Internet portal to implement the system, the department may recover costs incurred under this section as provided by Section 2054.252.

Added by Acts 2003, 78th Leg., ch. 514, Sec. 1, eff. Sept. 1, 2003; Acts 2003, 78th Leg., ch. 816, Sec. 25.001, eff. Sept. 1, 2003. Renumbered from Government Code Sec. 2054.255 by Acts 2005, 79th Leg., Ch. 728 (H.B. 2018), Sec. 23.001(38), eff. Sept. 1, 2005.

Amended by:

Acts 2011, 82nd Leg., R.S., Ch. 973 (H.B. 1504), Sec. 24, eff. June 17, 2011.

Sec. 2054.356. SHARING OF INFORMATION. (a) Each licensing authority shall electronically share information regarding license holders, especially information regarding disciplinary information, with other licensing authorities to the extent it is feasible to do so and allowed by other law, under appropriate controls for the privacy, security, accuracy, and, when applicable, confidentiality of the information.

(b) A licensing authority may only use information it receives electronically under this section for regulatory purposes.

Added by Acts 2003, 78th Leg., ch. 514, Sec. 1, eff. Sept. 1, 2003; Acts 2003, 78th Leg., ch. 816, Sec. 25.001, eff. Sept. 1, 2003. Renumbered from Government Code Sec. 2054.255 by Acts 2005, 79th Leg., Ch. 728 (H.B. 2018), Sec. 23.001(39), eff. Sept. 1, 2005.

SUBCHAPTER L. STATEWIDE TECHNOLOGY CENTERS


Sec. 2054.375. DEFINITIONS. In this subchapter:

(1) "Eligible entity" means an entity listed in Section 2054.0525.

(2) "Statewide technology center" means a statewide technology center established or operated under this subchapter.

Added by Acts 2005, 79th Leg., Ch. 1068 (H.B. 1516), Sec. 1.07, eff. September 1, 2005.

Amended by:

Acts 2013, 83rd Leg., R.S., Ch. 102 (S.B. 866), Sec. 1, eff. May 18, 2013.

Acts 2023, 88th Leg., R.S., Ch. 242 (H.B. 4553), Sec. 2, eff. September 1, 2023.

Sec. 2054.376. APPLICABILITY.

(a) This subchapter applies to all information resources technologies, other than telecommunications services governed by Chapter 2170, that are:

(1) obtained by a state agency using state money; or

(2) used by a participating eligible entity.

(a-1) Notwithstanding Subsection (a), this subchapter applies to electronic messaging service and outsourced managed services that are:

(1) obtained by a state agency using state money; or

(2) used by a participating eligible entity.

(b) This subchapter does not apply to:

(1) the uniform statewide accounting system, as that term is used in Subchapter C, Chapter 2101;

(2) the state treasury cash and treasury management system;

(3) a database or network managed by the comptroller to:

(A) collect and process multiple types of taxes imposed by the state; or

(B) manage or administer fiscal, financial, revenue, and expenditure activities of the state under Chapter 403 and Chapter 404; or

(4) a database or network managed by the Department of Agriculture.

Added by Acts 2005, 79th Leg., Ch. 1068 (H.B. 1516), Sec. 1.07, eff. September 1, 2005.

Amended by:

Acts 2011, 82nd Leg., 1st C.S., Ch. 4 (S.B. 1), Sec. 23.04, eff. September 28, 2011.

Acts 2013, 83rd Leg., R.S., Ch. 102 (S.B. 866), Sec. 2, eff. May 18, 2013.

Acts 2019, 86th Leg., R.S., Ch. 814 (H.B. 2364), Sec. 1, eff. September 1, 2019.

Acts 2023, 88th Leg., R.S., Ch. 242 (H.B. 4553), Sec. 3, eff. September 1, 2023.

Sec. 2054.377. INSTITUTIONS OF HIGHER EDUCATION. The department may not establish or expand a statewide technology center that includes participation by an institution of higher education unless the Information Technology Council for Higher Education agrees to the establishment or expansion.

Added by Acts 2005, 79th Leg., Ch. 1068 (H.B. 1516), Sec. 1.07, eff. September 1, 2005.

Sec. 2054.3771. ELIGIBLE ENTITIES. The department may establish or expand a statewide technology center to include participation by an eligible entity. The executive director and the department have all the powers necessary or appropriate, consistent with this chapter, to accomplish that purpose.

Added by Acts 2013, 83rd Leg., R.S., Ch. 102 (S.B. 866), Sec. 3, eff. May 18, 2013.

Amended by:

Acts 2023, 88th Leg., R.S., Ch. 242 (H.B. 4553), Sec. 4, eff. September 1, 2023.

Sec. 2054.378. SCOPE OF OPERATION OF CENTERS. (a) The department may operate statewide technology centers to provide participating eligible entities, on a cost-sharing basis, services relating to:

(1) information resources and information resources technology; and

(2) the deployment, development, and maintenance of software applications.

(b) The department may operate a statewide technology center directly or contract with another person to operate the center.

Added by Acts 2005, 79th Leg., Ch. 1068 (H.B. 1516), Sec. 1.07, eff. September 1, 2005.

Amended by:

Acts 2013, 83rd Leg., R.S., Ch. 102 (S.B. 866), Sec. 4, eff. May 18, 2013.

Acts 2023, 88th Leg., R.S., Ch. 242 (H.B. 4553), Sec. 5, eff. September 1, 2023.

Sec. 2054.379. RULES. The department shall adopt rules and guidelines to implement this subchapter.

Added by Acts 2005, 79th Leg., Ch. 1068 (H.B. 1516), Sec. 1.07, eff. September 1, 2005.

Sec. 2054.380. FEES. (a) The department shall set and charge a fee to each participating eligible entity that receives a service from a statewide technology center in an amount sufficient to cover the direct and indirect cost of providing the service.

(b) Revenue derived from the collection of fees imposed under Subsection (a) may be appropriated to the department for:

(1) developing statewide information resources technology policies and planning under this chapter and Chapter 2059; and

(2) providing shared information resources technology services under this chapter.

Added by Acts 2005, 79th Leg., Ch. 1068 (H.B. 1516), Sec. 1.07, eff. September 1, 2005.

Amended by:

Acts 2011, 82nd Leg., 1st C.S., Ch. 4 (S.B. 1), Sec. 23.05, eff. September 28, 2011.

Acts 2013, 83rd Leg., R.S., Ch. 102 (S.B. 866), Sec. 5, eff. May 18, 2013.

Acts 2023, 88th Leg., R.S., Ch. 242 (H.B. 4553), Sec. 6, eff. September 1, 2023.

Sec. 2054.381. CONTRACTING; HISTORICALLY UNDERUTILIZED BUSINESSES. (a) In any procurement related to the establishment of a statewide technology center, the department shall maximize vendor competition and, to the extent feasible and cost-effective, interoperability.

(b) In contracting under this subchapter, the department shall follow the requirements of Chapter 2161 and related rules regarding historically underutilized businesses.

(c) The department shall provide to all qualified businesses the opportunity to compete for department contracts under this subchapter.

Added by Acts 2005, 79th Leg., Ch. 1068 (H.B. 1516), Sec. 1.07, eff. September 1, 2005.

Sec. 2054.382. STATEWIDE TECHNOLOGY CENTERS FOR DATA OR DISASTER RECOVERY SERVICES; USE REQUIRED. (a) The department shall manage the operations of statewide technology centers that provide data center services or disaster recovery services for two or more participating eligible entities, including management of the operations of the center on the campus of Angelo State University.

(b) The department by rule shall describe the data services provided by statewide technology centers.

(c) A state agency may not spend appropriated money to contract or issue purchase orders for data center services or disaster recovery services, including maintenance of those services, unless the executive director approves the expense. The department may establish appropriate thresholds and procedures for securing approval under this subsection.

(d) The Legislative Budget Board may not grant prior approval under Section 2054.386 in relation to services provided under this section.

Added by Acts 2005, 79th Leg., Ch. 1068 (H.B. 1516), Sec. 1.07, eff. September 1, 2005.

Amended by:

Acts 2023, 88th Leg., R.S., Ch. 242 (H.B. 4553), Sec. 7, eff. September 1, 2023.

Sec. 2054.383. ESTABLISHMENT OF ADDITIONAL STATEWIDE TECHNOLOGY CENTERS. (a) The department may establish additional statewide technology centers as provided by this section.

(b) The department may not establish a center under this section unless:

(1) the governor approves the establishment;

(2) the Legislative Budget Board approves the expenditures necessary for the establishment; and

(3) the executive director determines in writing that consolidating operations or services of selected state agencies will promote efficiency and effectiveness and provide the best value for the state.

(c) In the written determination under Subsection (b)(3), the executive director shall identify the selected state agencies that will be required to participate in the new center.

Added by Acts 2005, 79th Leg., Ch. 1068 (H.B. 1516), Sec. 1.07, eff. September 1, 2005.

Sec. 2054.384. COST AND REQUIREMENTS ANALYSIS. (a) The department shall conduct a cost and requirements analysis for each state agency that the department intends to select for participation in a statewide technology center.

(b) A selected state agency shall identify its particular requirements, operations costs, and requested service levels for the department. The department may require a state agency to validate or resubmit data related to these factors. The department shall fulfill the requirements and service levels of each state agency to the extent possible.

Added by Acts 2005, 79th Leg., Ch. 1068 (H.B. 1516), Sec. 1.07, eff. September 1, 2005.

Sec. 2054.385. NOTICE OF SELECTION. After completion of the cost and requirements analysis for each state agency under Section 2054.384, the department shall provide notice to each state agency selected to receive services or operations through the statewide technology center. The notice must include:

(1) the state agency operations selected for consolidation at a statewide technology center;

(2) the scope of services to be provided to the agency;

(3) a schedule of anticipated costs for the agency; and

(4) the implementation schedule for that agency.

Added by Acts 2005, 79th Leg., Ch. 1068 (H.B. 1516), Sec. 1.07, eff. September 1, 2005.

Sec. 2054.3851. ELIGIBLE ENTITY PARTICIPATION AND SELECTION. (a) An eligible entity listed in Section 2054.0525, other than a state agency, may submit a request to the department to receive services or operations through a statewide technology center. The eligible entity shall identify its particular requirements, operations costs, and requested service levels.

(b) On receipt of the request, the department shall conduct a cost and requirements analysis for the eligible entity.

(c) If the department selects the eligible entity for participation in a statewide technology center, the department shall provide notice to the eligible entity that includes:

(1) the scope of the services to be provided to the eligible entity;

(2) a schedule of anticipated costs for the eligible entity; and

(3) the implementation schedule for the eligible entity.

(d) If selected to participate in a statewide technology center, an eligible entity may contract with the department to receive the identified services and have the identified operations performed through the statewide technology center.

(e) Two or more local governments that are parties to an interlocal agreement, acting through the entity designated by the parties to supervise performance of the interlocal agreement under Section 791.013, may apply to the department and participate in a statewide technology center.

Added by Acts 2013, 83rd Leg., R.S., Ch. 102 (S.B. 866), Sec. 6, eff. May 18, 2013.

Amended by:

Acts 2023, 88th Leg., R.S., Ch. 242 (H.B. 4553), Sec. 8, eff. September 1, 2023.

Acts 2023, 88th Leg., R.S., Ch. 242 (H.B. 4553), Sec. 9, eff. September 1, 2023.

Sec. 2054.386. INTERAGENCY CONTRACT; PRIOR APPROVAL OF EXPENDITURES. (a) A state agency that is selected under Section 2054.385 to receive services or to have operations performed through a statewide technology center may not, except as provided by Subsection (b), spend appropriated money for the identified operations and services without the prior approval of the Legislative Budget Board.

(b) Unless the Legislative Budget Board grants prior approval for the selected state agency to spend appropriated money for the identified operations or services in another specified manner, the selected agency shall enter into an interagency contract with the department to receive the identified services and have the identified operations performed through the statewide technology center. Amounts charged to the selected agency under the interagency contract must be based on the fees set by the department under Section 2054.380 but may not exceed the amounts expected to be necessary to cover the direct and indirect costs of performing operations and providing services under the contract. Before executing an interagency contract or alternatively receiving prior approval from the Legislative Budget Board under this section, the state agency may only spend appropriated money for the selected service or operation if the executive director approves the expense.

(c) Not later than the 30th business day after the date the selected state agency is notified of its selection under Section 2054.385, the agency may request the Legislative Budget Board to grant its prior approval for the agency to spend appropriated money for the identified operations or services in a manner other than through an interagency contract with the department under Subsection (b).

(d) The request to the Legislative Budget Board must:

(1) be in writing;

(2) include a copy of the selection notice made by the executive director; and

(3) demonstrate that the decision of the executive director to select the agency will probably:

(A) fail to achieve meaningful cost savings for the state; or

(B) result in an unacceptable loss of effectiveness or operational efficiency.

(e) If the Legislative Budget Board determines that an interagency contract between the department and the selected state agency under Subsection (b) will fail to achieve meaningful cost savings for the state or result in an unacceptable loss of effectiveness or operational efficiency at the selected agency, the Legislative Budget Board may grant its prior approval for the selected agency to spend appropriated money for the identified operations or services in another specified manner, in which event the selected agency is not required to enter into an interagency contract under Subsection (b).

(f) The Legislative Budget Board shall notify the state agency, the executive director, and the comptroller of its decision.

Added by Acts 2005, 79th Leg., Ch. 1068 (H.B. 1516), Sec. 1.07, eff. September 1, 2005.

Sec. 2054.387. INTERAGENCY CONTRACT; COMPLIANCE WITH SERVICE LEVELS. The department shall ensure compliance with service levels agreed to in an interagency contract or intergovernmental contract, as appropriate, executed under this subchapter.

Added by Acts 2005, 79th Leg., Ch. 1068 (H.B. 1516), Sec. 1.07, eff. September 1, 2005.

Amended by:

Acts 2013, 83rd Leg., R.S., Ch. 102 (S.B. 866), Sec. 7, eff. May 18, 2013.

Sec. 2054.388. TRANSFER OF OWNERSHIP. (a) The department, subject to the governor's approval, may require a state agency that enters into an interagency contract under Section 2054.386 to transfer to the department ownership, custody, or control of resources that the department, in consultation with the agency, determines are used to support the operations or services selected under Section 2054.385. These resources may include:

(1) information resources;

(2) information resources technologies;

(3) full-time equivalent positions; and

(4) any other resources determined necessary by the department to support the selected operations or services.

(b) The department shall advise the governor, lieutenant governor, speaker of the house of representatives, Legislative Budget Board, and state auditor's office regarding the expected savings to be received for each state agency from which ownership, custody, or control is transferred under this section.

(c) The department and the state agency shall work to reconcile any federal funding issues that arise out of a transfer under this section. The department, subject to the governor's approval, shall exclude applicable resources from the transfer if the federal funding issues cannot be reconciled.

(d) Chapter 2175 does not apply to information resources or information resources technologies transferred under this section.

Added by Acts 2005, 79th Leg., Ch. 1068 (H.B. 1516), Sec. 1.07, eff. September 1, 2005.

Sec. 2054.389. TRANSITION SCHEDULES. The department shall establish transition schedules for the transfer of state agency operations and services to statewide technology centers under this subchapter.

Added by Acts 2005, 79th Leg., Ch. 1068 (H.B. 1516), Sec. 1.07, eff. September 1, 2005.

Sec. 2054.390. MIGRATION OF SERVICES. (a) The department shall prioritize the migration of services to the statewide technology center system established under this subchapter based on the size of the current technology center operational environment at a state agency, with the largest 25 technology center environments ranking highest in priority.

(b) Expired.

(c) A state agency shall comply with the department's request to migrate under this section.

(d) Any consolidation plan adopted by the department to execute this section must prioritize and fully use the existing capacity of the State Data Center located on the campus of Angelo State University.

Added by Acts 2005, 79th Leg., Ch. 1068 (H.B. 1516), Sec. 1.07, eff. September 1, 2005.

Sec. 2054.391. USE OF STATEWIDE TECHNOLOGY CENTERS REQUIRED. (a) A state agency may not transfer services from a statewide technology center unless the executive director and the governor approve the transfer.

(b) If the department becomes aware that a state agency is not using a statewide technology center for operations or services in accordance with the interagency contract entered into under Section 2054.386 and as directed by the department, the department shall notify the comptroller, the Legislative Budget Board, the state auditor's office, and the affected state agency of the violation.

(c) After notification under Subsection (b), the state agency may not spend appropriated money for operations or services the agency was selected to receive through a statewide technology center without the prior approval of the executive director.

Added by Acts 2005, 79th Leg., Ch. 1068 (H.B. 1516), Sec. 1.07, eff. September 1, 2005.

Sec. 2054.392. STATEWIDE TECHNOLOGY ACCOUNT. The comptroller shall establish in the state treasury the statewide technology account. The account is a revolving fund account for the administration of this subchapter. The account is the depository for all money received from entities served under this subchapter. Money in the account may be used only for the operation and management of a statewide technology center or for any other purpose specified by the legislature.

Added by Acts 2013, 83rd Leg., R.S., Ch. 48 (H.B. 2472), Sec. 12, eff. September 1, 2013.

SUBCHAPTER M. ACCESS TO ELECTRONIC AND INFORMATION


RESOURCES BY INDIVIDUALS WITH DISABILITIES


Sec. 2054.451. DEFINITIONS. In this subchapter:

(1) "Electronic and information resources" means information resources and any equipment or interconnected system of equipment that is used in the creation, conversion, or duplication of information resources. The term includes telephones and other telecommunications products, information kiosks, transaction machines, Internet websites, multimedia resources, and office equipment, including copy machines and fax machines.

(2) "State agency" means a department, commission, board, office, council, authority, or other agency in the executive, legislative, or judicial branch of state government that is created by the constitution or a statute of this state, including a university system or institution of higher education as defined by Section 61.003, Education Code.

Added by Acts 2005, 79th Leg., Ch. 750 (H.B. 2819), Sec. 1, eff. September 1, 2005.

Sec. 2054.452. TRAINING AND TECHNICAL ASSISTANCE. (a) The department shall provide training for and technical assistance to state agencies regarding compliance with this subchapter.

(b) The department shall adopt rules to implement this section.

Added by Acts 2005, 79th Leg., Ch. 750 (H.B. 2819), Sec. 1, eff. September 1, 2005.

Sec. 2054.453. RULES; COMPLIANCE WITH FEDERAL STANDARDS AND LAWS. (a) The department shall adopt rules and evaluation criteria to implement this subchapter, including rules regarding:

(1) the development, procurement, maintenance, and use of electronic and information resources by state agencies to provide access to individuals with disabilities; and

(2) a procurement accessibility policy.

(b) In adopting rules under this section, the department shall consider the provisions contained in 36 C.F.R. Part 1194.

(c) This subchapter does not require the state to comply with the Americans with Disabilities Act of 1990 (42 U.S.C. Section 12101 et seq.) to the extent it is not required by federal law.

Added by Acts 2005, 79th Leg., Ch. 750 (H.B. 2819), Sec. 1, eff. September 1, 2005.

Sec. 2054.454. STATE AGENCY COMPLIANCE. (a) If required by the department, each state agency shall develop, procure, maintain, and use accessible electronic and information resources that conform to the rules adopted under this subchapter.

(b) The department shall ensure that rules adopted under this subchapter are reviewed as a component of any report developed under Section 2054.102(c) on compliance with department standards.

Added by Acts 2005, 79th Leg., Ch. 750 (H.B. 2819), Sec. 1, eff. September 1, 2005.

Sec. 2054.455. PUBLIC INFORMATION. The department shall develop a process by which the public may provide information regarding compliance with this subchapter.

Added by Acts 2005, 79th Leg., Ch. 750 (H.B. 2819), Sec. 1, eff. September 1, 2005.

Sec. 2054.456. ACCESS TO ELECTRONIC AND INFORMATION RESOURCES BY STATE EMPLOYEES WITH DISABILITIES. (a) Each state agency shall, in developing, procuring, maintaining, or using electronic and information resources, ensure that state employees with disabilities have access to and the use of those resources comparable to the access and use available to state employees without disabilities, unless compliance with this section imposes a significant difficulty or expense on the agency under Section 2054.460. Subject to Section 2054.460, the agency shall take reasonable steps to ensure that a disabled employee has reasonable access to perform the employee's duties.

(b) This section does not require a state agency to install specific accessibility-related software or attach an assistive technology device at a workstation of a state employee.

Added by Acts 2005, 79th Leg., Ch. 750 (H.B. 2819), Sec. 1, eff. September 1, 2005.

Sec. 2054.457. ACCESS TO ELECTRONIC AND INFORMATION RESOURCES BY OTHER INDIVIDUALS WITH DISABILITIES. (a) Each state agency shall provide members of the public with disabilities who are seeking information or other services from the agency access to and the use of electronic and information resources comparable to the access and use provided to members of the public without disabilities, unless compliance with this section imposes a significant difficulty or expense on the agency under Section 2054.460.

(b) This section does not require a state agency to:

(1) make a product owned by the agency available for access and use by individuals with disabilities at a location other than the location where the electronic and information resources are provided to the public; or

(2) purchase a product for access and use by individuals with disabilities at a location other than the location where the electronic and information resources are provided to the public.

Added by Acts 2005, 79th Leg., Ch. 750 (H.B. 2819), Sec. 1, eff. September 1, 2005.

Sec. 2054.458. INTERNET WEBSITES. The department shall adopt rules regarding the development and monitoring of state agency Internet websites to provide access to individuals with disabilities.

Added by Acts 2005, 79th Leg., Ch. 750 (H.B. 2819), Sec. 1, eff. September 1, 2005.

Sec. 2054.459. EMERGING TECHNOLOGIES; PRODUCTS. The department shall adopt rules regarding:

(1) emerging technologies related to the purpose of this subchapter; and

(2) the commercial availability of products, including computer software, to implement this subchapter.

Added by Acts 2005, 79th Leg., Ch. 750 (H.B. 2819), Sec. 1, eff. September 1, 2005.

Sec. 2054.460. EXCEPTION FOR SIGNIFICANT DIFFICULTY OR EXPENSE; ALTERNATE METHODS. (a) If compliance with a provision of this subchapter imposes a significant difficulty or expense on a state agency, the agency is not required to comply with that provision, but the agency may provide individuals with disabilities an alternate method of access under Subsection (b).

(b) If under Subsection (a) a state agency is not complying with a provision of this subchapter, the agency may use alternate methods to provide timely access by individuals with disabilities to state agency electronic and information resources, including access to product documentation. Alternate methods include voice, fax, teletypewriter, Internet posting, captioning, text-to-speech synthesis, and audio description.

(c) In determining whether compliance imposes a significant difficulty or expense on the state agency, the agency shall consider all agency resources available to the program or program component for which the product is being developed, procured, maintained, or used.

(d) The department shall adopt rules to implement this section.

(e) The executive director of the state agency shall make the final decision on whether this section applies. The decision may not be appealed.

Added by Acts 2005, 79th Leg., Ch. 750 (H.B. 2819), Sec. 1, eff. September 1, 2005.

Sec. 2054.461. EXEMPTIONS. The department shall adopt rules regarding exempting a state agency from the duty to comply with this subchapter or a provision of this subchapter. In adopting rules under this section, the department shall focus on circumstances in which the benefit of compliance for individuals with disabilities is relatively minor and the cost of compliance is relatively great.

Added by Acts 2005, 79th Leg., Ch. 750 (H.B. 2819), Sec. 1, eff. September 1, 2005.

Sec. 2054.462. EXCEPTION FOR EMBEDDED INFORMATION RESOURCES. This subchapter does not apply to electronic and information resources equipment that contains embedded information resources that are used as an integral part of the product, but the principal function of which is not the acquisition, storage, manipulation, management, movement, control, display, switching, interchange, transmission, or reception of information, including thermostats or temperature control devices or other heating, ventilation, and air conditioning equipment.

Added by Acts 2005, 79th Leg., Ch. 750 (H.B. 2819), Sec. 1, eff. September 1, 2005.

Sec. 2054.463. EXCEPTION FOR MEDICAL EQUIPMENT. This subchapter does not apply to an item of medical equipment in which electronic and information resources are integral to its operation.

Added by Acts 2005, 79th Leg., Ch. 750 (H.B. 2819), Sec. 1, eff. September 1, 2005.

Sec. 2054.464. SURVEY; REPORTING REQUIREMENTS. The department shall adopt guidelines regarding:

(1) an electronic and information resources state agency survey; and

(2) state agency reporting requirements for implementation of this subchapter.

Added by Acts 2005, 79th Leg., Ch. 750 (H.B. 2819), Sec. 1, eff. September 1, 2005.

Amended by:

Acts 2007, 80th Leg., R.S., Ch. 691 (H.B. 1788), Sec. 12, eff. September 1, 2007.

Sec. 2054.465. NO CAUSE OF ACTION CREATED. This subchapter does not create a cause of action.

Added by Acts 2005, 79th Leg., Ch. 750 (H.B. 2819), Sec. 1, eff. September 1, 2005.

SUBCHAPTER N-1. CYBERSECURITY


Sec. 2054.510. CHIEF INFORMATION SECURITY OFFICER. (a) In this section, "state information security program" means the policies, standards, procedures, elements, structure, strategies, objectives, plans, metrics, reports, services, and resources that establish the information resources security function for this state.

(b) The executive director, using existing funds, shall employ a chief information security officer.

(c) The chief information security officer shall oversee cybersecurity matters for this state including:

(1) implementing the duties described by Section 2054.059;

(2) responding to reports received under Section 2054.1125;

(3) developing a statewide information security framework;

(4) overseeing the development of statewide information security policies and standards;

(5) collaborating with state agencies, local governmental entities, and other entities operating or exercising control over state information systems or state-controlled data to strengthen this state's cybersecurity and information security policies, standards, and guidelines;

(6) overseeing the implementation of the policies, standards, and guidelines developed under Subdivisions (3) and (4);

(7) providing information security leadership, strategic direction, and coordination for the state information security program;

(8) providing strategic direction to:

(A) the network security center established under Section 2059.101; and

(B) statewide technology centers operated under Subchapter L; and

(9) overseeing the preparation and submission of the report described by Section 2054.0591.

Added by Acts 2023, 88th Leg., R.S., Ch. 1079 (S.B. 621), Sec. 1, eff. September 1, 2023.

Sec. 2054.511. CYBERSECURITY COORDINATOR. The executive director shall designate an employee of the department as the state cybersecurity coordinator to oversee cybersecurity matters for this state.

Added by Acts 2013, 83rd Leg., R.S., Ch. 32 (S.B. 1102), Sec. 1, eff. May 10, 2013.

Redesignated from Government Code, Section 2054.551 by Acts 2015, 84th Leg., R.S., Ch. 1236 (S.B. 1296), Sec. 21.001(29), eff. September 1, 2015.

Sec. 2054.512. CYBERSECURITY COUNCIL. (a) The state cybersecurity coordinator shall establish and lead a cybersecurity council that includes public and private sector leaders and cybersecurity practitioners to collaborate on matters of cybersecurity concerning this state.

(b) The cybersecurity council must include:

(1) one member who is an employee of the office of the governor;

(2) one member of the senate appointed by the lieutenant governor;

(3) one member of the house of representatives appointed by the speaker of the house of representatives;

(4) one member who is an employee of the Elections Division of the Office of the Secretary of State; and

(5) additional members appointed by the state cybersecurity coordinator, including representatives of institutions of higher education and private sector leaders.

(c) In appointing representatives from institutions of higher education to the cybersecurity council, the state cybersecurity coordinator shall consider appointing members of the Information Technology Council for Higher Education.

(d) The cybersecurity council shall:

(1) consider the costs and benefits of establishing a computer emergency readiness team to address cyber attacks occurring in this state during routine and emergency situations;

(2) establish criteria and priorities for addressing cybersecurity threats to critical state installations;

(3) consolidate and synthesize best practices to assist state agencies in understanding and implementing cybersecurity measures that are most beneficial to this state; and

(4) assess the knowledge, skills, and capabilities of the existing information technology and cybersecurity workforce to mitigate and respond to cyber threats and develop recommendations for addressing immediate workforce deficiencies and ensuring a long-term pool of qualified applicants.

(e) The cybersecurity council shall provide recommendations to the legislature on any legislation necessary to implement cybersecurity best practices and remediation strategies for this state.

Added by Acts 2013, 83rd Leg., R.S., Ch. 32 (S.B. 1102), Sec. 1, eff. May 10, 2013.

Redesignated from Government Code, Section 2054.552 by Acts 2015, 84th Leg., R.S., Ch. 1236 (S.B. 1296), Sec. 21.001(29), eff. September 1, 2015.

Amended by:

Acts 2017, 85th Leg., R.S., Ch. 683 (H.B. 8), Sec. 9, eff. September 1, 2017.

Acts 2021, 87th Leg., R.S., Ch. 376 (S.B. 851), Sec. 1, eff. September 1, 2021.

Sec. 2054.514. RECOMMENDATIONS. The state cybersecurity coordinator may implement any portion or all of the recommendations made by the Cybersecurity, Education, and Economic Development Council under Subchapter N.

Added by Acts 2013, 83rd Leg., R.S., Ch. 32 (S.B. 1102), Sec. 1, eff. May 10, 2013.

Redesignated from Government Code, Section 2054.554 by Acts 2015, 84th Leg., R.S., Ch. 1236 (S.B. 1296), Sec. 21.001(29), eff. September 1, 2015.

Sec. 2054.515. AGENCY INFORMATION SECURITY ASSESSMENT AND REPORT. (a) At least once every two years, each state agency shall conduct an information security assessment of the agency's:

(1) information resources systems, network systems, digital data storage systems, digital data security measures, and information resources vulnerabilities; and

(2) data governance program with participation from the agency's data management officer, if applicable, and in accordance with requirements established by department rule.

Text of subsection as amended by Acts 2021, 87th Leg., R.S., Ch. 567 (S.B. 475), Sec. 7


(b) Not later than November 15 of each even-numbered year, the agency shall report the results of the assessment to:

(1) the department; and

(2) on request, the governor, the lieutenant governor, and the speaker of the house of representatives.

Text of subsection as amended by Acts 2021, 87th Leg., R.S., Ch. 856 (S.B. 800), Sec. 10


(b) Not later than December 1 of the year in which a state agency conducts the assessment under Subsection (a) or the 60th day after the date the agency completes the assessment, whichever occurs first, the agency shall report the results of the assessment to:

(1) the department; and

(2) on request, the governor, the lieutenant governor, and the speaker of the house of representatives.

(c) The department by rule shall establish the requirements for the information security assessment and report required by this section.

(d) The report and all documentation related to the information security assessment and report are confidential and not subject to disclosure under Chapter 552. The state agency or department may redact or withhold the information as confidential under Chapter 552 without requesting a decision from the attorney general under Subchapter G, Chapter 552.

Added by Acts 2017, 85th Leg., R.S., Ch. 683 (H.B. 8), Sec. 11, eff. September 1, 2017.

Amended by:

Acts 2019, 86th Leg., R.S., Ch. 573 (S.B. 241), Sec. 1.16, eff. September 1, 2019.

Acts 2021, 87th Leg., R.S., Ch. 567 (S.B. 475), Sec. 7, eff. June 14, 2021.

Acts 2021, 87th Leg., R.S., Ch. 856 (S.B. 800), Sec. 10, eff. September 1, 2021.

Sec. 2054.516. DATA SECURITY PLAN FOR ONLINE AND MOBILE APPLICATIONS. (a) Each state agency implementing an Internet website or mobile application that processes any sensitive personal or personally identifiable information or confidential information must:

(1) submit a biennial data security plan to the department not later than June 1 of each even-numbered year to establish planned beta testing for the website or application; and

(2) subject the website or application to a vulnerability and penetration test and address any vulnerability identified in the test.

(b) The department shall review each data security plan submitted under Subsection (a) and make any recommendations for changes to the plan to the state agency as soon as practicable after the department reviews the plan.

Added by Acts 2017, 85th Leg., R.S., Ch. 683 (H.B. 8), Sec. 11, eff. September 1, 2017.

Added by Acts 2017, 85th Leg., R.S., Ch. 955 (S.B. 1910), Sec. 5, eff. September 1, 2017.

Reenacted and amended by Acts 2019, 86th Leg., R.S., Ch. 467 (H.B. 4170), Sec. 8.016, eff. September 1, 2019.

Reenacted and amended by Acts 2019, 86th Leg., R.S., Ch. 509 (S.B. 64), Sec. 16, eff. September 1, 2019.

Amended by:

Acts 2021, 87th Leg., R.S., Ch. 856 (S.B. 800), Sec. 11, eff. September 1, 2021.

Sec. 2054.518. CYBERSECURITY RISKS AND INCIDENTS.

(a) The department shall develop a plan to address cybersecurity risks and incidents in this state. The department may enter into an agreement with a national organization, including the National Cybersecurity Preparedness Consortium, to support the department's efforts in implementing the components of the plan for which the department lacks resources to address internally. The agreement may include provisions for:

(1) providing technical assistance services to support preparedness for and response to cybersecurity risks and incidents;

(2) conducting cybersecurity simulation exercises for state agencies to encourage coordination in defending against and responding to cybersecurity risks and incidents;

(3) assisting state agencies in developing cybersecurity information-sharing programs to disseminate information related to cybersecurity risks and incidents; and

(4) incorporating cybersecurity risk and incident prevention and response methods into existing state emergency plans, including continuity of operation plans and incident response plans.

(b) In implementing the provisions of the agreement prescribed by Subsection (a), the department shall seek to prevent unnecessary duplication of existing programs or efforts of the department or another state agency.

(c) Repealed by Acts 2019, 86th Leg., R.S., Ch. 1308 (H.B. 3834), Sec. 4, eff. June 14, 2019.

(d) The department shall consult with institutions of higher education in this state when appropriate based on an institution's expertise in addressing specific cybersecurity risks and incidents.

Added by Acts 2017, 85th Leg., R.S., Ch. 683 (H.B. 8), Sec. 11, eff. September 1, 2017.

Amended by:

Acts 2019, 86th Leg., R.S., Ch. 1308 (H.B. 3834), Sec. 2, eff. June 14, 2019.

Acts 2019, 86th Leg., R.S., Ch. 1308 (H.B. 3834), Sec. 4, eff. June 14, 2019.

Sec. 2054.5181. CYBERSTAR PROGRAM; CERTIFICATE OF APPROVAL. (a) The state cybersecurity coordinator, in collaboration with the cybersecurity council and public and private entities in this state, shall develop best practices for cybersecurity that include:

(1) measureable, flexible, and voluntary cybersecurity risk management programs for public and private entities to adopt to prepare for and respond to cyber incidents that compromise the confidentiality, integrity, and availability of the entities' information systems;

(2) appropriate training and information for employees or other individuals who are most responsible for maintaining security of the entities' information systems;

(3) consistency with the National Institute of Standards and Technology standards for cybersecurity;

(4) public service announcements to encourage cybersecurity awareness; and

(5) coordination with local and state governmental entities.

(b) The state cybersecurity coordinator shall establish a cyberstar certificate program to recognize public and private entities that implement the best practices for cybersecurity developed in accordance with Subsection (a). The program must allow a public or private entity to submit to the department a form certifying that the entity has complied with the best practices and the department to issue a certificate of approval to the entity. The entity may include the certificate of approval in advertisements and other public communications.

Added by Acts 2019, 86th Leg., R.S., Ch. 509 (S.B. 64), Sec. 17, eff. September 1, 2019.

Redesignated from Government Code, Section 2054.519 by Acts 2021, 87th Leg., R.S., Ch. 915 (H.B. 3607), Sec. 21.001(49), eff. September 1, 2021.

Sec. 2054.519. STATE CERTIFIED CYBERSECURITY TRAINING PROGRAMS. (a) The department, in consultation with the cybersecurity council established under Section 2054.512 and industry stakeholders, shall annually:

(1) certify at least five cybersecurity training programs for state and local government employees; and

(2) update standards for maintenance of certification by the cybersecurity training programs under this section.

(b) To be certified under Subsection (a), a cybersecurity training program must:

(1) focus on forming information security habits and procedures that protect information resources; and

(2) teach best practices for detecting, assessing, reporting, and addressing information security threats.

(c) The department may identify and certify under Subsection (a) training programs provided by state agencies and local governments that satisfy the training requirements described by Subsection (b).

(d) The department may contract with an independent third party to certify cybersecurity training programs under this section.

(e) The department shall annually publish on the department's Internet website the list of cybersecurity training programs certified under this section.

(f) Repealed by Acts 2021, 87th Leg., R.S., Ch. 51 (H.B. 1118), Sec. 5, eff. May 18, 2021.

Added by Acts 2019, 86th Leg., R.S., Ch. 1308 (H.B. 3834), Sec. 3, eff. June 14, 2019.

Amended by:

Acts 2021, 87th Leg., R.S., Ch. 51 (H.B. 1118), Sec. 5, eff. May 18, 2021.

Sec. 2054.5191. CYBERSECURITY TRAINING REQUIRED: CERTAIN EMPLOYEES AND OFFICIALS. (a) Each state agency shall identify state employees who use a computer to complete at least 25 percent of the employee's required duties. At least once each year, an employee identified by the state agency and each elected or appointed officer of the agency shall complete a cybersecurity training program certified under Section 2054.519.

(a-1) At least once each year, a local government shall:

(1) identify local government employees and elected and appointed officials who have access to a local government computer system or database and use a computer to perform at least 25 percent of the employee's or official's required duties; and

(2) require the employees and officials identified under Subdivision (1) to complete a cybersecurity training program certified under Section 2054.519.

(a-2) The governing body of a local government or the governing body's designee may deny access to the local government's computer system or database to an individual described by Subsection (a-1)(1) who the governing body or the governing body's designee determines is noncompliant with the requirements of Subsection (a-1)(2).

(b) The governing body of a local government may select the most appropriate cybersecurity training program certified under Section 2054.519 for employees and officials of the local government to complete. The governing body shall:

(1) verify and report on the completion of a cybersecurity training program by employees and officials of the local government to the department; and

(2) require periodic audits to ensure compliance with this section.

(c) A state agency may select the most appropriate cybersecurity training program certified under Section 2054.519 for employees of the state agency. The executive head of each state agency shall verify completion of a cybersecurity training program by employees of the state agency in a manner specified by the department.

(d) The executive head of each state agency shall periodically require an internal review of the agency to ensure compliance with this section.

(e) The department shall develop a form for use by state agencies and local governments in verifying completion of cybersecurity training program requirements under this section. The form must allow the state agency and local government to indicate the percentage of employee completion.

(f) The requirements of Subsections (a) and (a-1) do not apply to employees and officials who have been:

(1) granted military leave;

(2) granted leave under the federal Family and Medical Leave Act of 1993 (29 U.S.C. Section 2601 et seq.);

(3) granted leave related to a sickness or disability covered by workers' compensation benefits, if that employee no longer has access to the state agency's or local government's database and systems;

(4) granted any other type of extended leave or authorization to work from an alternative work site if that employee no longer has access to the state agency's or local government's database and systems; or

(5) denied access to a local government's computer system or database by the governing body of the local government or the governing body's designee under Subsection (a-2) for noncompliance with the requirements of Subsection (a-1)(2).

Added by Acts 2019, 86th Leg., R.S., Ch. 1308 (H.B. 3834), Sec. 3, eff. June 14, 2019.

Amended by:

Acts 2021, 87th Leg., R.S., Ch. 51 (H.B. 1118), Sec. 2, eff. May 18, 2021.

Acts 2021, 87th Leg., R.S., Ch. 51 (H.B. 1118), Sec. 3, eff. May 18, 2021.

Sec. 2054.5192. CYBERSECURITY TRAINING REQUIRED: CERTAIN STATE CONTRACTORS. (a) In this section, "contractor" includes a subcontractor, officer, or employee of the contractor.

(b) A state agency shall require any contractor who has access to a state computer system or database to complete a cybersecurity training program certified under Section 2054.519 as selected by the agency.

(c) The cybersecurity training program must be completed by a contractor during the term of the contract and during any renewal period.

(d) Required completion of a cybersecurity training program must be included in the terms of a contract awarded by a state agency to a contractor.

(e) A contractor required to complete a cybersecurity training program under this section shall verify completion of the program to the contracting state agency. The person who oversees contract management for the agency shall:

(1) not later than August 31 of each year, report the contractor's completion to the department; and

(2) periodically review agency contracts to ensure compliance with this section.

Added by Acts 2019, 86th Leg., R.S., Ch. 1308 (H.B. 3834), Sec. 3, eff. June 14, 2019.

Amended by:

Acts 2021, 87th Leg., R.S., Ch. 856 (S.B. 800), Sec. 12, eff. September 1, 2021.

SUBCHAPTER N-2. TEXAS VOLUNTEER INCIDENT RESPONSE TEAM


Sec. 2054.52001. DEFINITIONS. In this subchapter:

(1) "Incident response team" means the Texas volunteer incident response team established under Section 2054.52002.

(2) "Participating entity" means a state agency, including an institution of higher education, or a local government that receives assistance under this subchapter during a cybersecurity event.

(3) "Volunteer" means an individual who provides rapid response assistance during a cybersecurity event under this subchapter.

Added by Acts 2021, 87th Leg., R.S., Ch. 567 (S.B. 475), Sec. 6, eff. June 14, 2021.

Sec. 2054.52002. ESTABLISHMENT OF TEXAS VOLUNTEER INCIDENT RESPONSE TEAM. (a) The department shall establish the Texas volunteer incident response team to provide rapid response assistance to a participating entity under the department's direction during a cybersecurity event.

(b) The department shall prescribe eligibility criteria for participation as a volunteer member of the incident response team, including a requirement that each volunteer have expertise in addressing cybersecurity events.

Added by Acts 2021, 87th Leg., R.S., Ch. 567 (S.B. 475), Sec. 6, eff. June 14, 2021.

Sec. 2054.52003. CONTRACT WITH VOLUNTEERS. The department shall enter into a contract with each volunteer the department approves to provide rapid response assistance under this subchapter. The contract must require the volunteer to:

(1) acknowledge the confidentiality of information required by Section 2054.52010;

(2) protect all confidential information from disclosure;

(3) avoid conflicts of interest that might arise in a deployment under this subchapter;

(4) comply with department security policies and procedures regarding information resources technologies;

(5) consent to background screening required by the department; and

(6) attest to the volunteer's satisfaction of any eligibility criteria established by the department.

Added by Acts 2021, 87th Leg., R.S., Ch. 567 (S.B. 475), Sec. 6, eff. June 14, 2021.

Sec. 2054.52004. VOLUNTEER QUALIFICATION. (a) The department shall require criminal history record information for each individual who accepts an invitation to become a volunteer.

(b) The department may request other information relevant to the individual's qualification and fitness to serve as a volunteer.

(c) The department has sole discretion to determine whether an individual is qualified to serve as a volunteer.

Added by Acts 2021, 87th Leg., R.S., Ch. 567 (S.B. 475), Sec. 6, eff. June 14, 2021.

Sec. 2054.52005. DEPLOYMENT. (a) In response to a cybersecurity event that affects multiple participating entities or a declaration by the governor of a state of disaster caused by a cybersecurity event, the department on request of a participating entity may deploy volunteers and provide rapid response assistance under the department's direction and the managed security services framework established under Section 2054.0594(d) to assist with the event.

(b) A volunteer may only accept a deployment under this subchapter in writing. A volunteer may decline to accept a deployment for any reason.

Added by Acts 2021, 87th Leg., R.S., Ch. 567 (S.B. 475), Sec. 6, eff. June 14, 2021.

Sec. 2054.52006. CYBERSECURITY COUNCIL DUTIES. The cybersecurity council established under Section 2054.512 shall review and make recommendations to the department regarding the policies and procedures used by the department to implement this subchapter. The department may consult with the council to implement and administer this subchapter.

Added by Acts 2021, 87th Leg., R.S., Ch. 567 (S.B. 475), Sec. 6, eff. June 14, 2021.

Sec. 2054.52007. DEPARTMENT POWERS AND DUTIES. (a) The department shall:

(1) approve the incident response tools the incident response team may use in responding to a cybersecurity event;

(2) establish the eligibility criteria an individual must meet to become a volunteer;

(3) develop and publish guidelines for operation of the incident response team, including the:

(A) standards and procedures the department uses to determine whether an individual is eligible to serve as a volunteer;

(B) process for an individual to apply for and accept incident response team membership;

(C) requirements for a participating entity to receive assistance from the incident response team; and

(D) process for a participating entity to request and obtain the assistance of the incident response team; and

(4) adopt rules necessary to implement this subchapter.

(b) The department may require a participating entity to enter into a contract as a condition for obtaining assistance from the incident response team. The contract must comply with the requirements of Chapters 771 and 791.

(c) The department may provide appropriate training to prospective and approved volunteers.

(d) In accordance with state law, the department may provide compensation for actual and necessary travel and living expenses incurred by a volunteer on a deployment using money available for that purpose.

(e) The department may establish a fee schedule for participating entities receiving incident response team assistance. The amount of fees collected may not exceed the department's costs to operate the incident response team.

Added by Acts 2021, 87th Leg., R.S., Ch. 567 (S.B. 475), Sec. 6, eff. June 14, 2021.

Sec. 2054.52008. STATUS OF VOLUNTEER; LIABILITY. (a) A volunteer is not an agent, employee, or independent contractor of this state for any purpose and has no authority to obligate this state to a third party.

(b) This state is not liable to a volunteer for personal injury or property damage sustained by the volunteer that arises from participation in the incident response team.

Added by Acts 2021, 87th Leg., R.S., Ch. 567 (S.B. 475), Sec. 6, eff. June 14, 2021.

Sec. 2054.52009. CIVIL LIABILITY. A volunteer who in good faith provides professional services in response to a cybersecurity event is not liable for civil damages as a result of the volunteer's acts or omissions in providing the services, except for wilful and wanton misconduct. This immunity is limited to services provided during the time of deployment for a cybersecurity event.

Added by Acts 2021, 87th Leg., R.S., Ch. 567 (S.B. 475), Sec. 6, eff. June 14, 2021.

Sec. 2054.52010. CONFIDENTIAL INFORMATION. Information written, produced, collected, assembled, or maintained by the department, a participating entity, the cybersecurity council, or a volunteer in the implementation of this subchapter is confidential and not subject to disclosure under Chapter 552 if the information:

(1) contains the contact information for a volunteer;

(2) identifies or provides a means of identifying a person who may, as a result of disclosure of the information, become a victim of a cybersecurity event;

(3) consists of a participating entity's cybersecurity plans or cybersecurity-related practices; or

(4) is obtained from a participating entity or from a participating entity's computer system in the course of providing assistance under this subchapter.

Added by Acts 2021, 87th Leg., R.S., Ch. 567 (S.B. 475), Sec. 6, eff. June 14, 2021.

SUBCHAPTER O. MAJOR OUTSOURCED CONTRACTS


Sec. 2054.521. MAJOR OUTSOURCED CONTRACT DEFINED; RULE. The board by rule shall define what constitutes a major outsourced contract with regard to contracts the department executes with entities other than this state or a political subdivision of this state. The definition must include as a major outsourced contract:

(1) outsourced contracts entered into under Subchapter I and Subchapter L of this chapter or Chapter 2170; and

(2) contracts that exceed a monetary threshold, other than those described by Subdivision (1).

Added by Acts 2013, 83rd Leg., R.S., Ch. 48 (H.B. 2472), Sec. 13, eff. September 1, 2013.

Sec. 2054.522. BOARD APPROVAL AND OVERSIGHT OF MAJOR OUTSOURCED CONTRACTS. (a) The department must receive approval from the board before:

(1) entering into a major outsourced contract; or

(2) amending any major outsourced contract, if the amendment has significant statewide impact.

(b) The board shall establish one or more subcommittees to monitor the department's major outsourced contracts.

Added by Acts 2013, 83rd Leg., R.S., Ch. 48 (H.B. 2472), Sec. 13, eff. September 1, 2013.

Sec. 2054.523. MANAGEMENT PLANS FOR MAJOR OUTSOURCED CONTRACTS. (a) The department shall specify procedures for administering, monitoring, and overseeing each major outsourced contract by creating a management plan for each contract. In each management plan, the department shall specify the department's approach to managing and mitigating the risks inherent in each contract.

(b) Department staff who perform contract administration and program duties shall jointly develop the management plans with input from executive management and the board. Each management plan must be approved by the executive director.

(c) Each management plan must establish clear lines of accountability and coordination of contract activities. The plan must provide details about implementing the program that is the subject of the contract as well as procedures for monitoring contractor performance, identifying and mitigating risks related to the contract, and involving and communicating with customers who will be served by any programs implemented through the contract. As appropriate, the plan must define an approach for transitioning from one major outsourced contract to another major outsourced contract.

(d) The department shall revise each management plan:

(1) as necessary to keep current during the contracting process; and

(2) when the department renews, amends, or resolicits a major outsourced contract to ensure the plan remains updated and incorporates any changes resulting from a new contract.

Added by Acts 2013, 83rd Leg., R.S., Ch. 48 (H.B. 2472), Sec. 13, eff. September 1, 2013.

Sec. 2054.524. CUSTOMER INVOLVEMENT IN MAJOR OUTSOURCED CONTRACTS. The department shall establish formal procedures to ensure customer involvement in decision making regarding each of the department's major outsourced contracts, including initial analysis, solicitation development, and contract award and implementation, that affect those customers.

Added by Acts 2013, 83rd Leg., R.S., Ch. 48 (H.B. 2472), Sec. 13, eff. September 1, 2013.

SUBCHAPTER P. ADDITIONAL PROVISIONS ON CONTRACTING


Sec. 2054.551. DEFINITION. In this subchapter, "contract management guide" means the guide developed under this subchapter.

Added by Acts 2013, 83rd Leg., R.S., Ch. 48 (H.B. 2472), Sec. 13, eff. September 1, 2013.

Sec. 2054.552. CONFLICT OF INTEREST IN CONTRACTING. (a) A department employee may not:

(1) have an interest in, or in any manner be connected with, a contract or bid for a purchase of goods or services by the department; or

(2) in any manner, including by rebate or gift, directly or indirectly accept or receive from a person to whom a contract may be awarded anything of value or a promise, obligation, or contract for future reward or compensation.

(b) A department employee who violates Subsection (a)(2) is subject to dismissal.

(c) The board shall adopt rules to implement this section.

(d) The department shall train staff in the requirements of this section and Section 572.054 and incorporate the requirements into the contract management guide and the department's internal policies, including employee manuals.

Added by Acts 2013, 83rd Leg., R.S., Ch. 48 (H.B. 2472), Sec. 13, eff. September 1, 2013.

Sec. 2054.553. CONTRACT MANAGEMENT TRAINING POLICY. (a) The department shall develop a policy for training department staff in contract management.

(b) The policy must establish contract management training requirements for all staff involved in contract management, including contract managers, program staff, and executive management.

(c) The policy must specify the department's overall approach to procuring and managing contracts, as well as contract-specific procedures developed in the contract management guide and under Subchapter O.

Added by Acts 2013, 83rd Leg., R.S., Ch. 48 (H.B. 2472), Sec. 13, eff. September 1, 2013.

Sec. 2054.554. CONTRACT MANAGEMENT GUIDE; RULES. (a) The department shall develop and periodically update a contract management guide to provide an overall, consistent approach on procurement and management of major outsourced contracts under Subchapter O and other contracts. In updating the guide, the department shall make changes based on contract experiences and account for changing conditions to guide the updates.

(b) The department shall coordinate with the department's internal auditor, subject to Section 2054.038(d), as needed for assistance and guidance in developing procedures in the contract management guide for monitoring contracts and individual contractors.

(c) The board may adopt rules necessary to develop or update the contract management guide.

(d) The contract management guide must provide information regarding the department's:

(1) general approach to business case analysis, procurement planning, contract solicitation, contract execution, and contract monitoring and oversight;

(2) ethics standards and policies, including those required by Section 2054.552; and

(3) approach to changing a program's internal structure or model for delivering services to customers.

(e) The contract management guide must:

(1) establish clear lines of accountability, staff roles and responsibilities, and decision-making authority for program staff, contract management staff, executive management, customers, and the board;

(2) include the procedures established under Section 2054.524 regarding customer involvement; and

(3) establish the department's process for evaluating and managing risk during each stage of contract procurement, implementation, and management.

(f) The contract management guide must describe the expectations and standards for obtaining and using customer input during all contract management phases.

Added by Acts 2013, 83rd Leg., R.S., Ch. 48 (H.B. 2472), Sec. 13, eff. September 1, 2013.

SUBCHAPTER Q. LEGACY SYSTEM MODERNIZATION STRATEGY


Sec. 2054.571. DEFINITION. In this subchapter, "legacy system" means a computer system or application program that is operated with obsolete or inefficient hardware or software technology.

Added by Acts 2015, 84th Leg., R.S., Ch. 460 (H.B. 1890), Sec. 1, eff. June 15, 2015.

Sec. 2054.572. LEGACY SYSTEM MODERNIZATION STRATEGY. (a) The department shall, in collaboration with state agencies other than institutions of higher education, develop a legacy system modernization strategy to guide the state in legacy system modernization efforts.

(b) The strategy must:

(1) plan for legacy system modernization statewide and at the agency level;

(2) establish a statewide application development framework;

(3) facilitate standardization and collaboration among state agencies; and

(4) promote the use of common technology solutions and collective purchasing by the state.

Added by Acts 2015, 84th Leg., R.S., Ch. 460 (H.B. 1890), Sec. 1, eff. June 15, 2015.

Sec. 2054.573. REPORTING SERVICE. The department shall implement a shared data reporting and business analytics service, with appropriate security isolation, for state agencies other than institutions of higher education. The department may launch the service as a pilot program with a limited number of state agencies in order to validate a solution before implementing a statewide service.

Added by Acts 2015, 84th Leg., R.S., Ch. 460 (H.B. 1890), Sec. 1, eff. June 15, 2015.

Sec. 2054.574. APPLICATION PORTFOLIO MANAGEMENT PROGRAM. (a) The department shall develop and implement a shared application portfolio management program for state agencies that includes best practices and tools to assist state agencies in managing applications. The department may launch the program as a pilot program with a limited number of state agencies in order to validate solutions before offering the program on a statewide basis.

(b) The department may contract for and offer the program to other entities under Section 2054.0565.

Added by Acts 2015, 84th Leg., R.S., Ch. 460 (H.B. 1890), Sec. 1, eff. June 15, 2015.

Sec. 2054.575. SECURITY ISSUES RELATED TO LEGACY SYSTEMS. (a) A state agency shall, with available funds, identify information security issues and develop a plan to prioritize the remediation and mitigation of those issues. The agency shall include in the plan:

(1) procedures for reducing the agency's level of exposure with regard to information that alone or in conjunction with other information identifies an individual maintained on a legacy system of the agency;

(2) the best value approach for modernizing, replacing, renewing, or disposing of a legacy system that maintains information critical to the agency's responsibilities;

(3) analysis of the percentage of state agency personnel in information technology, cybersecurity, or other cyber-related positions who currently hold the appropriate industry-recognized certifications as identified by the National Initiative for Cybersecurity Education;

(4) the level of preparedness of state agency cyber personnel and potential personnel who do not hold the appropriate industry-recognized certifications to successfully complete the industry-recognized certification examinations; and

(5) a strategy for mitigating any workforce-related discrepancy in information technology, cybersecurity, or other cyber-related positions with the appropriate training and industry-recognized certifications.

(b) The department shall, on request, facilitate collaborative efforts among state agencies to develop a plan described by Subsection (a).

(c) A plan developed under this section, along with any information or communication prepared or maintained for use in the preparation of the plan, is confidential and is not subject to disclosure under Chapter 552.

Added by Acts 2015, 84th Leg., R.S., Ch. 460 (H.B. 1890), Sec. 1, eff. June 15, 2015.

Amended by:

Acts 2017, 85th Leg., R.S., Ch. 683 (H.B. 8), Sec. 12, eff. September 1, 2017.

Sec. 2054.576. SHARED SOLUTIONS. (a) In considering and implementing new applications or remediation strategies, state agencies shall prioritize standardization and consolidation by emphasizing shared solutions, including those delivered as a service through the Internet.

(b) The department may contract for and offer shared solutions, including those delivered as a service through the Internet, to other entities under Section 2054.0565.

Added by Acts 2015, 84th Leg., R.S., Ch. 460 (H.B. 1890), Sec. 1, eff. June 15, 2015.

Sec. 2054.577. TECHNOLOGY IMPROVEMENT AND MODERNIZATION FUND. (a) The technology improvement and modernization fund is a special fund in the state treasury outside the general revenue fund.

(b) The fund consists of:

(1) money transferred or deposited to the credit of the fund at the direction of the legislature;

(2) money received from the federal government for the purposes of improving and modernizing state agency information resources;

(3) gifts, donations, and grants to the fund, including federal grants; and

(4) interest earned on the investment of money in the fund.

(c) Money in the fund:

(1) may be used to improve and modernize state agency information resources, including legacy system projects and cybersecurity projects; and

(2) may not be used to replace money appropriated to a state agency for the purposes of operating and maintaining state agency information resources or reduce the amount of money appropriated to a state agency for those purposes.

(d) Section 404.071 does not apply to the fund.

(e) In this section, "state agency" has the meaning assigned by Section 2052.101.

Added by Acts 2021, 87th Leg., R.S., Ch. 1037 (H.B. 4018), Sec. 1, eff. June 18, 2021.

For expiration of this section, see Subsection (j).


Sec. 2054.578. JOINT OVERSIGHT COMMITTEE ON INVESTMENT IN INFORMATION TECHNOLOGY IMPROVEMENT AND MODERNIZATION PROJECTS. (a) In this section:

(1) "Committee" means the Joint Oversight Committee on Investment in Information Technology Improvement and Modernization Projects.

(2) "State agency" has the meaning assigned by Section 2052.101.

(b) The committee is created to review investment and funding strategies for projects to improve or modernize state agency information resources technologies.

(c) The committee is composed of six members as follows:

(1) three members of the senate appointed by the lieutenant governor; and

(2) three members of the house of representatives appointed by the speaker of the house of representatives.

(d) The presiding officer of the committee shall alternate annually between:

(1) a member of the senate appointed by the lieutenant governor; and

(2) a member of the house of representatives appointed by the speaker of the house of representatives.

(e) A vacancy on the committee shall be filled in the same manner as the original appointment.

(f) The committee biennially shall provide a written report to the legislature that:

(1) identifies:

(A) existing and planned projects to improve or modernize state agency information resources technologies; and

(B) the method of funding for each project identified by the committee under Paragraph (A); and

(2) includes:

(A) a determination by the committee of the amount necessary to fully fund each project identified under Subdivision (1) to completion; and

(B) strategies developed by the committee to ensure a long-term investment solution for projects to improve or modernize state agency information resources technologies is in place, including strategies to:

(i) access the full amount of federal money available for those projects; and

(ii) use information gathered by the department during previous projects to improve the management, oversight, and transparency of future projects.

(g) The department shall provide staff support for the committee.

(h) The committee:

(1) has the powers of a joint committee; and

(2) may obtain funding in the same manner as a joint committee.

(i) The rules adopted by the 87th Legislature for the administration of joint committees apply to the committee to the extent the rules are consistent with this section.

(j) The committee is abolished and this section expires September 1, 2026.

Added by Acts 2021, 87th Leg., R.S., Ch. 1037 (H.B. 4018), Sec. 1, eff. June 18, 2021.

SUBCHAPTER R. INFORMATION RESOURCES OF GOVERNMENTAL ENTITIES


Sec. 2054.601. USE OF NEXT GENERATION TECHNOLOGY. Each state agency and local government shall, in the administration of the agency or local government, consider using next generation technologies, including cryptocurrency, blockchain technology, robotic process automation, and artificial intelligence.

Added by Acts 2019, 86th Leg., R.S., Ch. 509 (S.B. 64), Sec. 18, eff. September 1, 2019.

Amended by:

Acts 2021, 87th Leg., R.S., Ch. 567 (S.B. 475), Sec. 8, eff. June 14, 2021.

Sec. 2054.602. LIABILITY EXEMPTION. A person who in good faith discloses to a state agency or other governmental entity information regarding a potential security issue with respect to the agency's or entity's information resources technologies is not liable for any civil damages resulting from disclosing the information unless the person stole, retained, or sold any data obtained as a result of the security issue.

Added by Acts 2019, 86th Leg., R.S., Ch. 509 (S.B. 64), Sec. 18, eff. September 1, 2019.

Sec. 2054.603. SECURITY INCIDENT NOTIFICATION BY STATE AGENCY OR LOCAL GOVERNMENT. (a) In this section:

(1) "Security incident" means:

(A) a breach or suspected breach of system security as defined by Section 521.053, Business & Commerce Code; and

(B) the introduction of ransomware, as defined by Section 33.023, Penal Code, into a computer, computer network, or computer system.

(2) "Sensitive personal information" has the meaning assigned by Section 521.002, Business & Commerce Code.

(b) A state agency or local government that owns, licenses, or maintains computerized data that includes sensitive personal information, confidential information, or information the disclosure of which is regulated by law shall, in the event of a security incident:

(1) comply with the notification requirements of Section 521.053, Business & Commerce Code, to the same extent as a person who conducts business in this state;

(2) not later than 48 hours after the discovery of the security incident, notify:

(A) the department, including the chief information security officer; or

(B) if the security incident involves election data, the secretary of state; and

(3) comply with all department rules relating to reporting security incidents as required by this section.

(c) Not later than the 10th business day after the date of the eradication, closure, and recovery from a security incident, a state agency or local government shall notify the department, including the chief information security officer, of the details of the security incident and include in the notification an analysis of the cause of the security incident.

(d) This section does not apply to a security incident that a local government is required to report to an independent organization certified by the Public Utility Commission of Texas under Section 39.151, Utilities Code.

Added by Acts 2009, 81st Leg., R.S., Ch. 419 (H.B. 2004), Sec. 4, eff. September 1, 2009.

Amended by:

Acts 2017, 85th Leg., R.S., Ch. 683 (H.B. 8), Sec. 8, eff. September 1, 2017.

Acts 2019, 86th Leg., R.S., Ch. 509 (S.B. 64), Sec. 14, eff. September 1, 2019.

Transferred, redesignated and amended from Government Code, Section 2054.1125 by Acts 2023, 88th Leg., R.S., Ch. 67 (S.B. 271), Sec. 1, eff. September 1, 2023.

For expiration of this subchapter, see Section 2054.624.


SUBCHAPTER S. ARTIFICIAL INTELLIGENCE ADVISORY COUNCIL


Sec. 2054.621. DEFINITIONS. In this subchapter:

(1) "Algorithm" means a computerized procedure consisting of a set of steps used to accomplish a determined task.

(2) "Artificial intelligence systems" means systems capable of:

(A) perceiving an environment through data acquisition and processing and interpreting the derived information to take an action or actions or to imitate intelligent behavior given a specific goal; and

(B) learning and adapting behavior by analyzing how the environment is affected by prior actions.

(3) "Automated decision system" means an algorithm, including an algorithm incorporating machine learning or other artificial intelligence techniques, that uses data-based analytics to make or support governmental decisions, judgments, or conclusions.

(4) "Automated final decision system" means an automated decision system that makes final decisions, judgments, or conclusions without human intervention.

(5) "Automated support decision system" means an automated decision system that provides information to inform the final decision, judgment, or conclusion of a human decision maker.

(6) "Council" means the artificial intelligence advisory council established under this subchapter.

(7) "Public or private institution of higher education" means:

(A) an institution of higher education, as defined by Section 61.003, Education Code; or

(B) a private or independent institution of higher education, as defined by Section 61.003, Education Code.

Added by Acts 2023, 88th Leg., R.S., Ch. 828 (H.B. 2060), Sec. 1, eff. June 13, 2023.

Sec. 2054.622. ARTIFICIAL INTELLIGENCE ADVISORY COUNCIL. (a) The council is composed of the following seven members:

(1) one member of the house of representatives appointed by the speaker of the house of representatives;

(2) one member of the senate appointed by the lieutenant governor;

(3) the executive director or the executive director's designee; and

(4) the following four members appointed by the governor:

(A) an academic professional specializing in ethics who is employed by a public or private institution of higher education;

(B) an academic professional specializing in artificial intelligence systems who is employed by a public or private institution of higher education;

(C) an expert on law enforcement usage of artificial intelligence systems; and

(D) an expert in constitutional and legal rights.

(b) The council members appointed under Subsections (a)(1) and (2) shall serve as co-chairs of the council.

(c) A member of the council is not entitled to compensation or reimbursement for expenses.

(d) The department shall provide administrative support for the council.

(e) The council shall meet at the call of the co-chairs. The council may meet in person or by telephone conference call, videoconference, or another similar telecommunication method. Notwithstanding Chapter 551 or any other law, a meeting held by telephone conference call, videoconference, or another similar telecommunication method is subject to the requirements of Sections 551.125(c), (d), (e), and (f).

(f) The council shall study and monitor artificial intelligence systems developed, employed, or procured by state agencies. In carrying out its duties under this section, the council shall:

(1) assess the need for a state code of ethics for artificial intelligence systems in state government;

(2) review automated decision systems inventory reports submitted by state agencies under Section 2054.623, including a review of:

(A) the effect of the automated decision systems on the constitutional or legal rights, duties, or privileges of the residents of this state; and

(B) the potential benefits, liabilities, or risks that this state could incur as a result of implementing the automated decision systems; and

(3) recommend administrative actions that state agencies may take without further legislative authorization.

(g) Not later than December 1, 2024, the council shall submit a report to the legislature that includes:

(1) a summary of the council's findings after reviewing the automated decision systems inventory reports submitted under Section 2054.623;

(2) a summary of the recommendations of any relevant national bodies on artificial intelligence systems in state government;

(3) an assessment of the impact of using artificial intelligence systems in state government on the liberty, finances, livelihood, and privacy interests of the residents of this state;

(4) recommendations of any policies necessary to:

(A) protect the privacy and interests of the residents of this state from any diminution caused by employment of artificial intelligence systems by state government;

(B) ensure that the residents of this state are free from unfair discrimination caused or compounded by the employment of artificial intelligence systems in state government; and

(C) promote workforce knowledge of artificial intelligence technology and the development of ethical artificial intelligence systems in state government; and

(5) any other information that the council considers relevant.

Added by Acts 2023, 88th Leg., R.S., Ch. 828 (H.B. 2060), Sec. 1, eff. June 13, 2023.

Sec. 2054.623. AUTOMATED DECISION SYSTEMS INVENTORY REPORT. (a) Not later than July 1, 2024, each agency in the executive and legislative branches of state government, using money appropriated to the agency by this state, shall submit an inventory report of all automated decision systems that are being developed, employed, or procured by the agency. For each automated decision system, the inventory report must include a description of:

(1) the name and vendor of the automated decision system, if any;

(2) the automated decision system's general capabilities, including:

(A) reasonably foreseeable capabilities outside the scope of the agency's proposed use; and

(B) whether the automated decision system is used or may be used for independent decision-making powers and the impact of those decisions on the residents of this state;

(3) the types of data inputs that the technology uses;

(4) how the data described by Subdivision (3) is generated, collected, and processed;

(5) the types of data the automated decision system is reasonably likely to generate;

(6) whether the automated decision system has been tested by an independent third party, has a known bias, or is untested for bias;

(7) the purpose and proposed use of the automated decision system, including:

(A) the decisions the automated decision system will be used to make or support;

(B) whether the automated decision system is an automated final decision system or an automated support decision system; and

(C) the automated decision system's intended benefits, including any data or research relevant to the outcome of those results;

(8) how automated decision system data is securely stored and processed and whether the agency intends to share access to the automated decision system or data from that automated decision system with any other entity, and why; and

(9) the information technology fiscal impacts of the automated decision system, including:

(A) initial acquisition costs and ongoing operating costs, such as maintenance, licensing, personnel, legal compliance, use auditing, data retention, and security costs;

(B) any cost savings that would be achieved through the use of the technology; and

(C) any current or potential sources of funding, including any subsidies or free products being offered by vendors or governmental entities.

(b) Not later than March 1, 2024, the council, in consultation with the department, shall prescribe the form, contents, and manner of submission of the automated decision systems inventory report required under this section.

(c) Each agency shall submit the report required under this section to the:

(1) department;

(2) council; and

(3) standing committees of the senate and house of representatives with primary jurisdiction over state agency information technology.

Added by Acts 2023, 88th Leg., R.S., Ch. 828 (H.B. 2060), Sec. 1, eff. June 13, 2023.

Sec. 2054.624. COUNCIL ABOLISHED; EXPIRATION OF SUBCHAPTER. The council is abolished and this subchapter expires January 1, 2025.

Added by Acts 2023, 88th Leg., R.S., Ch. 828 (H.B. 2060), Sec. 1, eff. June 13, 2023.