Print
Senate File 29 - IntroducedA Bill ForAn Act 1relating to the office of the chief information officer,
2including procurement preferences and a report detailing
3state information technology assets.
4BE IT ENACTED BY THE GENERAL ASSEMBLY OF THE STATE OF IOWA:
1 Section 1. Section 8B.1, Code 2021, is amended by adding the
2following new subsection:
3 NEW SUBSECTION. 2A. “Cloud computing” means the same as
4defined in the United States national institute of standards
5and technology’s special publication 800-145.
6 Sec. 2. Section 8B.9, subsection 6, Code 2021, is amended
7to read as follows:
86. Beginning October 1, 2019, a quarterly report regarding
9the status of technology upgrades or enhancements for state
10agencies, submitted to the general assembly and to the
11chairpersons and ranking members of the senate and house
12committees on appropriations. The quarterly report shall
13also include a listing of state agencies coordinating or
14working with the office, and a listing of state agencies not
15coordinating or working with the office, and the information
16required by section 8B.24, subsection 5A, paragraph “b”.
17 Sec. 3. Section 8B.24, Code 2021, is amended by adding the
18following new subsection:
19 NEW SUBSECTION. 5A. a. The office shall, when feasible,
20procure from providers that meet or exceed applicable state
21and federal laws, regulations, and standards for information
22technology, third-party cloud computing solutions and other
23information technology and related services that are not hosted
24on premises by the state.
25b. If the office determines it is not feasible to procure
26third-party cloud computing solutions or other information
27technology and related services pursuant to paragraph “a”, and
28if on-premises technology upgrades or new applications to be
29housed on-premises are proposed, the office shall include all
30of the following in the report required pursuant to section
318B.9, subsection 6:
32(1) An explanation as to why a cloud computing deployment
33was not feasible.
34(2) Whether the application can be deployed using a hybrid
35or containerized approach to minimize on-premise costs.
-1- 1(3) Compliance frameworks that require the application to
2be hosted on-premises.
3c. The office shall contract with multiple third-party
4commercial cloud computing service providers.
5d. The control and ownership of state data stored with cloud
6computing service providers shall remain with the state. The
7office shall ensure the portability of state data stored with
8cloud computing service providers.
9 Sec. 4. Section 8B.24, subsection 6, Code 2021, is amended
10to read as follows:
116. The office shall adopt rules pursuant to chapter 17A to
12implement the procurement methods and procedures provided for
13in subsections 2 through 5 5A.
14 Sec. 5. INVENTORY OF INFORMATION TECHNOLOGY ASSETS, CURRENT
15CLOUD COMPUTING ADOPTION, AND CLOUD COMPUTING MIGRATION PLAN
16— REPORT. By November 1, 2021, the office of the chief
17information officer, in collaboration with other state agencies
18and departments, shall provide a report to the general assembly
19that includes all of the following:
201. An inventory of all state information technology
21applications, and the percentage of the information technology
22applications that are cloud-based applications.
232. Recommendations regarding state information technology
24applications that should migrate to cloud-based applications.
25Each such recommendation shall include a description of
26workloads and information technology applications that are best
27suited to migrate to cloud-based applications given all of the
28following considerations:
29a. Whether the information technology application has
30underlying storage, networks, or infrastructure that supports
31another information technology application, and whether the
32information technology application is supported by another
33information technology application.
34b. How critical the information technology application is
35to the mission of the state agency or department.
-2- 1c. The difficulty of migrating the information technology
2application to a cloud-based application.
3d. The total cost of ownership of the target environment in
4which the information technology application shall operate if
5migrated to a cloud-based application.
6EXPLANATION
7The inclusion of this explanation does not constitute agreement with
8the explanation’s substance by the members of the general assembly.
9This bill relates to the office of the chief information
10officer, including procurement preferences and a report
11detailing state information technology assets.
12The bill defines “cloud computing” by reference to the
13United States national institute of standards and technology’s
14special publication 800-145, which defines the term as a model
15for enabling ubiquitous, convenient, on-demand network access
16to a shared pool of configurable computing resources that can
17be rapidly provisioned and released with minimal management
18effort or service provider interaction.
19Current law requires the office to submit a quarterly report
20regarding the status of technology upgrades or enhancements for
21state agencies. The bill requires this report to also include
22information related to the office’s determination that it was
23not feasible to procure a cloud computing solution, including
24an explanation as to why a cloud computing deployment was not
25feasible, whether the application can be deployed using a
26hybrid or containerized approach to minimize on-premise costs,
27and compliance frameworks that require the application to be
28hosted on-premises.
29The bill requires the office to, when feasible, procure
30third-party cloud computing solutions and other information
31technology and related services that are not hosted on premises
32by the state from providers that meet or exceed applicable
33state and federal laws, regulations, and standards for
34information technology.
35The bill provides the office shall contract with multiple
-3-1third-party commercial cloud computing service providers.
2The bill establishes that control and ownership of state
3data stored with cloud computing service providers shall remain
4with the state. The bill requires the office to ensure the
5portability of state data stored with cloud computing service
6providers.
7The bill requires the office to provide a report to the
8general assembly by November 1, 2021, that includes an
9inventory of all state information technology applications,
10and recommendations regarding state information technology
11applications that should migrate to cloud-based applications.
-4-ja/rn
2including procurement preferences and a report detailing
3state information technology assets.
4BE IT ENACTED BY THE GENERAL ASSEMBLY OF THE STATE OF IOWA:
1 Section 1. Section 8B.1, Code 2021, is amended by adding the
2following new subsection:
3 NEW SUBSECTION. 2A. “Cloud computing” means the same as
4defined in the United States national institute of standards
5and technology’s special publication 800-145.
6 Sec. 2. Section 8B.9, subsection 6, Code 2021, is amended
7to read as follows:
86. Beginning October 1, 2019, a quarterly report regarding
9the status of technology upgrades or enhancements for state
10agencies, submitted to the general assembly and to the
11chairpersons and ranking members of the senate and house
12committees on appropriations. The quarterly report shall
13also include a listing of state agencies coordinating or
14working with the office, and a listing of state agencies not
15coordinating or working with the office, and the information
16required by section 8B.24, subsection 5A, paragraph “b”.
17 Sec. 3. Section 8B.24, Code 2021, is amended by adding the
18following new subsection:
19 NEW SUBSECTION. 5A. a. The office shall, when feasible,
20procure from providers that meet or exceed applicable state
21and federal laws, regulations, and standards for information
22technology, third-party cloud computing solutions and other
23information technology and related services that are not hosted
24on premises by the state.
25b. If the office determines it is not feasible to procure
26third-party cloud computing solutions or other information
27technology and related services pursuant to paragraph “a”, and
28if on-premises technology upgrades or new applications to be
29housed on-premises are proposed, the office shall include all
30of the following in the report required pursuant to section
318B.9, subsection 6:
32(1) An explanation as to why a cloud computing deployment
33was not feasible.
34(2) Whether the application can be deployed using a hybrid
35or containerized approach to minimize on-premise costs.
-1- 1(3) Compliance frameworks that require the application to
2be hosted on-premises.
3c. The office shall contract with multiple third-party
4commercial cloud computing service providers.
5d. The control and ownership of state data stored with cloud
6computing service providers shall remain with the state. The
7office shall ensure the portability of state data stored with
8cloud computing service providers.
9 Sec. 4. Section 8B.24, subsection 6, Code 2021, is amended
10to read as follows:
116. The office shall adopt rules pursuant to chapter 17A to
12implement the procurement methods and procedures provided for
13in subsections 2 through 5 5A.
14 Sec. 5. INVENTORY OF INFORMATION TECHNOLOGY ASSETS, CURRENT
15CLOUD COMPUTING ADOPTION, AND CLOUD COMPUTING MIGRATION PLAN
16— REPORT. By November 1, 2021, the office of the chief
17information officer, in collaboration with other state agencies
18and departments, shall provide a report to the general assembly
19that includes all of the following:
201. An inventory of all state information technology
21applications, and the percentage of the information technology
22applications that are cloud-based applications.
232. Recommendations regarding state information technology
24applications that should migrate to cloud-based applications.
25Each such recommendation shall include a description of
26workloads and information technology applications that are best
27suited to migrate to cloud-based applications given all of the
28following considerations:
29a. Whether the information technology application has
30underlying storage, networks, or infrastructure that supports
31another information technology application, and whether the
32information technology application is supported by another
33information technology application.
34b. How critical the information technology application is
35to the mission of the state agency or department.
-2- 1c. The difficulty of migrating the information technology
2application to a cloud-based application.
3d. The total cost of ownership of the target environment in
4which the information technology application shall operate if
5migrated to a cloud-based application.
6EXPLANATION
7The inclusion of this explanation does not constitute agreement with
8the explanation’s substance by the members of the general assembly.
9This bill relates to the office of the chief information
10officer, including procurement preferences and a report
11detailing state information technology assets.
12The bill defines “cloud computing” by reference to the
13United States national institute of standards and technology’s
14special publication 800-145, which defines the term as a model
15for enabling ubiquitous, convenient, on-demand network access
16to a shared pool of configurable computing resources that can
17be rapidly provisioned and released with minimal management
18effort or service provider interaction.
19Current law requires the office to submit a quarterly report
20regarding the status of technology upgrades or enhancements for
21state agencies. The bill requires this report to also include
22information related to the office’s determination that it was
23not feasible to procure a cloud computing solution, including
24an explanation as to why a cloud computing deployment was not
25feasible, whether the application can be deployed using a
26hybrid or containerized approach to minimize on-premise costs,
27and compliance frameworks that require the application to be
28hosted on-premises.
29The bill requires the office to, when feasible, procure
30third-party cloud computing solutions and other information
31technology and related services that are not hosted on premises
32by the state from providers that meet or exceed applicable
33state and federal laws, regulations, and standards for
34information technology.
35The bill provides the office shall contract with multiple
-3-1third-party commercial cloud computing service providers.
2The bill establishes that control and ownership of state
3data stored with cloud computing service providers shall remain
4with the state. The bill requires the office to ensure the
5portability of state data stored with cloud computing service
6providers.
7The bill requires the office to provide a report to the
8general assembly by November 1, 2021, that includes an
9inventory of all state information technology applications,
10and recommendations regarding state information technology
11applications that should migrate to cloud-based applications.
-4-ja/rn