OLYMPIA — Gov. Jay Inslee signed a bill into law Wednesday that aims to bring more security and results from the state's estimated $1 billion a year outlay for information technology and services.
Senate Bill 5891 requires state agencies and universities to have IT security plans and gives the state's relatively new chief information officer, Michael Cockrill, a leading role in setting standards for that security.
The legislation also creates a purchasing pool for technology projects, lets smaller pilot projects bypass competitive bidding if they get high-level review and are publicly justified, and makes other changes to bring better oversight by Cockrill's office of IT purchases by agencies. One change is a ranking by the Office of the Chief Information Officer of all technology project proposals (which totaled nearly $400 million this year) with no more than a third allowed to be ranked high priority.
"A lot of it is just good government, good operations," said Sen. Andy Hill, the Redmond Republican and Microsoft veteran who sponsored the bill. "We kind of have a sprawling, decentralized IT (system). Some things need to be centralized, some things don't."
The measure passed unanimously in the Senate, and two Thurston County Democrats in the House voted against it — both regarding it as bringing too much interference in agency operations.
Olympia Rep. Sam Hunt, who used to work for the former Department of Information Services, complained the bill came through the House without a committee hearing and late in session. He said the new law is overkill and "is micromanagement and duplicative."
He said there already is a role spelled out in statutes for oversight by a technology Services Board created in 2011 and by the chief information officer.
Tumwater Rep. Chris Reykdal disliked the new law's requirement for the Office of the Chief Information Officer to rank projects. He said he was "pretty frustrated by the presumption of inefficiency that the Legislature constantly foists upon the executive branch."
The chief information officer's staff also is required to evaluate all IT spending proposals for state agencies, universities and other branches of government. Its role is advisory only for the legislative and judicial branches, but the office is required to rank projects sought by various agencies.
Reykdal said that "creating a priority array of technology (projects) across all of state government where only a third of them can be placed in the high priority category seems pretty insincere given the IT needs out there across state agencies," Reykdal added.
• DATA CENTER PROJECT
The $255 million State Data Center and office building project near the Capitol cast a shadow over the legislation. The state-of-the-art data center portion of the project is twice as large as the state is likely to need for its current and future data storage, largely because of technological advances known as virtualization and growing use of cloud computing.
Hill said his bill might help push the state toward smaller projects rather than large ones that take years to complete and are out of date by the time they finish.
Senate Democrats voted as a bloc against an early version of the bill because it had language letting the Department of Enterprise Services bypass collective bargaining rights of state employees — who under the Personnel System Reform Act of 2002 have the right to bid competitively on work identified for privatization.
Enterprise Services never asked for that authority, and Hill eventually dropped that language, opening the way to unanimous Senate approval and a vote in the House late in session.
Democratic Rep. Zack Hudgins of Tukwila said removal of that contracting-out language sprung the bill loose for consideration by the House. Hudgins chairs a budget subcommittee that has been carefully watching some of the state's IT expenditures including the data center project and separate security concerns, and he said Hill's bill has provisions to ensure security training is given to key workers.
Security got higher attention this year after major data breaches in Utah and South Carolina and a breach of court records in Washington that disclosed nearly 100 individuals' Social Security numbers sometime between last fall and February.
As signed into law by Inslee, the bill lets the Office of Financial Management set up a projects pool. Hill said this lets vendors bid for specific projects but avoid tipping the state's hand on how much money is available for each one.
Under the current set-up, "when we go out to bid they know exactly how much they can ask for. But if you pool those dollars and put them out to bid, you get a true (bid). You get better prices," Hill said.
Hill said other elements of the bill could spur smaller, innovative projects because the bill lets projects valued at less than $100,000 avoid competitive bidding requirements if they are approved by the OCIO and a justification document is filed publicly.
• AGENCY COORDINATION
The bill also requires coordination between the OCIO and agencies spending more than $10 million a year on IT to ensure a business-management program is in place to help find savings and efficiencies. The OCIO also is tasked with creating statewide standards for purchases of networking equipment and other technology services.
Under a major restructuring of government in 2011, five agencies were merged into three — including the new Consolidated Technology Services, which runs data processing for agencies and operates the new State Data Center. The legislation tells CTS to report to OFM and the Legislature in September on the potential for consolidating state-agency telecommunications and network services inside CTS.
The chief information officer also is directed to report to lawmakers in September 2014 on its plan to modernize legacy IT systems and how to pay for them.
Former Gov. Chris Gregoire requested nearly $400 million in new IT projects this year. OFM and the OCIO still are going through the budget signed into law Sunday by Inslee to tally all of the projects that got the go-ahead.
Among the projects that did get authorization was nearly $10.5 million sought by CIO Cockrill for security upgrades, a larger amount than the roughly $1.3 million sought under Gregoire.
More than $8 million was authorized for a payroll accounting project — known as Time, Leave and Attendance and overseen by Enterprise Services. It begins as a pilot with the departments of Ecology and Transportation.
A third project that gets start-up funding will replace the Department of Revenue's aging computer system for core tax and licensing functions. It has been described as out of date, relying on computer code so old the state has a hard time finding programmers for it.