SB236: Information Technology; Governor to appoint Chief Information Officer of VITA, etc.


SENATE BILL NO. 236
AMENDMENT IN THE NATURE OF A SUBSTITUTE
(Proposed by the House Committee on Science and Technology
on February 24, 2010)
(Patrons Prior to Substitute--Senators Howell and Stosch, Howell and Stosch [SB 480], and McDougle [SB 390])
A BILL to amend and reenact §§ 2.2-106, 2.2-225, 2.2-1115.1, 2.2-1509.3, 2.2-2005 through 2.2-2009, 2.2-2012, 2.2-2013, 2.2-2015, 2.2-2019, 2.2-2020, 2.2-2021, 2.2-2023, 23-38.111, and 23-77.4 of the Code of Virginia; to amend and reenact the third enactment of Chapters 758 and 812 of the Acts of Assembly of 2009; to amend the Code of Virginia by adding in Chapter 26 of Title 2.2 an article numbered 35, consisting of sections numbered 2.2-2699.5, 2.2-2699.6, and 2.2-2699.7; and to repeal Article 7 (§§ 2.2-2033 and 2.2-2034) of Chapter 20.1 of Title 2.2 and Article 20 (§§ 2.2-2457, 2.2-2458, and 2.2-2458.1) of Chapter 24 of Title 2.2 of the Code of Virginia, relating to Information Technology governance in the Commonwealth; the Chief Information Officer; the Information Technology Investment Board, abolished; and the Information Technology Advisory Council, established; emergency.

Be it enacted by the General Assembly of Virginia:

1. That §§ 2.2-106, 2.2-225, 2.2-1115.1, 2.2-1509.3, 2.2-2005 through 2.2-2009, 2.2-2012, 2.2-2013, 2.2-2015, 2.2-2019, 2.2-2020, 2.2-2021, 2.2-2023, 23-38.111, and 23-77.4 of the Code of Virginia are amended and reenacted and that Code of Virginia is amended by adding in Chapter 26 of Title 2.2 an article numbered 35, consisting of sections numbered 2.2-2699.5, 2.2-2699.6, and 2.2-2699.7, as follows:

§ 2.2-106. Appointment of agency heads; severance.

A. Notwithstanding any provision of law to the contrary, the Governor shall appoint the administrative head of each agency of the executive branch of state government except the:

1. Executive Director of the Virginia Port Authority;

2. Director of the State Council of Higher Education for Virginia;

3. Executive Director of the Department of Game and Inland Fisheries;

4. Executive Director of the Jamestown-Yorktown Foundation;

5. Executive Director of the Motor Vehicle Dealer Board;

6. Librarian of Virginia;

7. Administrator of the Commonwealth's Attorneys' Services Council;

8. Executive Director of the Virginia Housing Development Authority; and

9. Executive Director of the Board of Accountancy; and

10. Chief Information Officer of the Commonwealth.

However, the manner of selection of those heads of agencies chosen as set forth in the Constitution of Virginia shall continue without change. Each administrative head and Secretary appointed by the Governor pursuant to this section shall (i) be subject to confirmation by the General Assembly, (ii) have the professional qualifications prescribed by law, and (iii) serve at the pleasure of the Governor.

B. As part of the confirmation process for each administrative head and Secretary, the Secretary of the Commonwealth shall provide copies of the resumes and statements of economic interests filed pursuant to § 2.2-3117 to the chairs of the House of Delegates and Senate Committees on Privileges and Elections. For appointments made before January 1, copies shall be provided to the chairs within 30 days of the appointment or by January 7 whichever time is earlier; and for appointments made after January 1 through the regular session of that year, copies shall be provided to the chairs within seven days of the appointment. Each appointee shall be available for interviews by the Committees on Privileges and Elections or other applicable standing committee. For the purposes of this section and § 2.2-107, there shall be a joint subcommittee of the House of Delegates and Senate Committees on Privileges and Elections consisting of five members of the House Committee and three members of the Senate Committee appointed by the respective chairs of the committees to review the resumes and statements of economic interests of gubernatorial appointees. The members of the House of Delegates shall be appointed in accordance with the principles of proportional representation contained in the Rules of the House of Delegates. No appointment confirmed by the General Assembly shall be subject to challenge by reason of a failure to comply with the provisions of this paragraph subsection pertaining to the confirmation process.

C. For the purpose of this section, "agency" includes all administrative units established by law or by executive order that are not (i) arms of the legislative or judicial branches of government; (ii) institutions of higher education as classified under §§ 23-253.7, 22.1-346, 23-14, and 23-252, and; (iii) regional planning districts, regional transportation authorities or districts, or regional sanitation districts; and (iv) assigned by law to other departments or agencies, not including assignments to secretaries under Article 7 (§ 2.2-215 et seq.) of Chapter 2 of this title.

D. Severance benefits provided to any departing agency head, whether or not appointed by the Governor, shall be publicly announced by the appointing authority prior to such departure.

§ 2.2-225. Position established; agencies for which responsible; additional powers.

The position of Secretary of Technology (the Secretary) is created. The Secretary shall be responsible to the Governor for the following agencies, councils, and boards: Information Technology Investment Board Advisory Council, Innovation and Entrepreneurship Investment Authority, Virginia Information Technologies Agency, Virginia Geographic Information Network Advisory Board, and the Wireless E-911 Services Board. The Governor, by executive order, may assign any other state executive agency to the Secretary, or reassign any agency listed in this section to another Secretary.

Unless the Governor expressly reserves such power to himself, the Secretary may, with regard to strategy development, planning and budgeting for technology programs in the Commonwealth:

1. Monitor trends and advances in fundamental technologies of interest and importance to the economy of the Commonwealth and direct and approve a stakeholder-driven technology strategy development process that results in a comprehensive and coordinated view of research and development goals for industry, academia and government in the Commonwealth. This strategy shall be updated biennially and submitted to the Governor, the Speaker of the House of Delegates and the President Pro Tempore of the Senate.

2. Work closely with the appropriate federal research and development agencies and program managers to maximize the participation of Commonwealth industries and universities in these programs consistent with agreed strategy goals.

3. Direct the development of plans and programs for strengthening the technology resources of the Commonwealth's high technology industry sectors and for assisting in the strengthening and development of the Commonwealth's Regional Technology Councils.

4. Direct the development of plans and programs for improving access to capital for technology-based entrepreneurs.

5. Assist the Joint Commission on Technology and Science created pursuant to § 30-85 in its efforts to stimulate, encourage, and promote the development of technology in the Commonwealth.

6. Continuously monitor and analyze the technology investments and strategic initiatives of other states to ensure the Commonwealth remains competitive.

7. Strengthen interstate and international partnerships and relationships in the public and private sectors to bolster the Commonwealth's reputation as a global technology center.

8. Develop and implement strategies to accelerate and expand the commercialization of intellectual property created within the Commonwealth.

9. Ensure the Commonwealth remains competitive in cultivating and expanding growth industries, including life sciences, advanced materials and nanotechnology, biotechnology, and aerospace.

10. Monitor the trends in the availability and deployment of and access to broadband communications services, which include, but are not limited to, competitively priced, high-speed data services and Internet access services of general application, throughout the Commonwealth and advancements in communications technology for deployment potential. The Secretary shall report annually by December 1 to the Governor and General Assembly on those trends.

11. Review and approve the procurement or termination of major information technology projects, and contracts or amendments thereto proposed by the Chief Information Officer (CIO) pursuant to § 2.2-2007.

12. Review and approve statewide technical and data standards for information technology and related systems, including the utilization of nationally recognized technical and data standards for health information technology systems or software purchased by a state agency of the Commonwealth, as recommended by the CIO.

13. Develop criteria and requirements defining "major information technology project" for purposes of § 2.2-2006. Such criteria and requirements shall include, but are not limited to, analysis of each project's risk and complexity.

§ 2.2-1115.1. Standard vendor accounting information.

A. The Division, the Virginia Information Technologies Agency, and the State Comptroller shall develop and maintain data standards for use by all agencies and institutions for payments and purchases of goods and services pursuant to §§ 2.2-1115 and 2.2-2012. Such standards shall include at a minimum the vendor number, name, address, and tax identification number; commodity code, order number, invoice number, and receipt information; and other information necessary to appropriately and consistently identify all suppliers of goods, commodities, and other services to the Commonwealth. The Division, the Virginia Information Technologies Agency, and the State Comptroller shall annually review and update these standards to provide the Commonwealth information to monitor all procurement of goods and services and to implement adequate controls to pay only authorized providers of goods and services to the Commonwealth.

B. The Division and the Virginia Information Technologies Agency shall submit these standards to the Information Technology Investment Board Advisory Council in accordance with § 2.2-2458 § 2.2-2699.6 for approval review as statewide technical and data standards for information technology.

§ 2.2-1509.3. Budget bill to include appropriations for major information technology projects.

A. For purposes of this section:

"Major information technology project" means the same as that term is defined in § 2.2-2006.

"Major information technology project funding" means an estimate of each funding source for a major information technology project for the duration of the project.

B. In "The Budget Bill" submitted pursuant to § 2.2-1509, the Governor shall provide for the funding of major information technology projects, as specified herein. Such funding recommendations shall be for major information technology projects that have or are pending project development approval as defined by § 2.2-2019 or procurement approval as defined by § 2.2-2020.

The Governor shall include in "The Budget Bill" submitted pursuant to § 2.2-1509 a biennial appropriation for major information technology projects and the following information for each such project:

1. A brief statement explaining the project, the Information Technology Investment Board's CIO's ranking and recommendations on the project as required by § 2.2-2458 § 2.2-2008, an explanation, if necessary, if the Governor informed the Chief Information Officer Secretary of Technology that an emergency existed as set forth in § 2.2-2008, and the anticipated duration of the project;

2. A brief explanation of the inclusion of any project in the budget bill that has not undergone review and approval by the Information Technology Investment Board Secretary of Technology as required by § 2.2-2458 § 2.2-225;

3. Total estimated project costs, as defined by the Commonwealth's Project Management Standards, including the amount of the agency's or institution's operating appropriation, which will support the project, and long-term contract cost beyond the biennium;

4. Costs incurred to date, as defined by the Commonwealth's Project Management Standards, which includes both the project planning cost and internal operating costs to support the project;

5. Recommendations or comments of the Public-Private Partnership Advisory Commission, if the project is part of a proposal under the Public-Private Education Facilities and Infrastructure Act of 2002 (§ 56-575.1 et seq.); and

6. The Information Technology Investment Board's CIO's assessment of the project and the status as of the date of the budget bill submission to the General Assembly.

C. The Information Technology Investment Board Secretary of Technology shall immediately notify each member of the Senate Finance Committee and the House Appropriations Committee of any Board decision to terminate in accordance with § 2.2-2458 § 2.2-225 any major information technology project in the budget bill. Such communication shall include the Information Technology Investment Board's Secretary of Technology's reason for such termination.

§ 2.2-2005. Creation of Agency; appointment of Chief Information Officer.

A. There is hereby created the Virginia Information Technologies Agency (VITA), which shall serve as the agency responsible for administration and enforcement of the provisions of this Chapter and the rules and policies of the Board.

B. The Board Governor shall appoint a Chief Information Officer (the CIO) as the chief administrative officer of the Board to oversee the operation of VITA. The CIO shall be employed under special contract for a term not to exceed five years and shall, under the direction and control of the Board, exercise the powers and perform the duties conferred or imposed upon him by law and perform such other duties as may be required by the Board Governor and the Secretary of Technology.

§ 2.2-2006. Definitions.

As used in this chapter:

"Board" means the Information Technology Investment Board created in § 2.2-2457.

"Communications services" includes telecommunications services, automated data processing services, and management information systems that serve the needs of state agencies and institutions.

"Confidential data" means information made confidential by federal or state law that is maintained by a state agency in an electronic format.

"Information technology" means telecommunications, automated data processing, databases, the Internet, management information systems, and related information, equipment, goods, and services. It is in the interest of the Commonwealth that its public institutions of higher education in Virginia be in the forefront of developments in technology. Therefore, the The provisions of this chapter shall not be construed to hamper the pursuit of the missions of the institutions in instruction and research.

"ITAC" means the Information Technology Advisory Council created in § 2.2-2699.5.

"Major information technology project" means any state agency information technology project that (i) is mission-critical, (ii) has statewide application, or (iii) has a total estimated cost of more than $1 million (i) meets the criteria and requirements developed by the Secretary of Technology pursuant to § 2.2-225 or (ii) has a total estimated cost of more than $1 million.

"Noncommercial telecommunications entity" means any public broadcasting station as defined in § 2.2-2427.

"Public telecommunications entity" means any public broadcasting station as defined in § 2.2-2427.

"Public telecommunications facilities" means all apparatus, equipment and material necessary for or associated in any way with public broadcasting stations or public broadcasting services as those terms are defined in § 2.2-2427, including the buildings and structures necessary to house such apparatus, equipment and material, and the necessary land for the purpose of providing public broadcasting services, but not telecommunications services.

"Public telecommunications services" means public broadcasting services as defined in § 2.2-2427.

"Secretary" means the Secretary of Technology.

"State agency" or "agency" means any agency, institution, board, bureau, commission, council, or instrumentality of state government in the executive branch listed in the appropriation act. However, the terms "state agency," "agency," "institution," "public body," and "public institution of higher education," shall not include the University of Virginia Medical Center.

"Technology asset" means hardware and communications equipment not classified as traditional mainframe-based items, including personal computers, mobile computers, and other devices capable of storing and manipulating electronic data.

"Telecommunications" means any origination, transmission, emission, or reception of signs, signals, writings, images, and sounds or intelligence of any nature, by wire, radio, television, optical, or other electromagnetic systems.

"Telecommunications facilities" means apparatus necessary or useful in the production, distribution, or interconnection of electronic communications for state agencies or institutions including the buildings and structures necessary to house such apparatus and the necessary land.

§ 2.2-2007. Powers of the CIO.

A. In addition to such other duties as the Board Secretary may assign, the CIO shall:

1. Monitor trends and advances in information technology; develop a comprehensive, statewide, four-year two-year strategic plan for information technology to include: (i) specific projects that implement the plan; and (ii) a plan for the acquisition, management, and use of information technology by state agencies; and (iii) a report of the progress of any ongoing enterprise application projects, any factors or risks that might affect their successful completion, and any changes to their projected implementation costs and schedules. The statewide plan shall be updated annually and submitted to the Board Secretary for approval.

2. Direct the formulation and promulgation of policies, guidelines, standards, and specifications for the purchase, development, and maintenance of information technology for state agencies, including, but not limited to, those (i) required to support state and local government exchange, acquisition, storage, use, sharing, and distribution of geographic or base map data and related technologies, (ii) concerned with the development of electronic transactions including the use of electronic signatures as provided in § 59.1-496, and (iii) necessary to support a unified approach to information technology across the totality of state government, thereby assuring that the citizens and businesses of the Commonwealth receive the greatest possible security, value, and convenience from investments made in technology.

3. Direct the development of policies and procedures, in consultation with the Department of Planning and Budget, that are integrated into the Commonwealth's strategic planning and performance budgeting processes, and that state agencies and public institutions of higher education shall follow in developing information technology plans and technology-related budget requests. Such policies and procedures shall require consideration of the contribution of current and proposed technology expenditures to the support of agency and institution priority functional activities, as well as current and future operating expenses, and shall be utilized by all state agencies and public institutions of higher education in preparing budget requests.

4. Review budget requests for information technology from state agencies and public institutions of higher education and recommend budget priorities to the Information Technology Investment Board Secretary.

Review of such budget requests shall include, but not be limited to, all data processing or other related projects for amounts exceeding $100,000 in which the agency or institution has entered into or plans to enter into a contract, agreement or other financing agreement or such other arrangement that requires that the Commonwealth either pay for the contract by foregoing revenue collections, or allows or assigns to another party the collection on behalf of or for the Commonwealth any fees, charges, or other assessments or revenues to pay for the project. For each project, the agency or institution, with the exception of public institutions of higher education that meet the conditions prescribed in subsection B of § 23-38.88, shall provide the CIO (i) a summary of the terms, (ii) the anticipated duration, and (iii) the cost or charges to any user, whether a state agency or institution or other party not directly a party to the project arrangements. The description shall also include any terms or conditions that bind the Commonwealth or restrict the Commonwealth's operations and the methods of procurement employed to reach such terms.

5. Direct the development of policies and procedures for the effective management of information technology investments throughout their entire life cycles, including, but not limited to, project definition, procurement, development, implementation, operation, performance evaluation, and enhancement or retirement. Such policies and procedures shall include, at a minimum, the periodic review by the CIO of agency and public institution of higher education major information technology projects estimated to cost $1 million or more or deemed to be mission-critical or of statewide application by the CIO. The CIO shall provide technical guidance to the Department of General Services in the development of policies and procedures for the recycling and disposal of computers and other technology assets. Such policies and procedures shall include the expunging, in a manner as determined by the CIO, of all state confidential data and personal identifying information of citizens of the Commonwealth prior to such sale, disposal, or other transfer of computers or other technology assets.

6. Oversee and administer the Virginia Technology Infrastructure Fund created pursuant to § 2.2-2023.

7. Periodically evaluate the feasibility of outsourcing information technology resources and services, and outsource those resources and services that are feasible and beneficial to the Commonwealth.

8. Have the authority to enter into contracts, and with the approval of the Board Secretary of Technology for any contracts over $1 million, with one or more other public bodies, or public agencies or institutions or localities of the several states, of the United States or its territories, or the District of Columbia for the provision of information technology services.

9. Report annually to the Governor, the Secretary, and the Joint Commission on Technology and Science created pursuant to § 30-85 on the use and application of information technology by state agencies and public institutions of higher education to increase economic efficiency, citizen convenience, and public access to state government. The CIO shall prepare an annual report for submission to the Secretary, the Information Technology Advisory Council, and the Joint Commission on Technology and Science on a prioritized list of Recommended Technology Investment Projects based upon major information technology projects submitted for approval pursuant to this chapter. As part of this plan, the CIO shall develop and regularly update a methodology for prioritizing projects based upon the allocation of points to defined criteria. The criteria and their definitions shall be presented in the plan. For each project listed in the plan, the CIO shall indicate the number of points and how they were awarded. For each listed project, the CIO shall also indicate (i) the projected cost of the project for the next three biennia following project implementation; (ii) all projected costs of ongoing operations and maintenance activities; and (iii) whether the project fails to incorporate existing standards for the maintenance, exchange, and security of data. This report shall also include trends in current projected information technology spending by state agencies and at the enterprise level, including spending on projects, operations and maintenance, and payments to VITA.

10. Direct the development of policies and procedures that require VITA to review major information technology projects proposed by state agencies and institutions exceeding $100,000, and recommend to the Secretary whether such projects be approved or disapproved. The CIO shall disapprove major information technology projects between $100,000 and $1 million that do not conform to the statewide strategic information technology plan or to the individual plans of state agencies or institutions of higher education. For projects that do not meet the definition of major information technology project as defined in § 2.2-2006, the CIO shall develop criteria and requirements defining whether such projects are subject to the provisions of this subdivision.

11. Oversee the Commonwealth's efforts to modernize the planning, development, implementation, improvement, and retirement of Commonwealth applications, including the coordination and development of enterprise-wide or multiagency applications.

12. Develop and recommend to the Secretary statewide technical and data standards for information technology and related systems, including the utilization of nationally recognized technical and data standards for health information technology systems or software purchased by a state agency of the Commonwealth.

B. Consistent with § 2.2-2012, the CIO may enter into public-private partnership contracts to finance or implement information technology programs and projects. The CIO may issue a request for information to seek out potential private partners interested in providing programs or projects pursuant to an agreement under this subsection. The compensation for such services shall be computed with reference to and paid from the increased revenue or cost savings attributable to the successful implementation of the program or project for the period specified in the contract. The CIO shall be responsible for reviewing and approving the programs and projects and the terms of contracts for same under this subsection. The CIO shall determine annually the total amount of increased revenue or cost savings attributable to the successful implementation of a program or project under this subsection and such amount shall be deposited in the Virginia Technology Infrastructure Fund created in § 2.2-2023. The CIO is authorized to use moneys deposited in the Fund to pay private partners pursuant to the terms of contracts under this subsection. All moneys in excess of that required to be paid to private partners, as determined by the CIO, shall be reported to the Comptroller and retained in the Fund. The CIO shall prepare an annual report to the Governor, the Secretary, and General Assembly on all contracts under this subsection, describing each information technology program or project, its progress, revenue impact, and such other information as may be relevant.

C. The CIO shall strive to follow acceptable technology investment methods, such as Information Technology Investment Management (ITIM) principles developed by the United States Government Accountability Office, to ensure that all technology expenditures are an integral part of the Commonwealth's performance management system and are aligned with (i) agency strategic business objectives, (ii) the Governor's policy objectives, and (iii) the long-term objectives of the Council on Virginia's Future.

D. Subject to review and approval by the Secretary, the CIO shall have the authority to enter into and amend contracts for the provision of information technology services.

§ 2.2-2008. Additional duties of the CIO relating to project management.

The CIO shall have the following duties relating to the management of information technology projects:

1. Develop an approval process for proposed major information technology projects by state agencies to ensure that all such projects conform to the statewide information management plan and the information management plans of agencies and public institutions of higher education.

2. Establish a methodology for conceiving, planning, scheduling and providing appropriate oversight for information technology projects including a process for approving the planning, development and procurement of information technology projects. Such methodology shall include guidelines for the establishment of appropriate oversight for information technology projects.

3. Establish minimum qualifications and training standards for project managers.

4. Review and approve Provide the Secretary with a recommendation and rank of all procurement solicitations involving major information technology projects.

5. Direct the development of any statewide or multiagency enterprise project.

6. Develop and update a project management methodology to be used by agencies in the development of information technology.

7. Establish an information clearinghouse that identifies best practices and new developments and contains detailed information regarding the Commonwealth's previous experiences with the development of major information technology projects.

8. Determine, prior to proceeding with the development of a major information technology project pursuant to § 2.2-2019 or the procurement of any major information technology project pursuant to § 2.2-2020, that the funding for such project has been included in the budget bill in accordance with § 2.2-1509.3. Notwithstanding the The provisions of this subdivision, shall not apply upon a determination by the Governor that an emergency exists and a major information technology project is necessary to address the emergency, the CIO shall refer such project directly to the Information Technology Investment Board.

§ 2.2-2009. Additional duties of the CIO relating to security of government information.

A. To provide for the security of state government electronic information from unauthorized uses, intrusions or other security threats, the CIO shall direct the development of policies, procedures and standards for assessing security risks, determining the appropriate security measures and performing security audits of government electronic information. Such policies, procedures, and standards will apply to the Commonwealth's executive, legislative, and judicial branches, and independent agencies and institutions of higher education. The CIO shall work with representatives of the Chief Justice of the Supreme Court and Joint Rules Committee of the General Assembly to identify their needs.

B. The CIO shall also develop policies, procedures, and standards that shall address the scope of security audits and the frequency of such security audits. In developing and updating such policies, procedures, and standards, the CIO shall designate a government entity to oversee, plan and coordinate the conduct of periodic security audits of all executive branch and independent agencies and institutions of higher education. The CIO will coordinate these audits with the Auditor of Public Accounts and the Joint Legislative Audit and Review Commission. The Chief Justice of the Supreme Court and the Joint Rules Committee of the General Assembly shall determine the most appropriate methods to review the protection of electronic information within their branches.

C. The CIO shall annually report to the Governor, the Secretary, and General Assembly by December 2008 and annually thereafter, those executive branch and independent agencies and institutions of higher education that have not implemented acceptable policies, procedures, and standards to control unauthorized uses, intrusions, or other security threats. For any executive branch and or independent agency or institution of higher education whose security audit results and plans for corrective action are unacceptable, the CIO shall report such results to the (i) Information Technology Investment Board the Secretary, (ii) any other affected cabinet secretary, (iii) the Governor, and (iv) the Auditor of Public Accounts. Upon review of the security audit results in question, the Information Technology Investment Board CIO may take action to suspend the public bodies body's information technology projects pursuant to subdivision 3 of § 2.2-2458 § 2.2-2015, limit additional information technology investments pending acceptable corrective actions, and recommend to the Governor and Secretary any other appropriate actions.

The CIO shall also include in this report (a) results of security audits, including those state agencies, independent agencies, and institutions of higher education that have not implemented acceptable regulations, standards, policies, and guidelines to control unauthorized uses, intrusions, or other security threats and (b) the extent to which security standards and guidelines have been adopted by state agencies.

D. All public bodies subject to such audits as required by this section shall fully cooperate with the entity designated to perform such audits and bear any associated costs. Public bodies that are not required to but elect to use the entity designated to perform such audits shall also bear any associated costs.

E. The provisions of this section shall not infringe upon responsibilities assigned to the Comptroller, the Auditor of Public Accounts, or the Joint Legislative Audit and Review Commission by other provisions of the Code of Virginia.

F. To ensure the security and privacy of citizens of the Commonwealth in their interactions with state government, the CIO shall direct the development of policies, procedures, and standards for the protection of confidential data maintained by state agencies against unauthorized access and use. Such policies, procedures, and standards shall include, but not be limited to:

1. Requirements that any state employee or other authorized user of a state technology asset provide passwords or other means of authentication to (i) use a technology asset and (ii) access a state-owned or operated computer network or database; and

2. Requirements that a digital rights management system or other means of authenticating and controlling an individual's ability to access electronic records be utilized to limit access to and use of electronic records that contain confidential data to authorized individuals.

G. The CIO shall promptly receive reports from directors of departments in the executive branch of state government made in accordance with § 2.2-603 and shall take such actions as are necessary, convenient or desirable to ensure the security of the Commonwealth's electronic information and confidential data.

H. The CIO shall also develop policies, procedures, and standards that shall address the creation and operation of a risk management program designed to identify information technology security gaps and develop plans to mitigate the gaps. All agencies in the Commonwealth shall cooperate with the CIO. Such cooperation includes, but is not limited to, (i) providing the CIO with information required to create and implement a Commonwealth risk management program; (ii) creating an agency risk management program; and (iii) complying with all other risk management activities.

§ 2.2-2012. Procurement of information technology and telecommunications goods and services; computer equipment to be based on performance-based specifications.

A. Information technology and telecommunications goods and services of every description shall be procured by (i) VITA for its own benefit or on behalf of other state agencies and institutions or (ii) such other agencies or institutions to the extent authorized by VITA. Such procurements shall be made in accordance with the Virginia Public Procurement Act (§ 2.2-4300 et seq.), regulations that implement the electronic and information technology accessibility standards of the Rehabilitation Act of 1973 (29 U.S.C. § 794d), as amended, and any regulations as may be prescribed by VITA. In no case shall such procurements exceed the requirements of the regulations that implement the electronic and information technology accessibility standards of the Rehabilitation Act of 1973, as amended.

The CIO shall disapprove any procurement that does not conform to the statewide information technology plan or to the individual plans of state agencies or public institutions of higher education.

B. All statewide contracts and agreements made and entered into by VITA for the purchase of communications services, telecommunications facilities, and information technology goods and services shall provide for the inclusion of counties, cities, and towns in such contracts and agreements. Notwithstanding the provisions of § 2.2-4301, VITA may enter into multiple vendor contracts for the referenced services, facilities, and goods and services.

B1C. The Department may establish contracts for the purchase of personal computers and related devices by licensed teachers employed in a full-time teaching capacity in Virginia public schools or in state educational facilities for use outside the classroom. The computers and related devices shall not be purchased with public funds, but shall be paid for and owned by teachers individually provided that no more than one such computer and related device per year shall be so purchased.

CD. If VITA, or any agency or institution authorized by VITA, elects to procure personal computers and related peripheral equipment pursuant to any type of blanket purchasing arrangement under which public bodies, as defined in § 2.2-4301, may purchase such goods from any vendor following competitive procurement but without the conduct of an individual procurement by or for the using agency or institution, it shall establish performance-based specifications for the selection of equipment. Establishment of such contracts shall emphasize performance criteria including price, quality, and delivery without regard to "brand name." All vendors meeting the Commonwealth's performance requirements shall be afforded the opportunity to compete for such contracts.

DE. This section shall not be construed or applied so as to infringe upon, in any manner, the responsibilities for accounting systems assigned to the Comptroller under § 2.2-803.

EF. The CIO of VITA shall, on or before October 1, 2009, and every two years thereafter, solicit from each state agency and public institution of higher education a list of procurements that were competed with the private sector that appear on the Commonwealth Competition Council's commercial activities list and were, until that time, being performed by each state agency and public institution of higher education during the previous two years, and the outcome of that competition. The CIO shall make the lists available to the public on VITA's website.

§ 2.2-2013. Internal service funds; Automated Services Internal Service Fund; Computer Services Internal Service Fund; Telecommunication Services Internal Service Fund.

A. There are established the following internal service funds to be administered by VITA:

1. The Automated Services Internal Service Fund to be used to finance automated systems design, development and testing services and staff of VITA;

2. The Computer Services Internal Service Fund to be used to finance computer operations and staff of VITA; and

3. The Telecommunication Services Internal Service Fund to be used to finance telecommunications operations and staff of VITA.

B. There is established the Acquisition Services Special Fund to be administered by VITA and used to finance procurement and contracting activities and programs unallowable for federal fund reimbursement.

C. All users of services provided for in this chapter administered by VITA shall be assessed a surcharge, which shall be deposited in the appropriate fund. This charge shall be an amount sufficient to allow VITA to finance the operations and staff of the services offered.

D. Additional moneys necessary to establish these funds or provide for the administration of the activities of VITA may be advanced from the general account of the state treasury.

E. The CIO shall direct that the following activities be conducted with respect to VITA's internal service funds:

1. VITA shall establish fee schedules for the collection of fees from users when general fund appropriations are not available for the services rendered.

2. VITA shall develop and implement information, billing, and collections methods that will assist state agencies in analyzing and effectively managing their use of VITA's services, and which will allow VITA to forecast service demands and balances of its internal service funds.

3. By September 1 of each year VITA shall submit biennial projections of future revenues and expenditures for each internal service fund and estimates of any anticipated changes to fee schedules to the Joint Legislative Audit and Review Commission and the Department of Planning and Budget.

4. In the event that changes to fee schedules or rates are required, the CIO shall submit documentation to the Joint Legislative Audit and Review Commission and the Department of Planning and Budget no later than September 1 prior to the fiscal year in which the new or revised rates are to take effect so that the impact of the rate changes can be considered for inclusion in the executive budget submitted to the General Assembly pursuant to § 2.2-1508. In emergency circumstances, deviations from this approach shall be approved in advance by the Joint Legislative Audit and Review Commission.

§ 2.2-2015. Authority of CIO to modify or suspend major information technology projects; project termination.

The CIO may direct the modification or suspension of any major information technology project that, as the result of a periodic review authorized by subdivision A 5 of § 2.2-2007, has not met the performance measures agreed to by the CIO and the sponsoring agency or public institution of higher education or if he otherwise deems such action appropriate and consistent with the terms of any affected contracts. The CIO may recommend to the Board Secretary the termination of such project. Nothing in this section shall be construed to supersede the responsibility of a board of visitors for the management and operation of a public institution of higher education.

The provisions of this section shall not apply to research projects, research initiatives or instructional programs at public institutions of higher education. However, technology investments in research projects, research initiatives or instructional programs at such institutions estimated to cost $1 million or more of general fund appropriations may be reviewed as provided in subdivision A 5 of § 2.2-2007 if the projects are deemed mission-critical by the institution or of statewide application by the CIO. The CIO and the Secretary of Education, in consultation with public institutions of higher education, shall develop and provide to such institution criteria to be used in determining whether projects are mission-critical.

§ 2.2-2019. Project development approval.

A. Upon approval of the CIO of the project plan, an agency shall submit to the Division a project development proposal containing (i) a detailed business case including a cost-benefit analysis; (ii) a business process analysis, if applicable; (iii) system requirements, if known; (iv) a proposed development plan and project management structure; and (v) a proposed resource or funding plan. The project management specialist may require the submission of additional information necessary to meet the criteria developed by the Division.

B. The project management specialist assigned to review the project development proposal shall recommend its approval or rejection to the CIO. If the CIO determines that the proposal be approved, he shall recommend such approval to the Board.

§ 2.2-2020. Procurement approval for major information technology projects.

Upon approval of the Board CIO of the project development proposal involving a major information technology project that requires the procurement of goods or services, the agency shall submit a copy of any Invitation for Bid (IFB) or Request for Proposal (RFP) to the Division. The project management specialist shall review the IFB or RFP and recommend its approval or rejection to the CIO Secretary. The CIO Secretary, pursuant to § 2.2-225, shall have the final authority to approve the IFB or RFP prior to its release and shall approve the proposed contract for the award of the project.

§ 2.2-2021. Project oversight.

A. Whenever an agency has received approval from the Board Secretary to proceed with the development and acquisition of a major information technology project, an internal agency oversight committee shall be established by the CIO. The internal agency oversight committee shall provide ongoing oversight for the project and have the authority to approve or reject any changes in the project's scope, schedule, or budget. The CIO shall ensure that the project has in place adequate project management and oversight structures for addressing major issues that could affect the project's scope, schedule or budget and shall address issues that cannot be resolved by the internal agency oversight committee.

B. Whenever a statewide or multiagency project has received approval from the Board Secretary, the primary project oversight shall be conducted by a committee composed of representatives from agencies impacted by the project, which shall be established by the CIO.

§ 2.2-2023. Virginia Technology Infrastructure Fund created; contributions.

A. The Virginia Technology Infrastructure Fund (the Fund) is created in the state treasury. The Fund is to be used to fund major information technology projects or to pay private partners as authorized in subsection B of § 2.2-2007.

B. The Fund shall consist of: (i) the transfer of general and nongeneral fund appropriations from state agencies which represent savings that accrue from reductions in the cost of information technology and communication services, (ii) the transfer of general and nongeneral fund appropriations from state agencies which represent savings from the implementation of information technology enterprise projects, (iii) funds identified pursuant to subsection B of § 2.2-2007, (iv) such general and nongeneral fund fees or surcharges as may be assessed to agencies for enterprise technology projects, (v) gifts, grants, or donations from public or private sources, and (vi) such other funds as may be appropriated by the General Assembly. Savings shall be as identified by the CIO through a methodology approved reviewed by the Board ITAC and approved by the Secretary of Finance. The Auditor of Public Accounts shall certify the amount of any savings identified by the CIO. For public institutions of higher education, however, savings shall consist only of that portion of total savings that represent general funds. The State Comptroller is authorized to transfer cash consistent with appropriation transfers. Appropriated funds from federal sources are exempted from transfer. Except for funds to pay private partners as authorized in subsection B of § 2.2-2007, moneys in the Fund shall only be expended as provided by the appropriation act.

Interest earned on the Fund shall be credited to the Fund. The Fund shall be permanent and nonreverting. Any unexpended balance in the Fund at the end of the biennium shall not be transferred to the general fund of the state treasury.

Article 35.
Information Technology Advisory Council.

§ 2.2-2699.5. Information Technology Advisory Council; membership; terms; quorum; compensation; staff.

A. The Information Technology Advisory Council (ITAC) is established as an advisory council, within the meaning of § 2.2-2100, in the executive branch of state government. The ITAC shall be responsible for advising the CIO and the Secretary of Technology on the planning, budgeting, acquiring, using, disposing, managing, and administering of information technology in the Commonwealth.

B. The ITAC shall consist of not more than 14 members as follows: (i) one representative from an agency under each of the Governor's Secretaries, as set out in Chapter 2 (§ 2.2-200 et seq.), to be appointed by the Governor and serve with voting privileges; (ii) the Secretary of Technology and the CIO who shall serve ex officio with voting privileges; and (iii) at the Governor's discretion, not more than two nonlegislative citizen members to be appointed by the Governor and serve with voting privileges.

Nonlegislative citizen members shall be appointed for terms of four years. Appointments to fill vacancies, other than by expiration of a term, shall be for the unexpired terms. All members may be reappointed. However, no nonlegislative citizen member shall serve more than two consecutive four-year terms. The remainder of any term to which a member is appointed to fill a vacancy shall not constitute a term in determining the member's eligibility for reappointment. Vacancies shall be filled in the same manner as the original appointments.

C. The Secretary of Technology shall serve as chairman of the ITAC. The CIO shall serve as vice-chairman. A majority of the members shall constitute a quorum. The ITAC shall meet at least quarterly each year. The meetings of the ITAC shall be held at the call of the chairman or whenever the majority of the members so request.

D. Nonlegislative citizen members shall receive compensation and shall be reimbursed for all reasonable and necessary expenses incurred in the performance of their duties, as provided in §§ 2.2-2813 and 2.2-2825. Funding for the costs of compensation and expenses of the members shall be provided by the Virginia Information Technologies Agency.

E. The disclosure requirements of subsection B of § 2.2-3114 of the State and Local Government Conflict of Interests Act shall apply to citizen members of the ITAC.

F. The Virginia Information Technologies Agency shall serve as staff to the ITAC.

§ 2.2-2699.6. Powers and duties of the ITAC.

The ITAC shall have the power and duty to:

1. Adopt rules and procedures for the conduct of its business;

2. Advise the CIO on the development of all major information technology projects as defined in § 2.2-2006;

3. Advise the CIO on strategies, standards, and priorities for the use of information technology for state agencies in the executive branch of state government;

4. Advise the CIO on developing the two-year plan for information technology projects;

5. Advise the CIO on statewide technical and data standards for information technology and related systems, including the utilization of nationally recognized technical and data standards for health information technology systems or software purchased by a state agency of the Commonwealth;

6. Advise the CIO on statewide information technology architecture and related system standards;

7. Advise the CIO on assessing and meeting the Commonwealth's business needs through the application of information technology; and

8. Advise the CIO on the prioritization, development, and implementation of enterprise-wide technology applications; annually review all agency technology applications budgets; and advise the CIO on infrastructure expenditures. For purposes of this section, technology applications include, but are not limited to, hardware, software, maintenance, facilities, contractor services, goods, and services that promote business functionality and facilitate the storage, flow, use or processing of information by agencies of the Commonwealth in the execution of their business activities.

§ 2.2-2699.7. Health Information Technology Standards Advisory Committee.

The ITAC may appoint an advisory committee of persons with expertise in health care and information technology to advise the ITAC on the utilization of nationally recognized technical and data standards for health information technology systems or software pursuant to subdivision 5 of § 2.2-2699.6. The ITAC, in consultation with the Secretary of Health and Human Resources, may appoint up to five persons to serve on the advisory committee. Members appointed to the advisory committee shall serve without compensation, but shall be reimbursed for all reasonable and necessary expenses incurred in the performance of their duties as provided in § 2.2-2825. The CIO, the Secretary of Technology, and the Secretary of Health and Human Resources, or their designees, may also serve on the advisory committee.

§ 23-38.111. Information technology.

Subject to the terms of the management agreement, covered institutions may be exempt from the provisions governing the Virginia Information Technologies Agency, Chapter 20.1 (§ 2.2-2005 et seq.) of Title 2.2., and the provisions governing the Information Technologies Investment Board Advisory Council, Article 20 35 (§ 2.2-2699.5 et seq.) of Chapter 24 (§ 2.2-2457 et seq.) 26 of Title 2.2; provided, however, that the governing body of a covered institution shall adopt, and the covered institution shall comply with, policies for the procurement of information technology goods and services, including professional services, that are consistent with the requirements of § 23-38.110 and that include provisions addressing cooperative arrangements for such procurement as described in § 23-38.110, and shall adopt and comply with institutional policies and professional best practices regarding strategic planning for information technology, project management, security, budgeting, infrastructure, and ongoing operations.

§ 23-77.4. Medical center management.

A. The General Assembly recognizes and finds that the economic viability of the University of Virginia Medical Center, hereafter referred to as the Medical Center, together with the requirement for its specialized management and operation, and the need of the Medical Center to participate in cooperative arrangements reflective of changes in health care delivery, as set forth in § 23-77.3, are dependent upon the ability of the management of the Medical Center to make and implement promptly decisions necessary to conduct the affairs of the Medical Center in an efficient, competitive manner. The General Assembly also recognizes and finds that it is critical to, and in the best interests of, the Commonwealth that the University continue to fulfill its mission of providing quality medical and health sciences education and related research and, through the presence of its Medical Center, continue to provide for the care, treatment, health-related services, and education activities associated with Virginia patients, including indigent and medically indigent patients. Because the General Assembly finds that the ability of the University to fulfill this mission is highly dependent upon revenues derived from providing health care through its Medical Center, and because the General Assembly also finds that the ability of the Medical Center to continue to be a reliable source of such revenues is heavily dependent upon its ability to compete with other providers of health care that are not subject to the requirements of law applicable to agencies of the Commonwealth, the University is hereby authorized to implement the following modifications to the management and operation of the affairs of the Medical Center in order to enhance its economic viability:

B. Capital projects; leases of property; procurement of goods, services and construction.

1. Capital projects.

a. For any Medical Center capital project entirely funded by a nongeneral fund appropriation made by the General Assembly, all post-appropriation review, approval, administrative, and policy and procedure functions performed by the Department of General Services, the Division of Engineering and Buildings, the Department of Planning and Budget and any other agency that supports the functions performed by these departments are hereby delegated to the University, subject to the following stipulations and conditions: (i) the Board of Visitors shall develop and implement an appropriate system of policies, procedures, reviews and approvals for Medical Center capital projects to which this subdivision applies; (ii) the system so adopted shall provide for the review and approval of any Medical Center capital project to which this subdivision applies in order to ensure that, except as provided in clause (iii), the cost of any such capital project does not exceed the sum appropriated therefor and that the project otherwise complies with all requirements of the Code of Virginia regarding capital projects, excluding only the post-appropriation review, approval, administrative, and policy and procedure functions performed by the Department of General Services, the Division of Engineering and Buildings, the Department of Planning and Budget and any other agency that supports the functions performed by these departments; (iii) the Board of Visitors may, during any fiscal year, approve a transfer of up to a total of 15 percent of the total nongeneral fund appropriation for the Medical Center in order to supplement funds appropriated for a capital project or capital projects of the Medical Center, provided that the Board of Visitors finds that the transfer is necessary to effectuate the original intention of the General Assembly in making the appropriation for the capital project or projects in question; (iv) the University shall report to the Department of General Services on the status of any such capital project prior to commencement of construction of, and at the time of acceptance of, any such capital project; and (v) the University shall ensure that Building Officials and Code Administrators (BOCA) Code and fire safety inspections of any such project are conducted and that such projects are inspected by the State Fire Marshal or his designee prior to certification for building occupancy by the University's assistant state building official to whom such inspection responsibility has been delegated pursuant to § 36-98.1. Nothing in this section shall be deemed to relieve the University of any reporting requirement pursuant to § 2.2-1513. Notwithstanding the foregoing, the terms and structure of any financing of any capital project to which this subdivision applies shall be approved pursuant to § 2.2-2416.

b. No capital project to which this subdivision applies shall be materially increased in size or materially changed in scope beyond the plans and justifications that were the basis for the project's appropriation unless: (i) the Governor determines that such increase in size or change in scope is necessary due to an emergency or (ii) the General Assembly approves the increase or change in a subsequent appropriation for the project. After construction of any such capital project has commenced, no such increase or change may be made during construction unless the conditions in (i) or (ii) have been satisfied.

2. Leases of property.

a. The University shall be exempt from the provisions of § 2.2-1149 and from any rules, regulations and guidelines of the Division of Engineering and Buildings in relation to leases of real property that it enters into on behalf of the Medical Center and, pursuant to policies and procedures adopted by the Board of Visitors, may enter into such leases subject to the following conditions: (i) the lease must be an operating lease and not a capital lease as defined in guidelines established by the Secretary of Finance and Generally Accepted Accounting Principles (GAAP); (ii) the University's decision to enter into such a lease shall be based upon cost, demonstrated need, and compliance with guidelines adopted by the Board of Visitors which direct that competition be sought to the maximum practical degree, that all costs of occupancy be considered, and that the use of the space to be leased actually is necessary and is efficiently planned; (iii) the form of the lease is approved by the Special Assistant Attorney General representing the University; (iv) the lease otherwise meets all requirements of law; (v) the leased property is certified for occupancy by the building official of the political subdivision in which the leased property is located; and (vi) upon entering such leases and upon any subsequent amendment of such leases, the University shall provide copies of all lease documents and any attachments thereto to the Department of General Services.

b. Notwithstanding the provisions of §§ 2.2-1155 and 23-4.1, but subject to policies and procedures adopted by the Board of Visitors, the University may lease, for a purpose consistent with the mission of the Medical Center and for a term not to exceed 50 years, property in the possession or control of the Medical Center.

c. Notwithstanding the foregoing, the terms and structure of any financing arrangements secured by capital leases or other similar lease financing agreements shall be approved pursuant to § 2.2-2416.

3. Procurement of goods, services and construction.

Contracts awarded by the University in compliance with this section, on behalf of the Medical Center, for the procurement of goods; services, including professional services; construction; and information technology and telecommunications, shall be exempt from (i) the Virginia Public Procurement Act (§ 2.2-4300 et seq.), except as provided below; (ii) the requirements of the Division of Purchases and Supply of the Department of General Services as set forth in Article 3 (§ 2.2-1109 et seq.) of Chapter 11 of Title 2.2; (iii) the requirements of the Division of Engineering and Buildings as set forth in Article 4 (§ 2.2-1129 et seq.) of Chapter 11 of Title 2.2; and (iv) the authority of the Chief Information Officer and the Virginia Information Technologies Agency as set forth in Chapter 20.1 (§ 2.2-2005 et seq.) of Title 2.2 and the Information Technology Investment Board created pursuant to § 2.2-2457 regarding the review and approval of contracts for (a) the construction of Medical Center capital projects and (b) information technology and telecommunications projects; however, the provisions of this subdivision may not be implemented by the University until such time as the Board of Visitors has adopted guidelines generally applicable to the procurement of goods, services, construction and information technology and telecommunications projects by the Medical Center or by the University on behalf of the Medical Center. Such guidelines shall be based upon competitive principles and shall in each instance seek competition to the maximum practical degree. The guidelines shall implement a system of competitive negotiation for professional services; shall prohibit discrimination because of race, religion, color, sex, or national origin of the bidder or offeror in the solicitation or award of contracts; may take into account in all cases the dollar amount of the intended procurement, the term of the anticipated contract, and the likely extent of competition; may implement a prequalification procedure for contractors or products; may include provisions for cooperative procurement arrangements with private health or educational institutions, or with public agencies or institutions of the several states, territories of the United States or the District of Columbia; shall incorporate the prompt payment principles of §§ 2.2-4350 and 2.2-4354; and may implement provisions of law. The following sections of the Virginia Public Procurement Act shall continue to apply to procurements by the Medical Center or by the University on behalf of the Medical Center: §§ 2.2-4311, 2.2-4315, and 2.2-4342 (which section shall not be construed to require compliance with the prequalification application procedures of subsection B of § 2.2-4317), 2.2-4330, 2.2-4333 through 2.2-4341, and 2.2-4367 through 2.2-4377.

C. Subject to such conditions as may be prescribed in the budget bill under § 2.2-1509 as enacted into law by the General Assembly, the State Comptroller shall credit, on a monthly basis, to the nongeneral fund operating cash balances of the University of Virginia Medical Center the imputed interest earned by the investment of such nongeneral fund operating cash balances, including but not limited to those balances derived from patient care revenues, on deposit with the State Treasurer.

2. That Article 7 (§§ 2.2-2033 and 2.2-2034) of Chapter 20.1 of Title 2.2 and Article 20 (§§ 2.2-2457, 2.2-2458, and 2.2-2458.1) of Chapter 24 of Title 2.2 of the Code of Virginia are repealed.

3. That the third enactment of Chapter 758 of the Acts of Assembly of 2009 is amended and reenacted as follows:

3. That the Department of General Services, the Virginia Information Technologies Agency, and the State Comptroller shall submit to the Information Technology Investment Board the standards required pursuant to § 2.2-1115.1 of this act by December 1, 2009. The Department of General Services and the Virginia Information Technologies Agency shall undertake to use these standards in the Commonwealth's enterprise electronic procurement system upon approval by the Information Technology Investment Board Secretary of Technology and make the standards available for use by all agencies and institutions by July 1, 2010. After July 1, 2010, the Department of General Services shall provide purchasing data from the Commonwealth's enterprise electronic procurement system, to the extent it is available, at least quarterly for inclusion in the Auditor of Public Accounts' searchable database established pursuant to § 30-133 of the Code of Virginia. All agencies and institutions that use the standards developed pursuant to this act that have not previously reported data to the Auditor of Public Accounts through the Commonwealth's enterprise electronic procurement system shall, to the extent practicable, provide such data to the Auditor of Public Accounts at least quarterly beginning after July 1, 2010.

4. That the third enactment of Chapter 812 of the Acts of Assembly of 2009 is amended and reenacted as follows:

3. That the Department of General Services, the Virginia Information Technologies Agency, and the State Comptroller shall submit to the Information Technology Investment Board the standards required pursuant to § 2.2-1115.1 of this act by December 1, 2009. The Department of General Services and the Virginia Information Technologies Agency shall undertake to use these standards in the Commonwealth's enterprise electronic procurement system upon approval by the Information Technology Investment Board Secretary of Technology and make the standards available for use by all agencies and institutions by July 1, 2010. After July 1, 2010, the Department of General Services shall provide purchasing data from the Commonwealth's enterprise electronic procurement system, to the extent it is available, at least quarterly for inclusion in the Auditor of Public Accounts' searchable database established pursuant to § 30-133 of the Code of Virginia. All agencies and institutions that use the standards developed pursuant to this act that have not previously reported data to the Auditor of Public Accounts through the Commonwealth's enterprise electronic procurement system shall, to the extent practicable, provide such data to the Auditor of Public Accounts at least quarterly beginning after July 1, 2010.

5. That on or before October 1, 2010, the Chief Information Officer, in consultation with the Joint Legislative Audit and Review Commission and any other parties as directed by the Secretary of Technology, shall develop a new review, approval, and monitoring process for information technology projects to replace the process required by §§ 2.2-2008 and 2.2-2017 through 2.2-2021 of the Code of Virginia. The new process shall be operational by January 1, 2011, and shall be implemented and regularly updated by the Division of Project Management. The process shall be designed to ensure that information technology projects conform to the statewide information management plan and the information management plans of agencies and public institutions of higher education. The process shall also be designed to ensure that projects are provided with appropriate levels of oversight once they are under execution. The level of review and oversight shall vary depending upon defined risk factors including, but not limited to, the cost of the project. In order to achieve the above goals, the process shall describe a methodology for agencies to follow in conceiving, planning, developing, scheduling and executing information technology projects, including procurements related to those projects.

6. That on or before October 1, 2010, the Chief Information Officer shall, in consultation with the Joint Legislative Audit and Review Commission and the Department of Planning and Budget, develop standard documentation and information to be used as part of any requests for changes to the Virginia Information Technologies Agency's fee schedules and rates.

7. That as of the effective date of this act, the Secretary of Technology shall be deemed the successor in interest to the Information Technology Investment Board. Without limiting the foregoing, all right, title, and interest in and to any real or tangible personal property or contract vested in the Information Technology Investment Board as of the effective date of this act shall be transferred to and taken as standing in the name of the Secretary of Technology.

8. That as of the effective date of this act, the Secretary of Technology shall be deemed the successor in interest to the Division of Enterprise Applications and Virginia Chief Applications Officer. Without limiting the foregoing, all right, title, and interest in and to any real or tangible personal property or contract vested in the Division of Enterprise Applications and Virginia Chief Applications Officer as of the effective date of this act shall be transferred to and taken as standing in the name of the Secretary of Technology.

9. That the Secretary of Technology shall provide in writing the criteria and requirements defining "major information technology project" to the chairs of the House Committee on General Laws, the Senate Committee on General Laws and Technology, the House Committee on Appropriations, the Senate Finance Committee, and the House Committee on Science and Technology.

10. That the Virginia Information Technologies Agency shall continue following the definition of "major information technology project" in effect prior to the passage of this act until the Secretary of Technology develops criteria and requirements defining "major information technology project" pursuant to the provisions of this act.

11. That the Information Technology Advisory Council shall develop a technology business plan for the Commonwealth in consultation with the Council on Virginia’s Future, and that on or before December 31, 2011, such technology business plan shall be provided in writing to the chairs of the House Committee on General Laws, the Senate Committee on General Laws and Technology, the House Committee on Appropriations, the Senate Finance Committee, and the House Committee on Science and Technology.

12. That an emergency exists and this act is in force from its passage.


SENATE BILL NO. 236
AMENDMENT IN THE NATURE OF A SUBSTITUTE
(Proposed by the Senate Committee on General Laws and Technology
on February 10, 2010)
(Patrons Prior to Substitute--Senators Howell and Stosch, Howell and Stosch [SB 480], and McDougle [SB 390])
A BILL to amend and reenact §§ 2.2-106, 2.2-225, 2.2-1115.1, 2.2-1509.3, 2.2-2005 through 2.2-2009, 2.2-2012, 2.2-2013, 2.2-2015, 2.2-2019, 2.2-2020, 2.2-2021, 2.2-2023, 23-38.111, and 23-77.4 of the Code of Virginia; to amend and reenact the third enactment of Chapters 758 and 812 of the 2009 Acts of Assembly; to amend the Code of Virginia by adding in Chapter 26 of Title 2.2 an article numbered 35, consisting of sections numbered 2.2-2699.5, 2.2-2699.6, and 2.2-2699.7; and to repeal Article 7 (§§ 2.2-2033 and 2.2-2034) of Chapter 20.1 and Article 20 (§§ 2.2-2457, 2.2-2458, and 2.2-2458.1) of Chapter 24 of Title 2.2 of the Code of Virginia, relating to Information Technology governance in the Commonwealth; the Chief Information Officer; the Information Technology Investment Board, abolished; and the Information Technology Advisory Council, established; emergency.

Be it enacted by the General Assembly of Virginia:

1.  That §§ 2.2-106, 2.2-225, 2.2-1115.1, 2.2-1509.3, 2.2-2005 through 2.2-2009, 2.2-2012, 2.2-2013, 2.2-2015, 2.2-2019, 2.2-2020, 2.2-2021, 2.2-2023, 23-38.111, and 23-77.4 of the Code of Virginia are amended and reenacted, that the third enactment of Chapters 758 and 812 of the 2009 Acts of Assembly are amended and reenacted, and that Code of Virginia is amended by adding in Chapter 26 of Title 2.2 an article numbered 35, consisting of sections numbered 2.2-2699.5, 2.2-2699.6, and 2.2-2699.7, as follows:

§ 2.2-106. Appointment of agency heads; severance.

A. Notwithstanding any provision of law to the contrary, the Governor shall appoint the administrative head of each agency of the executive branch of state government except the:

1. Executive Director of the Virginia Port Authority;

2. Director of the State Council of Higher Education for Virginia;

3. Executive Director of the Department of Game and Inland Fisheries;

4. Executive Director of the Jamestown-Yorktown Foundation;

5. Executive Director of the Motor Vehicle Dealer Board;

6. Librarian of Virginia;

7. Administrator of the Commonwealth's Attorneys' Services Council;

8. Executive Director of the Virginia Housing Development Authority; and

9. Executive Director of the Board of Accountancy; and

10. Chief Information Officer of the Commonwealth.

However, the manner of selection of those heads of agencies chosen as set forth in the Constitution of Virginia shall continue without change. Each administrative head and Secretary appointed by the Governor pursuant to this section shall (i) be subject to confirmation by the General Assembly, (ii) have the professional qualifications prescribed by law, and (iii) serve at the pleasure of the Governor.

B. As part of the confirmation process for each administrative head and Secretary, the Secretary of the Commonwealth shall provide copies of the resumes and statements of economic interests filed pursuant to § 2.2-3117 to the chairs of the House of Delegates and Senate Committees on Privileges and Elections. For appointments made before January 1, copies shall be provided to the chairs within 30 days of the appointment or by January 7 whichever time is earlier; and for appointments made after January 1 through the regular session of that year, copies shall be provided to the chairs within seven days of the appointment. Each appointee shall be available for interviews by the Committees on Privileges and Elections or other applicable standing committee. For the purposes of this section and § 2.2-107, there shall be a joint subcommittee of the House of Delegates and Senate Committees on Privileges and Elections consisting of five members of the House Committee and three members of the Senate Committee appointed by the respective chairs of the committees to review the resumes and statements of economic interests of gubernatorial appointees. The members of the House of Delegates shall be appointed in accordance with the principles of proportional representation contained in the Rules of the House of Delegates. No appointment confirmed by the General Assembly shall be subject to challenge by reason of a failure to comply with the provisions of this paragraph subsection pertaining to the confirmation process.

C. For the purpose of this section, "agency" includes all administrative units established by law or by executive order that are not (i) arms of the legislative or judicial branches of government; (ii) institutions of higher education as classified under §§ 23-253.7, 22.1-346, 23-14, and 23-252, and; (iii) regional planning districts, regional transportation authorities or districts, or regional sanitation districts; and (iv) assigned by law to other departments or agencies, not including assignments to secretaries under Article 7 (§ 2.2-215 et seq.) of Chapter 2 of this title.

D. Severance benefits provided to any departing agency head, whether or not appointed by the Governor, shall be publicly announced by the appointing authority prior to such departure.

§ 2.2-225. Position established; agencies for which responsible; additional powers.

A. The position of Secretary of Technology (the Secretary) is created. The Secretary shall be responsible to the Governor for the following agencies, councils, and boards: Information Technology Investment Board Advisory Council, Innovation and Entrepreneurship Investment Authority, Virginia Information Technologies Agency, Virginia Geographic Information Network Advisory Board, and the Wireless E-911 Services Board. The Governor, by executive order, may assign any other state executive agency to the Secretary, or reassign any agency listed in this section to another Secretary.

Unless the Governor expressly reserves such power to himself, the Secretary may, with regard to strategy development, planning and budgeting for technology programs in the Commonwealth:

1. Monitor trends and advances in fundamental technologies of interest and importance to the economy of the Commonwealth and direct and approve a stakeholder-driven technology strategy development process that results in a comprehensive and coordinated view of research and development goals for industry, academia and government in the Commonwealth. This strategy shall be updated biennially and submitted to the Governor, the Speaker of the House of Delegates and the President Pro Tempore of the Senate.

2. Work closely with the appropriate federal research and development agencies and program managers to maximize the participation of Commonwealth industries and universities in these programs consistent with agreed strategy goals.

3. Direct the development of plans and programs for strengthening the technology resources of the Commonwealth's high technology industry sectors and for assisting in the strengthening and development of the Commonwealth's Regional Technology Councils.

4. Direct the development of plans and programs for improving access to capital for technology-based entrepreneurs.

5. Assist the Joint Commission on Technology and Science created pursuant to § 30-85 in its efforts to stimulate, encourage, and promote the development of technology in the Commonwealth.

6. Continuously monitor and analyze the technology investments and strategic initiatives of other states to ensure the Commonwealth remains competitive.

7. Strengthen interstate and international partnerships and relationships in the public and private sectors to bolster the Commonwealth's reputation as a global technology center.

8. Develop and implement strategies to accelerate and expand the commercialization of intellectual property created within the Commonwealth.

9. Ensure the Commonwealth remains competitive in cultivating and expanding growth industries, including life sciences, advanced materials and nanotechnology, biotechnology, and aerospace.

10. Monitor the trends in the availability and deployment of and access to broadband communications services, which include, but are not limited to, competitively priced, high-speed data services and Internet access services of general application, throughout the Commonwealth and advancements in communications technology for deployment potential. The Secretary shall report annually by December 1 to the Governor and General Assembly on those trends.

11. Review and approve the procurement or termination of major information technology projects and contracts or amendments thereto proposed by the CIO pursuant to § 2.2-2007.

12. Review and approve statewide technical and data standards for information technology and related systems, including the utilization of nationally recognized technical and data standards for health information technology systems or software purchased by a state agency of the Commonwealth, as recommended by the Chief Information Officer (CIO).

B. On a biennial basis, the Secretary shall prepare a state strategic plan for information technology for submission to the Governor and the Joint Commission on Technology and Science. This plan shall include, but is not limited to, identifying (i) trends in needs for application and infrastructure services by state agencies and recommendations on appropriate services to meet those needs, including telework; (ii) progress in the use of information technology standards by state agencies, local government, and state institutions of higher education in a manner that promotes the security of sensitive information and the efficient exchange of electronic information between the public and private sectors in the Commonwealth; (iii) unmet needs for access to technology that may impede the secure and free flow of information, including but not limited to broadband access; (iv) opportunities for collaboration, and steps to address any barriers thereto, between state agencies, local governments, and state institutions of higher education that may promote more efficient and effective provision of service; and (v) how information technology can be used to increase economic efficiency, citizen convenience, and public access to state government.

§ 2.2-1115.1. Standard vendor accounting information.

A. The Division, the Virginia Information Technologies Agency, and the State Comptroller shall develop and maintain data standards for use by all agencies and institutions for payments and purchases of goods and services pursuant to §§ 2.2-1115 and 2.2-2012. Such standards shall include at a minimum the vendor number, name, address, and tax identification number; commodity code, order number, invoice number, and receipt information; and other information necessary to appropriately and consistently identify all suppliers of goods, commodities, and other services to the Commonwealth. The Division, the Virginia Information Technologies Agency, and the State Comptroller shall annually review and update these standards to provide the Commonwealth information to monitor all procurement of goods and services and to implement adequate controls to pay only authorized providers of goods and services to the Commonwealth.

B. The Division and the Virginia Information Technologies Agency shall submit these standards to the Information Technology Investment Board Advisory Council in accordance with § 2.2-2458 § 2.2-2699.6 for approval review as statewide technical and data standards for information technology.

§ 2.2-1509.3. Budget bill to include appropriations for major information technology projects.

A. For purposes of this section:

"Major information technology project" means the same as that term is defined in § 2.2-2006.

"Major information technology project funding" means an estimate of each funding source for a major information technology project for the duration of the project.

B. In "The Budget Bill" submitted pursuant to § 2.2-1509, the Governor shall provide for the funding of major information technology projects, as specified herein. Such funding recommendations shall be for major information technology projects that have or are pending project development approval as defined by § 2.2-2019 or procurement approval as defined by § 2.2-2020.

The Governor shall include in "The Budget Bill" submitted pursuant to § 2.2-1509 a biennial appropriation for major information technology projects and the following information for each such project:

1. A brief statement explaining the project, the Information Technology Investment Board's CIO's ranking and recommendations on the project as required by § 2.2-2458 § 2.2-2008, an explanation, if necessary, if the Governor informed the Chief Information Officer Secretary of Technology that an emergency existed as set forth in § 2.2-2008, and the anticipated duration of the project;

2. A brief explanation of the inclusion of any project in the budget bill that has not undergone review and approval by the Information Technology Investment Board Secretary of Technology as required by § 2.2-2458 § 2.2-225;

3. Total estimated project costs, as defined by the Commonwealth's Project Management Standards, including the amount of the agency's or institution's operating appropriation, which will support the project, and long-term contract cost beyond the biennium;

4. Costs incurred to date, as defined by the Commonwealth's Project Management Standards, which includes both the project planning cost and internal operating costs to support the project;

5. Recommendations or comments of the Public-Private Partnership Advisory Commission, if the project is part of a proposal under the Public-Private Education Facilities and Infrastructure Act of 2002 (§ 56-575.1 et seq.); and

6. The Information Technology Investment Board's CIO's assessment of the project and the status as of the date of the budget bill submission to the General Assembly.

C. The Information Technology Investment Board Secretary of Technology shall immediately notify each member of the Senate Finance Committee and the House Appropriations Committee of any Board decision to terminate in accordance with § 2.2-2458 § 2.2-225 any major information technology project in the budget bill. Such communication shall include the Information Technology Investment Board's Secretary of Technology's reason for such termination.

§ 2.2-2005. Creation of Agency; appointment of Chief Information Officer.

A. There is hereby created the Virginia Information Technologies Agency (VITA), which shall serve as the agency responsible for administration and enforcement of the provisions of this Chapter and the rules and policies of the Board.

B. The Board Governor shall appoint a Chief Information Officer (the CIO) as the chief administrative officer of the Board to oversee the operation of VITA. The CIO shall be employed under special contract for a term not to exceed five years and shall, under the direction and control of the Board, exercise the powers and perform the duties conferred or imposed upon him by law and perform such other duties as may be required by the Board Governor and the Secretary of Technology.

§ 2.2-2006. Definitions.

As used in this chapter:

"Board" means the Information Technology Investment Board created in § 2.2-2457.

"Communications services" includes telecommunications services, automated data processing services, and management information systems that serve the needs of state agencies and institutions.

"Confidential data" means information made confidential by federal or state law that is maintained by a state agency in an electronic format.

"Information technology" means telecommunications, automated data processing, databases, the Internet, management information systems, and related information, equipment, goods, and services. It is in the interest of the Commonwealth that its public institutions of higher education in Virginia be in the forefront of developments in technology. Therefore, the The provisions of this chapter shall not be construed to hamper the pursuit of the missions of the institutions in instruction and research.

"ITAC" means the Information Technology Advisory Council created in § 2.2-2699.5.

"Major information technology project" means any state agency information technology project that (i) is mission-critical, (ii) has statewide application, or (iii) has a total estimated cost of more than $1 million is mission-critical for the requesting agency; (ii) is for the use of, or could affect, a majority of state agencies; or (iii) has a total estimated cost of $1 million or more.

"Noncommercial telecommunications entity" means any public broadcasting station as defined in § 2.2-2427.

"Public telecommunications entity" means any public broadcasting station as defined in § 2.2-2427.

"Public telecommunications facilities" means all apparatus, equipment and material necessary for or associated in any way with public broadcasting stations or public broadcasting services as those terms are defined in § 2.2-2427, including the buildings and structures necessary to house such apparatus, equipment and material, and the necessary land for the purpose of providing public broadcasting services, but not telecommunications services.

"Public telecommunications services" means public broadcasting services as defined in § 2.2-2427.

"Secretary" means the Secretary of Technology.

"State agency" or "agency" means any agency, institution, board, bureau, commission, council, or instrumentality of state government in the executive branch listed in the appropriation act. However, the terms "state agency," "agency," "institution," "public body," and "public institution of higher education," shall not include the University of Virginia Medical Center.

"Technology asset" means hardware and communications equipment not classified as traditional mainframe-based items, including personal computers, mobile computers, and other devices capable of storing and manipulating electronic data.

"Telecommunications" means any origination, transmission, emission, or reception of signs, signals, writings, images, and sounds or intelligence of any nature, by wire, radio, television, optical, or other electromagnetic systems.

"Telecommunications facilities" means apparatus necessary or useful in the production, distribution, or interconnection of electronic communications for state agencies or institutions including the buildings and structures necessary to house such apparatus and the necessary land.

§ 2.2-2007. Powers of the CIO.

A. In addition to such other duties as the Board Secretary may assign, the CIO shall:

1. Monitor trends and advances in information technology; develop a comprehensive, statewide, four-year strategic plan for information technology to include specific projects that implement the plan; and plan for the acquisition, management, and use of information technology by state agencies. The statewide plan shall be updated annually and submitted to the Board for approval. Report biennially to the Secretary of Technology on the needs of VITA's customer agencies with regard to (i) consistent, reliable, and secure information technology applications and infrastructure services; (ii) existing capabilities for building and supporting those services; (iii) existing and anticipated opportunities for enterprise or multi-agency application or infrastructure solutions, and projected future needs for those services; (iv) the progress of any ongoing enterprise application projects, any factors or risks that might affect their successful completion, and any changes to their projected implementation costs and schedules; and (v) recommended approaches to ensure the future development, maintenance, and financing of information technology infrastructure and application services to ensure the provision of capabilities befitting the needs of state agencies and the service level requirements of citizens.

2. Direct the formulation and promulgation of policies, guidelines, standards, and specifications for the purchase, development, and maintenance of information technology for state agencies, including, but not limited to, those (i) required to support state and local government exchange, acquisition, storage, use, sharing, and distribution of geographic or base map data and related technologies, (ii) concerned with the development of electronic transactions including the use of electronic signatures as provided in § 59.1-496, and (iii) necessary to support a unified approach to information technology across the totality of state government, thereby assuring that the citizens and businesses of the Commonwealth receive the greatest possible security, value, and convenience from investments made in technology. Prior to modifying existing regulations, standards, policies, or guidelines or promulgating new regulations, standards, policies, or guidelines, the CIO shall submit to the Secretary of Technology formal documentation that includes a description of, and need for, the modification or promulgation of a new regulation, standard, or policy, and an analysis of its potential fiscal impact on customer agencies.

3. Direct the development of policies and procedures, in consultation with the Department of Planning and Budget, that are integrated into the Commonwealth's strategic planning and performance budgeting processes, and that state agencies and public institutions of higher education shall follow in developing information technology plans and technology-related budget requests. Such policies and procedures shall require consideration of the contribution of current and proposed technology expenditures to the support of agency and institution priority functional activities, as well as current and future operating expenses, and shall be utilized by all state agencies and public institutions of higher education in preparing budget requests.

4. Review budget requests for information technology from state agencies and public institutions of higher education and recommend budget priorities to the Information Technology Investment Board Secretary of Technology.

Review of such budget requests shall include, but not be limited to, all data processing or other related projects for amounts exceeding $100,000 in which the agency or institution has entered into or plans to enter into a contract, agreement or other financing agreement or such other arrangement that requires that the Commonwealth either pay for the contract by foregoing revenue collections, or allows or assigns to another party the collection on behalf of or for the Commonwealth any fees, charges, or other assessments or revenues to pay for the project. For each project, the agency or institution, with the exception of public institutions of higher education that meet the conditions prescribed in subsection B of § 23-38.88, shall provide the CIO (i) a summary of the terms, (ii) the anticipated duration, and (iii) the cost or charges to any user, whether a state agency or institution or other party not directly a party to the project arrangements. The description shall also include any terms or conditions that bind the Commonwealth or restrict the Commonwealth's operations and the methods of procurement employed to reach such terms.

5. Direct the development of policies and procedures for the effective management of information technology investments throughout their entire life cycles, including, but not limited to, project definition, procurement, development, implementation, operation, performance evaluation, and enhancement or retirement. Such policies and procedures shall include, at a minimum, the periodic review by the CIO of agency and public institution of higher education major information technology projects estimated to cost $1 million or more or deemed to be mission-critical or of statewide application by the CIO. The CIO shall provide technical guidance to the Department of General Services in the development of policies and procedures for the recycling and disposal of computers and other technology assets. Such policies and procedures shall include the expunging, in a manner as determined by the CIO, of all state confidential data and personal identifying information of citizens of the Commonwealth prior to such sale, disposal, or other transfer of computers or other technology assets.

6. Oversee and administer the Virginia Technology Infrastructure Fund created pursuant to § 2.2-2023.

7. Periodically evaluate the feasibility of outsourcing information technology resources and services, and outsource those resources and services that are feasible and beneficial to the Commonwealth.

8. Have Subject to review and approval by the Secretary of Technology, have the authority to enter into contracts, and with the approval of the Board for any contracts over $1 million, with one or more other public bodies, or public agencies or institutions or localities of the several states, of the United States or its territories, or the District of Columbia for the provision of information technology services.

9. Report annually to the Governor, Secretary of Technology, and the Joint Commission on Technology and Science created pursuant to § 30-85 on (i) the use and application of information technology by state agencies and public institutions of higher education to increase economic efficiency, citizen convenience, and public access to state government. The CIO shall prepare an annual report for submission to the Secretary of Technology, the Information Technology Advisory Council, and the Joint Commission on Technology and Science on a prioritized list of Recommended Technology Investment Projects based upon projects submitted for approval pursuant to this chapter. As part of this plan, the CIO shall develop and regularly update a methodology for prioritizing projects based upon the allocation of points to defined criteria. The criteria and their definitions shall be presented in the plan. For each project listed in the plan, the CIO shall indicate the number of points and how they were awarded. For each listed project, the CIO also shall indicate the projected cost of the project, all projected costs of ongoing operations and maintenance activities, the projected useful life of the applications and infrastructure involved in the project, and the extent to which the project will incorporate existing standards for the maintenance, exchange, and security of data.

10. Direct the development of policies and procedures that require VITA to review information technology projects proposed by state agencies and institutions exceeding $100,000, and recommend whether such projects be approved or disapproved. The CIO shall disapprove such projects between $100,000 and $1 million that do not conform to the statewide information plan or to the individual plans of state agencies or institutions of higher education. The CIO shall disapprove projects between $250,000 and $1 million that do not conform to the biennial state information technology strategic plan, created pursuant to § 2.2-225, or to the individual plans of state agencies or institutions of higher education. On a biennial basis, the CIO, in consultation with the Department of Planning and Budget, shall review the foregoing range and the definition of a “Major information technology project" in § 2.2-2006, and recommend to the Secretary of Technology any proposed statutory adjustments deemed necessary to account for inflation or other policy considerations.

11. Oversee the Commonwealth's efforts to modernize the planning, development, implementation, improvement, and retirement of Commonwealth applications, including the coordination and development of enterprise-wide or multi-agency applications.

12. Develop and recommend to the Secretary of Technology statewide technical and data standards for information technology and related systems, including the utilization of nationally recognized technical and data standards for health information technology systems or software purchased by a state agency of the Commonwealth.

13. Prepare a biennial report for submission to the Secretary of Technology and the Joint Commission on Technology and Science on (i) the current status of the promulgation and adoption of regulations, standards, policies, and guidelines required pursuant to this chapter, plus any needed actions required to ensure their successful use by state agencies and institutions of higher education; (ii) the current condition of information technology in state agencies and institutions of higher education, factors impacting information technology, goals and objectives for information technology, and actions and investments needed to achieve goals and objectives; (iii) the status of recently completed or ongoing information technology projects undertaken by state agencies in terms of trends in their performance and plans to address areas of concern; (iv) trends in current and projected information technology spending by state agencies and at the enterprise level, including spending on projects, operations and maintenance, and payments to VITA; (v) results of security audits, including those state agencies, independent agencies and institutions of higher education that have not implemented acceptable regulations, standards, policies, and guidelines to control unauthorized uses, intrusions, or other security threats; and (vi) the extent to which security standards and guidelines have been adopted by state agencies.

B. Consistent with § 2.2-2012, the CIO may enter into public-private partnership contracts to finance or implement information technology programs and projects. The CIO may issue a request for information to seek out potential private partners interested in providing programs or projects pursuant to an agreement under this subsection. The compensation for such services shall be computed with reference to and paid from the increased revenue or cost savings attributable to the successful implementation of the program or project for the period specified in the contract. The CIO shall be responsible for reviewing and approving the programs and projects and the terms of contracts for same under this subsection. The CIO shall determine annually the total amount of increased revenue or cost savings attributable to the successful implementation of a program or project under this subsection and such amount shall be deposited in the Virginia Technology Infrastructure Fund created in § 2.2-2023. The CIO is authorized to use moneys deposited in the Fund to pay private partners pursuant to the terms of contracts under this subsection. All moneys in excess of that required to be paid to private partners, as determined by the CIO, shall be reported to the Comptroller and retained in the Fund. The CIO shall prepare an annual report to the Governor, Secretary of Technology, and General Assembly on all contracts under this subsection, describing each information technology program or project, its progress, revenue impact, and such other information as may be relevant.

C. The CIO shall strive to follow acceptable technology investment methods, such as Information Technology Investment Management (ITIM) principles developed by the United States General Accounting Office, to ensure that all technology expenditures are an integral part of the Commonwealth's performance management system and are aligned with (i) agency strategic business objectives, (ii) the Governor's policy objectives, and (iii) the long-term objectives of the Council on Virginia's Future.

D. Subject to review and approval by the Secretary of Technology, the CIO shall have the authority to enter into and amend contracts for the provision of information technology services.

§ 2.2-2008. Additional duties of the CIO relating to project management.

The CIO shall have the following duties relating to the management of information technology projects:

1. Develop an approval process for proposed major information technology projects by state agencies to ensure that all such projects conform to the statewide information management plan and the information management plans of agencies and public institutions of higher education.

2. Establish a methodology for conceiving, planning, scheduling and providing appropriate oversight for information technology projects including a process for approving the planning, development and procurement of information technology projects. Such methodology shall include guidelines for the establishment of appropriate oversight for information technology projects.

3. Establish minimum qualifications and training standards for project managers.

4. Review and approve Provide the Secretary of Technology with a recommendation and rank of all procurement solicitations involving major information technology projects.

5. Direct the development of any statewide or multiagency enterprise project.

6. Develop and update a project management methodology to be used by agencies in the development of information technology.

7. Establish an information clearinghouse that identifies best practices and new developments and contains detailed information regarding the Commonwealth's previous experiences with the development of major information technology projects.

8. Determine, prior to proceeding with the development of a major information technology project pursuant to § 2.2-2019 or the procurement of any major information technology project pursuant to § 2.2-2020, that the funding for such project has been included in the budget bill in accordance with § 2.2-1509.3. Notwithstanding the The provisions of this subdivision, shall not apply upon a determination by the Governor that an emergency exists and a major information technology project is necessary to address the emergency, the CIO shall refer such project directly to the Information Technology Investment Board.

§ 2.2-2009. Additional duties of the CIO relating to security of government information.

A. To provide for the security of state government electronic information from unauthorized uses, intrusions or other security threats, the CIO shall direct the development of policies, procedures and standards for assessing security risks, determining the appropriate security measures and performing security audits of government electronic information. Such policies, procedures, and standards will apply to the Commonwealth's executive, legislative, and judicial branches, and independent agencies and institutions of higher education. The CIO shall work with representatives of the Chief Justice of the Supreme Court and Joint Rules Committee of the General Assembly to identify their needs.

B. The CIO shall also develop policies, procedures, and standards that shall address the scope of security audits and the frequency of such security audits. In developing and updating such policies, procedures, and standards, the CIO shall designate a government entity to oversee, plan and coordinate the conduct of periodic security audits of all executive branch and independent agencies and institutions of higher education. The CIO will coordinate these audits with the Auditor of Public Accounts and the Joint Legislative Audit and Review Commission. The Chief Justice of the Supreme Court and the Joint Rules Committee of the General Assembly shall determine the most appropriate methods to review the protection of electronic information within their branches.

C. The CIO shall annually report to the Governor, Secretary of Technology, and General Assembly by December 2008 and annually thereafter, those executive branch and independent agencies and institutions of higher education that have not implemented acceptable policies, procedures, and standards to control unauthorized uses, intrusions, or other security threats. For any executive branch and or independent agency or institution of higher education whose security audit results and plans for corrective action are unacceptable, the CIO shall report such results to the (i) Information Technology Investment Board the Secretary of Technology, (ii) any other affected cabinet secretary, (iii) the Governor, and (iv) the Auditor of Public Accounts. Upon review of the security audit results in question, the Information Technology Investment Board CIO may take action to suspend the public bodies body's information technology projects pursuant to subdivision 3 of § 2.2-2458 § 2.2-2015, limit additional information technology investments pending acceptable corrective actions, and recommend to the Governor and Secretary of Technology any other appropriate actions.

D. All public bodies subject to such audits as required by this section shall fully cooperate with the entity designated to perform such audits and bear any associated costs. Public bodies that are not required to but elect to use the entity designated to perform such audits shall also bear any associated costs.

E. The provisions of this section shall not infringe upon responsibilities assigned to the Comptroller, the Auditor of Public Accounts, or the Joint Legislative Audit and Review Commission by other provisions of the Code of Virginia.

F. To ensure the security and privacy of citizens of the Commonwealth in their interactions with state government, the CIO shall direct the development of policies, procedures, and standards for the protection of confidential data maintained by state agencies against unauthorized access and use. Such policies, procedures, and standards shall include, but not be limited to:

1. Requirements that any state employee or other authorized user of a state technology asset provide passwords or other means of authentication to (i) use a technology asset and (ii) access a state-owned or operated computer network or database; and

2. Requirements that a digital rights management system or other means of authenticating and controlling an individual's ability to access electronic records be utilized to limit access to and use of electronic records that contain confidential data to authorized individuals.

G. The CIO shall promptly receive reports from directors of departments in the executive branch of state government made in accordance with § 2.2-603 and shall take such actions as are necessary, convenient or desirable to ensure the security of the Commonwealth's electronic information and confidential data.

H. The CIO is responsible for ensuring the security of information technology infrastructure and applications that are directly owned or managed by VITA or its contractual partners, including but not limited to the security of computers, networks, and messaging systems. All agencies in the Commonwealth shall cooperate with the CIO and VITA in ensuring the security of IT infrastructure including but not limited to assisting the CIO and VITA in (i) controlling access to information technology infrastructure located at agency facilities; (ii) controlling access to information technology infrastructure used by agency personnel; and (iii) ensuring agency personnel comply with regulations, standards, policies, and guidelines for proper use of information technology infrastructure.

§ 2.2-2012. Procurement of information technology and telecommunications goods and services; computer equipment to be based on performance-based specifications.

A. Information technology and telecommunications goods and services of every description shall be procured by (i) VITA for its own benefit or on behalf of other state agencies and institutions or (ii) such other agencies or institutions to the extent authorized by VITA. Such procurements shall be made in accordance with the Virginia Public Procurement Act (§ 2.2-4300 et seq.), regulations that implement the electronic and information technology accessibility standards of the Rehabilitation Act of 1973 (29 U.S.C. § 794d), as amended, and any regulations as may be prescribed by VITA. In no case shall such procurements exceed the requirements of the regulations that implement the electronic and information technology accessibility standards of the Rehabilitation Act of 1973, as amended.

The CIO shall disapprove any procurement that does not conform to the statewide information technology plan or to the individual plans of state agencies or public institutions of higher education.

B. All statewide contracts and agreements made and entered into by VITA for the purchase of communications services, telecommunications facilities, and information technology goods and services shall provide for the inclusion of counties, cities, and towns in such contracts and agreements. Notwithstanding the provisions of § 2.2-4301, VITA may enter into multiple vendor contracts for the referenced services, facilities, and goods and services.

B1C. The Department may establish contracts for the purchase of personal computers and related devices by licensed teachers employed in a full-time teaching capacity in Virginia public schools or in state educational facilities for use outside the classroom. The computers and related devices shall not be purchased with public funds, but shall be paid for and owned by teachers individually provided that no more than one such computer and related device per year shall be so purchased.

CD. If VITA, or any agency or institution authorized by VITA, elects to procure personal computers and related peripheral equipment pursuant to any type of blanket purchasing arrangement under which public bodies, as defined in § 2.2-4301, may purchase such goods from any vendor following competitive procurement but without the conduct of an individual procurement by or for the using agency or institution, it shall establish performance-based specifications for the selection of equipment. Establishment of such contracts shall emphasize performance criteria including price, quality, and delivery without regard to "brand name." All vendors meeting the Commonwealth's performance requirements shall be afforded the opportunity to compete for such contracts.

DE. This section shall not be construed or applied so as to infringe upon, in any manner, the responsibilities for accounting systems assigned to the Comptroller under § 2.2-803.

EF. The CIO of VITA shall, on or before October 1, 2009, and every two years thereafter, solicit from each state agency and public institution of higher education a list of procurements that were competed with the private sector that appear on the Commonwealth Competition Council's commercial activities list and were, until that time, being performed by each state agency and public institution of higher education during the previous two years, and the outcome of that competition. The CIO shall make the lists available to the public on VITA's website.

 

§ 2.2-2013. Internal service funds; Automated Services Internal Service Fund; Computer Services Internal Service Fund; Telecommunication Services Internal Service Fund.

A. There are established the following internal service funds to be administered by VITA:

1. The Automated Services Internal Service Fund to be used to finance automated systems design, development and testing services and staff of VITA;

2. The Computer Services Internal Service Fund to be used to finance computer operations and staff of VITA; and

3. The Telecommunication Services Internal Service Fund to be used to finance telecommunications operations and staff of VITA.

B. There is established the Acquisition Services Special Fund to be administered by VITA and used to finance procurement and contracting activities and programs unallowable for federal fund reimbursement.

C. All users of services provided for in this chapter administered by VITA shall be assessed a surcharge, which shall be deposited in the appropriate fund. This charge shall be an amount sufficient to allow VITA to finance the operations and staff of the services offered.

D. Additional moneys necessary to establish these funds or provide for the administration of the activities of VITA may be advanced from the general account of the state treasury.

E. The CIO shall direct that the following activities be conducted with respect to VITA's internal service funds:

1. VITA shall establish fee schedules for the collection of fees from users when general fund appropriations are not available for the services rendered.

2. VITA shall develop and implement information, billing, and collections systems that will aid state agencies in analyze and effectively modify their use of VITA's services and allow forecast service demands and balances in its internal service funds.

3. By September 1 of each year VITA shall submit biennial projections of future revenues and expenditures for each internal service fund and estimates of any anticipated changes to fee schedules to the Joint Legislative Audit and Review Commission and the Department of Planning and Budget.

4. In the event that changes to fee schedules or rates are required, the CIO shall submit documentation to the Joint Legislative Audit and Review Commission and the Department of Planning and Budget no later than September 1 prior to the fiscal year in which the new or revised rates are to take effect so that the impact of the rate changes can be considered for inclusion in the executive budget submitted to the General Assembly pursuant to § 2.2-1508. In emergency circumstances, deviations from this approach shall be approved in advance by the Joint Legislative Audit and Review Commission.

§ 2.2-2015. Authority of CIO to modify or suspend major information technology projects; project termination.

The CIO may direct the modification or suspension of any major information technology project that, as the result of a periodic review authorized by subdivision A 5 of § 2.2-2007, has not met the performance measures agreed to by the CIO and the sponsoring agency or public institution of higher education or if he otherwise deems such action appropriate and consistent with the terms of any affected contracts. The CIO may recommend to the Board Secretary of Technology the termination of such project. Nothing in this section shall be construed to supersede the responsibility of a board of visitors for the management and operation of a public institution of higher education.

The provisions of this section shall not apply to research projects, research initiatives or instructional programs at public institutions of higher education. However, technology investments in research projects, research initiatives or instructional programs at such institutions estimated to cost $1 million or more of general fund appropriations may be reviewed as provided in subdivision A 5 of § 2.2-2007 if the projects are deemed mission-critical by the institution or of statewide application by the CIO. The CIO and the Secretary of Education, in consultation with public institutions of higher education, shall develop and provide to such institution criteria to be used in determining whether projects are mission-critical.

§ 2.2-2019. Project development approval.

A. Upon approval of the CIO of the project plan, an agency shall submit to the Division a project development proposal containing (i) a detailed business case including a cost-benefit analysis; (ii) a business process analysis, if applicable; (iii) system requirements, if known; (iv) a proposed development plan and project management structure; and (v) a proposed resource or funding plan. The project management specialist may require the submission of additional information necessary to meet the criteria developed by the Division.

B. The project management specialist assigned to review the project development proposal shall recommend its approval or rejection to the CIO. If the CIO determines that the proposal be approved, he shall recommend such approval to the Board.

§ 2.2-2020. Procurement approval for major information technology projects.

Upon approval of the Board CIO of the project development proposal involving a major information technology project that requires the procurement of goods or services, the agency shall submit a copy of any Invitation for Bid (IFB) or Request for Proposal (RFP) to the Division. The project management specialist shall review the IFB or RFP and recommend its approval or rejection to the CIO Secretary of Technology. The CIO Secretary, pursuant to § 2.2-225, shall have the final authority to approve the IFB or RFP prior to its release and shall approve the proposed contract for the award of the project.

§ 2.2-2021. Project oversight.

A. Whenever an agency has received approval from the Board Secretary of Technology to proceed with the development and acquisition of a major information technology project, an internal agency oversight committee shall be established by the CIO. The internal agency oversight committee shall provide ongoing oversight for the project and have the authority to approve or reject any changes in the project's scope, schedule, or budget. The CIO shall ensure that the project has in place adequate project management and oversight structures for addressing major issues that could affect the project's scope, schedule or budget and shall address issues that cannot be resolved by the internal agency oversight committee.

B. Whenever a statewide or multiagency project has received approval from the Board Secretary of Technology, the primary project oversight shall be conducted by a committee composed of representatives from agencies impacted by the project, which shall be established by the CIO.

§ 2.2-2023. Virginia Technology Infrastructure Fund created; contributions.

A. The Virginia Technology Infrastructure Fund (the Fund) is created in the state treasury. The Fund is to be used to fund major information technology projects or to pay private partners as authorized in subsection B of § 2.2-2007.

B. The Fund shall consist of: (i) the transfer of general and nongeneral fund appropriations from state agencies which represent savings that accrue from reductions in the cost of information technology and communication services, (ii) the transfer of general and nongeneral fund appropriations from state agencies which represent savings from the implementation of information technology enterprise projects, (iii) funds identified pursuant to subsection B of § 2.2-2007, (iv) such general and nongeneral fund fees or surcharges as may be assessed to agencies for enterprise technology projects, (v) gifts, grants, or donations from public or private sources, and (vi) such other funds as may be appropriated by the General Assembly. Savings shall be as identified by the CIO through a methodology approved by the Board ITAC and the Secretary of Finance. The Auditor of Public Accounts shall certify the amount of any savings identified by the CIO. For public institutions of higher education, however, savings shall consist only of that portion of total savings that represent general funds. The State Comptroller is authorized to transfer cash consistent with appropriation transfers. Appropriated funds from federal sources are exempted from transfer. Except for funds to pay private partners as authorized in subsection B of § 2.2-2007, moneys in the Fund shall only be expended as provided by the appropriation act.

Interest earned on the Fund shall be credited to the Fund. The Fund shall be permanent and nonreverting. Any unexpended balance in the Fund at the end of the biennium shall not be transferred to the general fund of the state treasury.

Article 35.
Information Technology Advisory Council.

§ 2.2-2699.5. Information Technology Advisory Council; membership; terms; quorum; compensation; staff.

A. The Information Technology Advisory Council (ITAC) is established as an advisory council, within the meaning of § 2.2-2100, in the executive branch of state government. The ITAC shall be responsible for advising the CIO and the Secretary of Technology on the planning, budgeting, acquiring, using, disposing, managing, and administering of information technology in the Commonwealth.

B. The ITAC shall consist of not more than 14 members as follows: (i) one representative from an agency under each of the Governor's Secretaries, as set out in Chapter 2 (§ 2.2-200 et seq.), to be appointed by the Governor and serve with voting privileges; (ii) the Secretary of Technology and the CIO who shall serve ex officio with voting privileges; and (iii) at the Governor's discretion, not more than two nonlegislative citizen members to be appointed by the Governor and serve with voting privileges.

Nonlegislative citizen members shall be appointed for terms of four years. Appointments to fill vacancies, other than by expiration of a term, shall be for the unexpired terms. All members may be reappointed. However, no nonlegislative citizen member shall serve more than two consecutive four-year terms. The remainder of any term to which a member is appointed to fill a vacancy shall not constitute a term in determining the member's eligibility for reappointment. Vacancies shall be filled in the same manner as the original appointments.

C. The Secretary of Technology shall serve as chairman of the ITAC. The CIO shall serve as vice-chairman. A majority of the members shall constitute a quorum. The ITAC shall meet at least quarterly each year. The meetings of the ITAC shall be held at the call of the chairman or whenever the majority of the members so request.

D. Nonlegislative citizen members shall receive compensation and shall be reimbursed for all reasonable and necessary expenses incurred in the performance of their duties, as provided in §§ 2.2-2813 and 2.2-2825. Funding for the costs of compensation and expenses of the members shall be provided by the Virginia Information Technologies Agency.

E. The disclosure requirements of subsection B of § 2.2-3114 of the State and Local Government Conflict of Interests Act shall apply to citizen members of the ITAC.

F. The Virginia Information Technologies Agency shall serve as staff to the ITAC.

§ 2.2-2699.6. Powers and duties of the ITAC.

The ITAC shall have the power and duty to:

1. Adopt rules and procedures for the conduct of its business;

2. Advise the CIO on the development of all major information technology projects as defined in § 2.2-2006;

3. Advise the CIO on strategies, standards, and priorities recommended by the Chief Information Officer for the use of information technology for state agencies in the executive branch of state government;

4. Advise the CIO on developing the four-year plan for information technology projects;

5. Advise the CIO on statewide technical and data standards for information technology and related systems, including the utilization of nationally recognized technical and data standards for health information technology systems or software purchased by a state agency of the Commonwealth;

6. Advise the CIO on statewide information technology architecture and related system standards; and

7. Advise the CIO on the prioritization, development, and implementation of enterprise-wide technology applications; annually review all agency technology applications budgets; and advise the CIO on infrastructure expenditures. For purposes of this section, technology applications include, but are not limited to, hardware, software, maintenance, facilities, contractor services, goods, and services that promote business functionality and facilitate the storage, flow, use or processing of information by agencies of the Commonwealth in the execution of their business activities.

§ 2.2-2699.7. Health Information Technology Standards Advisory Committee.

The ITAC may appoint an advisory committee of persons with expertise in health care and information technology to advise the ITAC on the utilization of nationally recognized technical and data standards for health information technology systems or software pursuant to subdivision 5 of § 2.2-2699.6. The ITAC, in consultation with the Secretary of Health and Human Resources, may appoint up to five persons to serve on the advisory committee. Members appointed to the advisory committee shall serve without compensation, but shall be reimbursed for all reasonable and necessary expenses incurred in the performance of their duties as provided in § 2.2-2825. The CIO, the Secretary of Technology, and the Secretary of Health and Human Resources, or their designees, may also serve on the advisory committee.

§ 23-38.111. Information technology.

Subject to the terms of the management agreement, covered institutions may be exempt from the provisions governing the Virginia Information Technologies Agency, Chapter 20.1 (§ 2.2-2005 et seq.) of Title 2.2., and the provisions governing the Information Technologies Investment Board Advisory Council, Article 20 35 (§ 2.2-2699.5 et seq.) of Chapter 24 (§ 2.2-2457 et seq.) 26 of Title 2.2; provided, however, that the governing body of a covered institution shall adopt, and the covered institution shall comply with, policies for the procurement of information technology goods and services, including professional services, that are consistent with the requirements of § 23-38.110 and that include provisions addressing cooperative arrangements for such procurement as described in § 23-38.110, and shall adopt and comply with institutional policies and professional best practices regarding strategic planning for information technology, project management, security, budgeting, infrastructure, and ongoing operations.

§ 23-77.4. Medical center management.

A. The General Assembly recognizes and finds that the economic viability of the University of Virginia Medical Center, hereafter referred to as the Medical Center, together with the requirement for its specialized management and operation, and the need of the Medical Center to participate in cooperative arrangements reflective of changes in health care delivery, as set forth in § 23-77.3, are dependent upon the ability of the management of the Medical Center to make and implement promptly decisions necessary to conduct the affairs of the Medical Center in an efficient, competitive manner. The General Assembly also recognizes and finds that it is critical to, and in the best interests of, the Commonwealth that the University continue to fulfill its mission of providing quality medical and health sciences education and related research and, through the presence of its Medical Center, continue to provide for the care, treatment, health-related services, and education activities associated with Virginia patients, including indigent and medically indigent patients. Because the General Assembly finds that the ability of the University to fulfill this mission is highly dependent upon revenues derived from providing health care through its Medical Center, and because the General Assembly also finds that the ability of the Medical Center to continue to be a reliable source of such revenues is heavily dependent upon its ability to compete with other providers of health care that are not subject to the requirements of law applicable to agencies of the Commonwealth, the University is hereby authorized to implement the following modifications to the management and operation of the affairs of the Medical Center in order to enhance its economic viability:

B. Capital projects; leases of property; procurement of goods, services and construction.

1. Capital projects.

a. For any Medical Center capital project entirely funded by a nongeneral fund appropriation made by the General Assembly, all post-appropriation review, approval, administrative, and policy and procedure functions performed by the Department of General Services, the Division of Engineering and Buildings, the Department of Planning and Budget and any other agency that supports the functions performed by these departments are hereby delegated to the University, subject to the following stipulations and conditions: (i) the Board of Visitors shall develop and implement an appropriate system of policies, procedures, reviews and approvals for Medical Center capital projects to which this subdivision applies; (ii) the system so adopted shall provide for the review and approval of any Medical Center capital project to which this subdivision applies in order to ensure that, except as provided in clause (iii), the cost of any such capital project does not exceed the sum appropriated therefor and that the project otherwise complies with all requirements of the Code of Virginia regarding capital projects, excluding only the post-appropriation review, approval, administrative, and policy and procedure functions performed by the Department of General Services, the Division of Engineering and Buildings, the Department of Planning and Budget and any other agency that supports the functions performed by these departments; (iii) the Board of Visitors may, during any fiscal year, approve a transfer of up to a total of 15 percent of the total nongeneral fund appropriation for the Medical Center in order to supplement funds appropriated for a capital project or capital projects of the Medical Center, provided that the Board of Visitors finds that the transfer is necessary to effectuate the original intention of the General Assembly in making the appropriation for the capital project or projects in question; (iv) the University shall report to the Department of General Services on the status of any such capital project prior to commencement of construction of, and at the time of acceptance of, any such capital project; and (v) the University shall ensure that Building Officials and Code Administrators (BOCA) Code and fire safety inspections of any such project are conducted and that such projects are inspected by the State Fire Marshal or his designee prior to certification for building occupancy by the University's assistant state building official to whom such inspection responsibility has been delegated pursuant to § 36-98.1. Nothing in this section shall be deemed to relieve the University of any reporting requirement pursuant to § 2.2-1513. Notwithstanding the foregoing, the terms and structure of any financing of any capital project to which this subdivision applies shall be approved pursuant to § 2.2-2416.

b. No capital project to which this subdivision applies shall be materially increased in size or materially changed in scope beyond the plans and justifications that were the basis for the project's appropriation unless: (i) the Governor determines that such increase in size or change in scope is necessary due to an emergency or (ii) the General Assembly approves the increase or change in a subsequent appropriation for the project. After construction of any such capital project has commenced, no such increase or change may be made during construction unless the conditions in (i) or (ii) have been satisfied.

2. Leases of property.

a. The University shall be exempt from the provisions of § 2.2-1149 and from any rules, regulations and guidelines of the Division of Engineering and Buildings in relation to leases of real property that it enters into on behalf of the Medical Center and, pursuant to policies and procedures adopted by the Board of Visitors, may enter into such leases subject to the following conditions: (i) the lease must be an operating lease and not a capital lease as defined in guidelines established by the Secretary of Finance and Generally Accepted Accounting Principles (GAAP); (ii) the University's decision to enter into such a lease shall be based upon cost, demonstrated need, and compliance with guidelines adopted by the Board of Visitors which direct that competition be sought to the maximum practical degree, that all costs of occupancy be considered, and that the use of the space to be leased actually is necessary and is efficiently planned; (iii) the form of the lease is approved by the Special Assistant Attorney General representing the University; (iv) the lease otherwise meets all requirements of law; (v) the leased property is certified for occupancy by the building official of the political subdivision in which the leased property is located; and (vi) upon entering such leases and upon any subsequent amendment of such leases, the University shall provide copies of all lease documents and any attachments thereto to the Department of General Services.

b. Notwithstanding the provisions of §§ 2.2-1155 and 23-4.1, but subject to policies and procedures adopted by the Board of Visitors, the University may lease, for a purpose consistent with the mission of the Medical Center and for a term not to exceed 50 years, property in the possession or control of the Medical Center.

c. Notwithstanding the foregoing, the terms and structure of any financing arrangements secured by capital leases or other similar lease financing agreements shall be approved pursuant to § 2.2-2416.

3. Procurement of goods, services and construction.

Contracts awarded by the University in compliance with this section, on behalf of the Medical Center, for the procurement of goods; services, including professional services; construction; and information technology and telecommunications, shall be exempt from (i) the Virginia Public Procurement Act (§ 2.2-4300 et seq.), except as provided below; (ii) the requirements of the Division of Purchases and Supply of the Department of General Services as set forth in Article 3 (§ 2.2-1109 et seq.) of Chapter 11 of Title 2.2; (iii) the requirements of the Division of Engineering and Buildings as set forth in Article 4 (§ 2.2-1129 et seq.) of Chapter 11 of Title 2.2; and (iv) the authority of the Chief Information Officer and the Virginia Information Technologies Agency as set forth in Chapter 20.1 (§ 2.2-2005 et seq.) of Title 2.2 and the Information Technology Investment Board created pursuant to § 2.2-2457 regarding the review and approval of contracts for (a) the construction of Medical Center capital projects and (b) information technology and telecommunications projects; however, the provisions of this subdivision may not be implemented by the University until such time as the Board of Visitors has adopted guidelines generally applicable to the procurement of goods, services, construction and information technology and telecommunications projects by the Medical Center or by the University on behalf of the Medical Center. Such guidelines shall be based upon competitive principles and shall in each instance seek competition to the maximum practical degree. The guidelines shall implement a system of competitive negotiation for professional services; shall prohibit discrimination because of race, religion, color, sex, or national origin of the bidder or offeror in the solicitation or award of contracts; may take into account in all cases the dollar amount of the intended procurement, the term of the anticipated contract, and the likely extent of competition; may implement a prequalification procedure for contractors or products; may include provisions for cooperative procurement arrangements with private health or educational institutions, or with public agencies or institutions of the several states, territories of the United States or the District of Columbia; shall incorporate the prompt payment principles of §§ 2.2-4350 and 2.2-4354; and may implement provisions of law. The following sections of the Virginia Public Procurement Act shall continue to apply to procurements by the Medical Center or by the University on behalf of the Medical Center: §§ 2.2-4311, 2.2-4315, and 2.2-4342 (which section shall not be construed to require compliance with the prequalification application procedures of subsection B of § 2.2-4317), 2.2-4330, 2.2-4333 through 2.2-4341, and 2.2-4367 through 2.2-4377.

C. Subject to such conditions as may be prescribed in the budget bill under § 2.2-1509 as enacted into law by the General Assembly, the State Comptroller shall credit, on a monthly basis, to the nongeneral fund operating cash balances of the University of Virginia Medical Center the imputed interest earned by the investment of such nongeneral fund operating cash balances, including but not limited to those balances derived from patient care revenues, on deposit with the State Treasurer.

2. That Article 7 (§§ 2.2-2033 and 2.2-2034) of Chapter 20.1 and Article 20 (§§ 2.2-2457, 2.2-2458, and 2.2-2458.1) of Chapter 24 of Title 2.2 of the Code of Virginia are repealed.

3. That the third enactment of Chapter 758 of the Acts of Assembly of 2009 is amended and reenacted as follows:

3. That the Department of General Services, the Virginia Information Technologies Agency, and the State Comptroller shall submit to the Information Technology Investment Board the standards required pursuant to § 2.2-1115.1 of this act by December 1, 2009. The Department of General Services and the Virginia Information Technologies Agency shall undertake to use these standards in the Commonwealth's enterprise electronic procurement system upon approval by the Information Technology Investment Board Secretary of Technology and make the standards available for use by all agencies and institutions by July 1, 2010. After July 1, 2010, the Department of General Services shall provide purchasing data from the Commonwealth's enterprise electronic procurement system, to the extent it is available, at least quarterly for inclusion in the Auditor of Public Accounts' searchable database established pursuant to § 30-133 of the Code of Virginia. All agencies and institutions that use the standards developed pursuant to this act that have not previously reported data to the Auditor of Public Accounts through the Commonwealth's enterprise electronic procurement system shall, to the extent practicable, provide such data to the Auditor of Public Accounts at least quarterly beginning after July 1, 2010.

4. That the third enactment of Chapter 812 of the Acts of Assembly of 2009 is amended and reenacted as follows:

3. That the Department of General Services, the Virginia Information Technologies Agency, and the State Comptroller shall submit to the Information Technology Investment Board the standards required pursuant to § 2.2-1115.1 of this act by December 1, 2009. The Department of General Services and the Virginia Information Technologies Agency shall undertake to use these standards in the Commonwealth's enterprise electronic procurement system upon approval by the Information Technology Investment Board Secretary of Technology and make the standards available for use by all agencies and institutions by July 1, 2010. After July 1, 2010, the Department of General Services shall provide purchasing data from the Commonwealth's enterprise electronic procurement system, to the extent it is available, at least quarterly for inclusion in the Auditor of Public Accounts' searchable database established pursuant to § 30-133 of the Code of Virginia. All agencies and institutions that use the standards developed pursuant to this act that have not previously reported data to the Auditor of Public Accounts through the Commonwealth's enterprise electronic procurement system shall, to the extent practicable, provide such data to the Auditor of Public Accounts at least quarterly beginning after July 1, 2010.

5. That on or before October 1, 2010 the CIO, in consultation with the Joint Legislative Audit and Review Commission and any other parties as directed by the Secretary of Technology, shall develop a new review, approval, and monitoring process for information technology projects to replace the process required by §§ 2.2-2008 and 2.2-2017 through 2021. The new process shall be operational by January 1, 2011, and shall be implemented and regularly updated by the Project Management Division. The process shall be designed to ensure that information technology projects conform to the statewide information management plan and the information management plans of agencies and public institutions of higher education. The process shall also be designed to ensure that projects are provided with appropriate levels of oversight once they are under execution. The level of review and oversight shall vary depending upon defined risk factors including, but not limited to, the cost of the project. In order to achieve the above goals, the process shall describe a methodology for agencies to follow in conceiving, planning, developing, scheduling and executing information technology projects, including procurements related to those projects.

6. That on or before October 1, 2010, the Chief Information Officer shall, in consultation with the Joint Legislative Audit and Review Commission and the Department of Planning and Budget, develop standard documentation and information to be used as part of any requests for changes to its fee schedules and rates.

7. That as of the effective date of this act, the Secretary of Technology shall be deemed the successor in interest to the Information Technology Investment Board. Without limiting the foregoing, all right, title, and interest in and to any real or tangible personal property or contract vested in the Information Technology Investment Board as of the effective date of this act shall be transferred to and taken as standing in the name of the Secretary of Technology.

8. That an emergency exists and this act is in force from its passage.

SENATE BILL NO. 236

Offered January 13, 2010
Prefiled January 13, 2010
A BILL to amend and reenact §§ 2.2-106, 2.2-225, 2.2-603, 2.2-1115.1, 2.2-1507, 2.2-1509.3, 2.2-2005, 2.2-2006, 2.2-2007, 2.2-2009, 2.2-2012, 2.2-2013, 2.2-2023, 2.2-2033, 2.2-2034, 2.2-2423, 2.2-4343, 23-38.88, 23-38.111, 23-77.4, 56-484.12, 56-484.13, 56-484.14, 56-484.15, 56-484.17, and 58.1-1840.1 of the Code of Virginia; to amend the Code of Virginia by adding in Chapter 20.1 of Title 2.2 an article numbered 8, consisting of sections numbered 2.2-2035 and 2.2-2036, by adding in Title 2.2 a chapter numbered 20.2, containing articles numbered 1 through 4, consisting of sections numbered 2.2-2037 through 2.2-2052, and by adding in Chapter 26 of Title 2.2 articles numbered 35 and 36, consisting of sections numbered 2.2-2699.5 through 2.2-2699.8; and to repeal §§ 2.2-2008, 2.2-2010, 2.2-2011, 2.2-2014, 2.2-2015, Article 2 (§§ 2.2-2016 through 2.2-2021), Article 4 (§§ 2.2-2025 through 2.2-2030), and Article 5 (§ 2.2-2031) of Chapter 20.1 of Title 2.2, and Article 20 (§§ 2.2-2457 through 2.2-2458.1) of Chapter 24 of Title 2.2 of the Code of Virginia, relating to Information Technology governance in the Commonwealth; the Chief Information Officer; the Information Technology Investment Board; the Department of Technology Management, established; the Information Technology Investment Council, established; and the Council on Technology Services, established.
Patrons-- Howell, Stosch and McDougle

Referred to Committee on General Laws and Technology

Be it enacted by the General Assembly of Virginia:

1.  That §§ 2.2-106, 2.2-225, 2.2-603, 2.2-1115.1, 2.2-1507, 2.2-1509.3, 2.2-2005, 2.2-2006, 2.2-2007, 2.2-2009, 2.2-2012, 2.2-2013, 2.2-2023, 2.2-2033, 2.2-2034, 2.2-2423, 2.2-4343, 23-38.88, 23-38.111, 23-77.4, 56-484.12, 56-484.13, 56-484.14, 56-484.15, 56-484.17, and 58.1-1840.1 of the Code of Virginia and that the Code of Virginia is amended by adding in Chapter 20.1 of Title 2.2 an article numbered 8, consisting of sections numbered 2.2-2035 and 2.2-2036, by adding in Title 2.2 a chapter numbered 20.2, containing articles numbered 1 through 4, consisting of sections numbered 2.2-2037 through 2.2-2052, and by adding in Chapter 26 of Title 2.2 articles numbered 35 and 36, consisting of sections numbered 2.2-2699.5 through 2.2-2699.8, as follows:

§ 2.2-106. Appointment of agency heads; severance.

A. Notwithstanding any provision of law to the contrary, the Governor shall appoint the administrative head of each agency of the executive branch of state government except the:

1. Executive Director of the Virginia Port Authority;

2. Director of the State Council of Higher Education for Virginia;

3. Executive Director of the Department of Game and Inland Fisheries;

4. Executive Director of the Jamestown-Yorktown Foundation;

5. Executive Director of the Motor Vehicle Dealer Board;

6. Librarian of Virginia;

7. Administrator of the Commonwealth's Attorneys' Services Council;

8. Executive Director of the Virginia Housing Development Authority; and

9. Executive Director of the Board of Accountancy; and

10. Chief Information Officer of the Commonwealth.

However, the manner of selection of those heads of agencies chosen as set forth in the Constitution of Virginia shall continue without change. Each administrative head and Secretary appointed by the Governor pursuant to this section shall (i) be subject to confirmation by the General Assembly, (ii) have the professional qualifications prescribed by law, and (iii) serve at the pleasure of the Governor.

B. As part of the confirmation process for each administrative head and Secretary, the Secretary of the Commonwealth shall provide copies of the resumes and statements of economic interests filed pursuant to § 2.2-3117 to the chairs of the House of Delegates and Senate Committees on Privileges and Elections. For appointments made before January 1, copies shall be provided to the chairs within 30 days of the appointment or by January 7 whichever time is earlier; and for appointments made after January 1 through the regular session of that year, copies shall be provided to the chairs within seven days of the appointment. Each appointee shall be available for interviews by the Committees on Privileges and Elections or other applicable standing committee. For the purposes of this section and § 2.2-107, there shall be a joint subcommittee of the House of Delegates and Senate Committees on Privileges and Elections consisting of five members of the House Committee and three members of the Senate Committee appointed by the respective chairs of the committees to review the resumes and statements of economic interests of gubernatorial appointees. The members of the House of Delegates shall be appointed in accordance with the principles of proportional representation contained in the Rules of the House of Delegates. No appointment confirmed by the General Assembly shall be subject to challenge by reason of a failure to comply with the provisions of this paragraph subsection pertaining to the confirmation process.

C. For the purpose of this section, "agency" includes all administrative units established by law or by executive order that are not (i) arms of the legislative or judicial branches of government; (ii) institutions of higher education as classified under §§ 23-253.7, 22.1-346, 23-14, and 23-252, and; (iii) regional planning districts, regional transportation authorities or districts, or regional sanitation districts; and (iv) assigned by law to other departments or agencies, not including assignments to secretaries under Article 7 (§ 2.2-215 et seq.) of Chapter 2 of this title.

D. Severance benefits provided to any departing agency head, whether or not appointed by the Governor, shall be publicly announced by the appointing authority prior to such departure.

§ 2.2-225. Position established; agencies for which responsible.

A. The position of Secretary of Technology (the Secretary) is created. The Secretary shall be responsible to the Governor for the following agencies and boards: Information Technology Investment Board, Innovation and Entrepreneurship Investment Authority, Virginia Information Technologies Agency, Department of Technology Management, Virginia Geographic Information Network Advisory Board, and the Wireless E-911 Services Board. The Governor, by executive order, may assign any other state executive agency to the Secretary, or reassign any agency listed in this section to another Secretary.

B. Unless the Governor expressly reserves such power to himself, the Secretary may, with regard to strategy development, planning, and budgeting for technology programs in the Commonwealth:

1. Develop a comprehensive, statewide, two-year strategic plan for information technology that includes, but is not limited to, (i) trends in needs for application and infrastructure services by state agencies and recommendations on appropriate services to meet those needs, including telework; (ii) progress in the use of information technology standards by state agencies, local government, and state institutions of higher education in a manner that promotes the security of sensitive information and the efficient exchange of electronic information between the public and private sectors in the Commonwealth; (iii) identification of unmet needs for access to technology that may impede the secure and free flow of information, including but not limited to broadband access; and (iv) opportunities for collaboration, and steps to address any barriers thereto, between state agencies, local governments, and state institutions of higher education that may promote more efficient and effective provision of service.

The strategic plan shall also identify how information technology can be used to increase economic efficiency, citizen convenience, and public access to state government. The strategic plan shall be updated annually and submitted to the Governor.

2. Upon the advice of the Director of the Department of Technology Management pursuant to § 2.2-2042, and in consultation with the Information Technology Investment Council pursuant to § 2.2-2699.6, terminate information technology projects.

3. Coordinate the efforts of, and resolve any conflicts that might arise between, the Virginia Information Technologies Agency and the Department of Technology Management.

C. Unless the Governor expressly reserves such power to himself, the Secretary may, with regard to strategy development, technology-related research, and economic development:

1. Monitor trends and advances in fundamental technologies of interest and importance to the economy of the Commonwealth and direct and approve a stakeholder-driven technology strategy development process that results in a comprehensive and coordinated view of research and development goals for industry, academia and government in the Commonwealth. This strategy shall be updated biennially and submitted to the Governor, the Speaker of the House of Delegates and the President Pro Tempore of the Senate.

2. Work closely with the appropriate federal research and development agencies and program managers to maximize the participation of Commonwealth industries and universities in these programs consistent with agreed strategy goals.

3. Direct the development of plans and programs for strengthening the technology resources of the Commonwealth's high technology industry sectors and for assisting in the strengthening and development of the Commonwealth's Regional Technology Councils.

4. Direct the development of plans and programs for improving access to capital for technology-based entrepreneurs.

5. Assist the Joint Commission on Technology and Science created pursuant to § 30-85 in its efforts to stimulate, encourage, and promote the development of technology in the Commonwealth.

6. Continuously monitor and analyze the technology investments and strategic initiatives of other states to ensure the Commonwealth remains competitive.

7. Strengthen interstate and international partnerships and relationships in the public and private sectors to bolster the Commonwealth's reputation as a global technology center.

8. Develop and implement strategies to accelerate and expand the commercialization of intellectual property created within the Commonwealth.

9. Ensure the Commonwealth remains competitive in cultivating and expanding growth industries, including life sciences, advanced materials and nanotechnology, biotechnology, and aerospace.

10. Monitor the trends in the availability and deployment of and access to broadband communications services, which include, but are not limited to, competitively priced, high-speed data services and Internet access services of general application, throughout the Commonwealth and advancements in communications technology for deployment potential. The Secretary shall report annually by December 1 to the Governor and General Assembly on those trends.

§ 2.2-603. Authority of agency directors.

A. Notwithstanding any provision of law to the contrary, the agency director of each agency in the executive branch of state government shall have the power and duty to (i) supervise and manage the department or agency and (ii) prepare, approve, and submit to the Governor all requests for appropriations and to be responsible for all expenditures pursuant to appropriations.

B. The director of each agency in the executive branch of state government, except those that by law are appointed by their respective boards, shall not proscribe any agency employee from discussing the functions and policies of the agency, without prior approval from his supervisor or superior, with any person unless the information to be discussed is protected from disclosure by the Virginia Freedom of Information Act (§ 2.2-3700 et seq.) or any other provision of state or federal law.

C. Subsection A shall not be construed to restrict any other specific or general powers and duties of executive branch boards granted by law.

D. This section shall not apply to those agency directors that are appointed by their respective boards or by the Board of Education. Directors appointed in this manner shall have the powers and duties assigned by law or by the board.

E. In addition to the requirements of subsection C of § 2.2-619, the director of each agency in any branch of state government shall, at the end of each fiscal year, report to (i) the Secretary of Finance and the Chairmen of the House Committee on Appropriations and the Senate Committee on Finance a listing and general description of any federal contract, grant, or money in excess of $1,000,000 $1 million for which the agency was eligible, whether or not the agency applied for, accepted, and received such contract, grant, or money, and, if not, the reasons therefore therefor and the dollar amount and corresponding percentage of the agency's total annual budget that was supplied by funds from the federal government and (ii) the Chairmen of the House Committees on Appropriations and Finance, and the Senate Committee on Finance any amounts owed to the agency from any source that are more than six months delinquent, the length of such delinquencies, and the total of all such delinquent amounts in each six-month interval. Clause (i) shall not be required of public institutions of higher education.

F. The director of every department in the executive branch of state government shall report to the Chief Information Officer as described in § 2.2-2005, and the Director of the Department of Technology Management (DTM) as described in § 2.2-2037 all known incidents that threaten the security of the Commonwealth's databases and data communications resulting in exposure of data protected by federal or state laws, or other incidents compromising the security of the Commonwealth's information technology systems with the potential to cause major disruption to normal agency activities. Such reports shall be made to the Chief Information Officer and Director of DTM within 24 hours from when the department discovered or should have discovered their occurrence.

§ 2.2-1115.1. Standard vendor accounting information.

A. The Division, the Virginia Information Technologies Agency, and the State Comptroller shall develop and maintain data standards for use by all agencies and institutions for payments and purchases of goods and services pursuant to §§ 2.2-1115 and 2.2-2012. Such standards shall include at a minimum the vendor number, name, address, and tax identification number; commodity code, order number, invoice number, and receipt information; and other information necessary to appropriately and consistently identify all suppliers of goods, commodities, and other services to the Commonwealth. The Division, the Virginia Information Technologies Agency, and the State Comptroller shall annually review and update these standards to provide the Commonwealth information to monitor all procurement of goods and services and to implement adequate controls to pay only authorized providers of goods and services to the Commonwealth.

B. The Division and the Virginia Information Technologies Agency shall submit these standards to the Information Technology Investment Board in accordance with § 2.2-2458 for approval as statewide technical and data standards for information technology.

§ 2.2-1507. Participation of certain agencies in budget development process of other agencies.

Agencies having responsibilities granted under §§ 2.2-703, 2.2-2011, and 2.2-2696 shall participate in the budget development process of relevant agencies and receive from these agencies, prior to submission to the Department their proposed programs and budgets. Recommendations to the appropriate agencies and the secretaries of the Governor on related matters shall be made prior to budget submissions.

§ 2.2-1509.3. Budget bill to include appropriations for major information technology projects.

A. For purposes of this section:

"Director" means the Director of the Department of Technology Management.

"Major information technology project" means the same as that term is defined in § 2.2-2006.

"Major information technology project funding" means an estimate of each funding source for a major information technology project for the duration of the project.

B. In "The Budget Bill" submitted pursuant to § 2.2-1509, the Governor shall provide for the funding of major information technology projects, as specified herein. Such funding recommendations shall be for major information technology projects that have or are pending project development or procurement approval as defined by § 2.2-2019 or procurement approval as defined by § 2.2-2020 § 2.2-2045.

The Governor shall include in "The Budget Bill" submitted pursuant to § 2.2-1509 a biennial appropriation for major information technology projects and the following information for each such project:

1. A brief statement explaining the project, the Information Technology Investment Board's Director's ranking and recommendations on the project as required by § 2.2-2458, an explanation, if necessary, if the Governor informed the Chief Information Officer Director that an emergency existed as set forth in § 2.2-2008 § 2.2-2043, and the anticipated duration of the project;

2. A brief explanation of the inclusion of any project in the budget bill that has not undergone review and approval by the Information Technology Investment Board as required by § 2.2-2458 Director;

3. Total estimated project costs, as defined by the Commonwealth's Project Management Standards, including the amount of the agency's or institution's operating appropriation, which will support the project, and long-term contract cost beyond the biennium;

4. Costs incurred to date, as defined by the Commonwealth's Project Management Standards, which includes both the project planning cost and internal operating costs to support the project;

5. Recommendations or comments of the Public-Private Partnership Advisory Commission, if the project is part of a proposal under the Public-Private Education Facilities and Infrastructure Act of 2002 (§ 56-575.1 et seq.); and

6. The Information Technology Investment Board's Director's assessment of the project and the status as of the date of the budget bill submission to the General Assembly.

C. The Information Technology Investment Board Secretary of Technology shall immediately notify each member of the Senate Finance Committee and the House Appropriations Committee of any Board decision to terminate in accordance with § 2.2-2458 any major information technology project in the budget bill. Such communication shall include the Information Technology Investment Board's reason for such termination.

§ 2.2-2005. Creation of Agency; appointment of Chief Information Officer.

A. There is hereby created the Virginia Information Technologies Agency (VITA), which shall serve as the agency responsible for administration and enforcement of the provisions of this Chapter and the rules and policies of the Board chapter. VITA is created in order to manage the consolidation and provision of the Commonwealth's information technology infrastructure services and to oversee the Commonwealth's efforts to modernize the planning, development, implementation, improvement, and retirement of Commonwealth applications, including the coordination and development of enterprise-wide or multi-agency applications.

B. The Board Governor shall appoint, subject to confirmation by the General Assembly, a Chief Information Officer (the CIO) as the chief administrative officer of the Board to oversee the operation of VITA. The CIO shall be employed under special contract for a term not to exceed five years and shall, under the direction and control of the Board, Governor and exercise the powers and perform the duties conferred or imposed upon him by law and perform such other duties as may be required by the Board Governor.

C. The head of each state agency shall designate an existing employee to be the agency's information technology resource who shall be responsible for compliance with the procedures, policies, and guidelines developed pursuant to this chapter.

§ 2.2-2006. Definitions.

As used in this chapter For purposes of this chapter and Chapter 20.2 (§ 2.2-2037 et seq.):

"Board" means the Information Technology Investment Board created in § 2.2-2457.

"Application" means an automated solution or computer program designed to fulfill one or more functions. It may be a single program designed for a single business function, or it may be an enterprise system that supports multiple business functions.

"Architecture" means an organizing model used to manage and align business processes and information technology.

"CIO" means the Chief Information Officer.

"Communications services" includes telecommunications services, automated data processing services, and management information systems that serve the needs of state agencies and institutions.

"Confidential data" means information made confidential by federal or state law that is maintained by a state agency in an electronic format.

"Department" means the Department of Technology Management.

"Enterprise" means a strategic approach to information technology that includes all executive branch agencies collectively, and may also include institutes of higher education and the judicial and legislative branches of state government.

"Information technology" means telecommunications, automated data processing, databases, the Internet, management information systems, and related information, equipment, goods, and services. It is in the interest of the Commonwealth that its public institutions of higher education in Virginia be in the forefront of developments in technology. Therefore, the provisions of this chapter shall not be construed to hamper the pursuit of the missions of the institutions in instruction and research.

"Infrastructure" means the basic physical and organizational structure necessary to implement information technology assets and service, including telecommunications.

"Major information technology project" means any state agency information technology project that (i) is mission-critical, (ii) has statewide application is for the enterprise, or (iii) has a total estimated cost of more than $1 million or more.

"Noncommercial telecommunications entity" means any public broadcasting station as defined in § 2.2-2427.

"Public telecommunications entity" means any public broadcasting station as defined in § 2.2-2427.

"Public telecommunications facilities" means all apparatus, equipment and material necessary for or associated in any way with public broadcasting stations or public broadcasting services as those terms are defined in § 2.2-2427, including the buildings and structures necessary to house such apparatus, equipment and material, and the necessary land for the purpose of providing public broadcasting services, but not telecommunications services.

"Public telecommunications services" means public broadcasting services as defined in § 2.2-2427.

"Secretary" means the Secretary of Technology.

"State agency" or "agency" means any agency, institution, board, bureau, commission, council, or instrumentality of state government in the executive branch listed in the appropriation act. However, the terms "state agency," "agency," "institution," "public body," and "public institution of higher education," shall not include the University of Virginia Medical Center.

"Technology asset" means hardware and communications equipment not classified as traditional mainframe-based items, including personal computers, mobile computers, and other devices capable of storing and manipulating electronic data.

"Telecommunications" means any origination, transmission, emission, or reception of signs, signals, writings, images, and sounds or intelligence of any nature, by wire, radio, television, optical, or other electromagnetic systems.

"Telecommunications facilities" means apparatus necessary or useful in the production, distribution, or interconnection of electronic communications for state agencies or institutions including the buildings and structures necessary to house such apparatus and the necessary land.

§ 2.2-2007. Powers and Duties of the CIO.

A. In addition to such other duties as the Board Governor may assign, the CIO shall:

1. Monitor trends and advances in information technology; develop a comprehensive, statewide, four-year strategic plan for information technology to include specific projects that implement the plan; and plan for the acquisition, management, and use of information technology by state agencies. The statewide plan shall be updated annually and submitted to the Board for approval. Report annually to the Secretary of Technology on the needs of VITA's customer agencies with regard to (i) consistent, reliable, and secure information technology applications and infrastructure services; (ii) existing capabilities for building and supporting those services; (iii) existing and anticipated opportunities for enterprise or multi-agency application or infrastructure solutions; (iv) projected future needs for those services; and (v) recommended approaches to ensure the future development, maintenance, and financing of information technology services to ensure the provision of capabilities befitting the needs of state agencies and the service level requirements of its citizens.

2. Direct the formulation and promulgation of policies, guidelines, standards, and specifications for the purchase, development, and maintenance of information technology for state agencies, including, but not limited to, those (i) required to support state and local government exchange, acquisition, storage, use, sharing, and distribution of geographic or base map data and related technologies, (ii) concerned with the development of electronic transactions including the use of electronic signatures as provided in § 59.1-496, and (iii) necessary to support a unified approach to information technology across the totality of state government, thereby assuring that the citizens and businesses of the Commonwealth receive the greatest possible security, value, and convenience from investments made in technology. Oversee the development of any enterprise information technology project unless otherwise provided for by the Secretary of Technology.

3. Direct the development of policies and procedures, in consultation with the Department of Planning and Budget, that are integrated into the Commonwealth's strategic planning and performance budgeting processes, and that state agencies and public institutions of higher education shall follow in developing information technology plans and technology-related budget requests. Such policies and procedures shall require consideration of the contribution of current and proposed technology expenditures to the support of agency and institution priority functional activities, as well as current and future operating expenses, and shall be utilized by all state agencies and public institutions of higher education in preparing budget requests.

4. Review budget requests for information technology from state agencies and public institutions of higher education and recommend budget priorities to the Information Technology Investment Board.

Review of such budget requests shall include, but not be limited to, all data processing or other related projects for amounts exceeding $100,000 in which the agency or institution has entered into or plans to enter into a contract, agreement or other financing agreement or such other arrangement that requires that the Commonwealth either pay for the contract by foregoing revenue collections, or allows or assigns to another party the collection on behalf of or for the Commonwealth any fees, charges, or other assessments or revenues to pay for the project. For each project, the agency or institution, with the exception of public institutions of higher education that meet the conditions prescribed in subsection B of § 23-38.88, shall provide the CIO (i) a summary of the terms, (ii) the anticipated duration, and (iii) the cost or charges to any user, whether a state agency or institution or other party not directly a party to the project arrangements. The description shall also include any terms or conditions that bind the Commonwealth or restrict the Commonwealth's operations and the methods of procurement employed to reach such terms.

5. Direct the development of policies and procedures for the effective management of information technology investments throughout their entire life cycles, including, but not limited to, project definition, procurement, development, implementation, operation, performance evaluation, and enhancement or retirement. Such policies and procedures shall include, at a minimum, the periodic review by the CIO of agency and public institution of higher education information technology projects estimated to cost $1 million or more or deemed to be mission-critical or of statewide application by the CIO. The CIO shall provide technical guidance to the Department of General Services in the development of policies and procedures for the recycling and disposal of computers and other technology assets. Such policies and procedures shall include the expunging, in a manner as determined by the CIO, of all state confidential data and personal identifying information of citizens of the Commonwealth prior to such sale, disposal, or other transfer of computers or other technology assets.

63. Oversee and administer the Virginia Technology Infrastructure Fund created pursuant to § 2.2-2023.

7. Periodically evaluate the feasibility of outsourcing information technology resources and services, and outsource those resources and services that are feasible and beneficial to the Commonwealth.

8. Have the authority to enter into contracts, and with the approval of the Board for any contracts over $1 million, with one or more other public bodies, or public agencies or institutions or localities of the several states, of the United States or its territories, or the District of Columbia for the provision of information technology services.

9. Report annually to the Governor and the Joint Commission on Technology and Science created pursuant to § 30-85 on the use and application of information technology by state agencies and public institutions of higher education to increase economic efficiency, citizen convenience, and public access to state government.

10. Direct the development of policies and procedures that require VITA to review information technology projects proposed by state agencies and institutions exceeding $100,000, and recommend whether such projects be approved or disapproved. The CIO shall disapprove projects between $100,000 and $1 million that do not conform to the statewide information plan or to the individual plans of state agencies or institutions of higher education.

B. Consistent with § 2.2-2012, the CIO may enter into public-private partnership contracts to finance or implement information technology programs and projects. The CIO may issue a request for information to seek out potential private partners interested in providing programs or projects pursuant to an agreement under this subsection. The compensation for such services shall be computed with reference to and paid from the increased revenue or cost savings attributable to the successful implementation of the program or project for the period specified in the contract. The CIO shall be responsible for reviewing and approving the programs and projects and the terms of contracts for same under this subsection. The CIO shall determine annually the total amount of increased revenue or cost savings attributable to the successful implementation of a program or project under this subsection and such amount shall be deposited in the Virginia Technology Infrastructure Fund created in § 2.2-2023. The CIO is authorized to use moneys deposited in the Fund to pay private partners pursuant to the terms of contracts under this subsection. All moneys in excess of that required to be paid to private partners, as determined by the CIO, shall be reported to the Comptroller and retained in the Fund. The CIO shall prepare an annual report to the Governor and General Assembly on all contracts under this subsection, describing each information technology program or project, its progress, revenue impact, and such other information as may be relevant.

§ 2.2-2009. Additional duties of the CIO relating to security of government information.

A. To provide for the security of state government electronic information from unauthorized uses, intrusions or other security threats, the CIO shall direct the development of policies, procedures and standards for assessing security risks, determining the appropriate security measures and performing security audits of government electronic information. Such policies, procedures, and standards will apply to the Commonwealth's executive, legislative, and judicial branches, and independent agencies and institutions of higher education. The CIO shall work with representatives of the Chief Justice of the Supreme Court and Joint Rules Committee of the General Assembly to identify their needs.

B. The CIO shall also develop policies, procedures, and standards that shall address the scope of security audits and the frequency of such security audits. In developing and updating such policies, procedures, and standards, the CIO shall designate a government entity to oversee, plan and coordinate the conduct of periodic security audits of all executive branch and independent agencies and institutions of higher education. The CIO will coordinate these audits with the Auditor of Public Accounts and the Joint Legislative Audit and Review Commission. The Chief Justice of the Supreme Court and the Joint Rules Committee of the General Assembly shall determine the most appropriate methods to review the protection of electronic information within their branches.

C. The CIO shall report to the Governor and General Assembly by December 2008 and annually thereafter, those executive branch and independent agencies and institutions of higher education that have not implemented acceptable policies, procedures, and standards to control unauthorized uses, intrusions, or other security threats. For any executive branch and independent agency or institution of higher education whose security audit results and plans for corrective action are unacceptable, the CIO shall report such results to the (i) Information Technology Investment Board, (ii) affected cabinet secretary, (iii) Governor, and (iv) Auditor of Public Accounts. Upon review of the security audit results in question, the Information Technology Investment Board may take action to suspend the public bodies information technology projects pursuant to subdivision 3 of § 2.2-2458, limit additional information technology investments pending acceptable corrective actions, and recommend to the Governor any other appropriate actions.

D. All public bodies subject to such audits as required by this section shall fully cooperate with the entity designated to perform such audits and bear any associated costs. Public bodies that are not required to but elect to use the entity designated to perform such audits shall also bear any associated costs.

E. The provisions of this section shall not infringe upon responsibilities assigned to the Comptroller, the Auditor of Public Accounts, or the Joint Legislative Audit and Review Commission by other provisions of the Code of Virginia.

F. To ensure the security and privacy of citizens of the Commonwealth in their interactions with state government, the CIO shall direct the development of policies, procedures, and standards for the protection of confidential data maintained by state agencies against unauthorized access and use. Such policies, procedures, and standards shall include, but not be limited to:

1. Requirements that any state employee or other authorized user of a state technology asset provide passwords or other means of authentication to (i) use a technology asset and (ii) access a state-owned or operated computer network or database; and

2. Requirements that a digital rights management system or other means of authenticating and controlling an individual's ability to access electronic records be utilized to limit access to and use of electronic records that contain confidential data to authorized individuals.

G. The CIO shall promptly receive reports from directors of departments in the executive branch of state government made in accordance with § 2.2-603 and shall take such actions as are necessary, convenient or desirable to ensure the security of the Commonwealth's electronic information and confidential data.

The CIO is responsible for ensuring the security of information technology infrastructure and applications that are directly owned or managed by VITA or its contractual partners, including but not limited to the security of computers, networks, and messaging systems. All agencies in the Commonwealth shall cooperate with the CIO and VITA in ensuring the security of IT infrastructure, including but not limited to assisting the CIO and VITA in (i) controlling access to information technology infrastructure located at agency facilities, (ii) controlling access to information technology infrastructure used by agency personnel, and (iii) ensuring agency personnel comply with regulations, standards, policies, and guidelines for proper use of information technology infrastructure. In fulfilling this duty, the CIO shall take all necessary and prudent steps as should be reasonably anticipated or as otherwise directed by existing regulations, standards, policies, and guidelines developed by the Department of Technology Management (DTM).

§ 2.2-2012. Procurement of information technology and telecommunications goods and services; computer equipment to be based on performance-based specifications.

A. Information technology and telecommunications goods and services of every description shall be procured by (i) VITA Pursuant to regulations, standards, policies, and guidelines developed by DTM, the CIO or his authorized designees may enter into contracts and otherwise procure information technology and telecommunications goods and services of every description for its own benefit or on behalf of other state agencies and institutions or (ii) such other agencies or institutions to the extent authorized by VITA. Such procurements shall be made in accordance with the Virginia Public Procurement Act (§ 2.2-4300 et seq.), regulations that implement the electronic and information technology accessibility standards of the Rehabilitation Act of 1973 (29 U.S.C. § 794d), as amended, and any regulations as may be prescribed by VITA. In no case shall such procurements exceed the requirements of the regulations that implement the electronic and information technology accessibility standards of the Rehabilitation Act of 1973, as amended.

The CIO shall disapprove any procurement that does not conform to the statewide information technology plan or to the individual plans of state agencies or public institutions of higher education.

B. All statewide contracts and agreements made and entered into by VITA for the purchase of communications services, telecommunications facilities, and information technology goods and services shall provide for the inclusion of counties, cities, and towns in such contracts and agreements. Notwithstanding the provisions of § 2.2-4301, VITA may enter into multiple vendor contracts for the referenced services, facilities, and goods and services.

B1. The Department VITA may establish contracts for the purchase of personal computers and related devices by licensed teachers employed in a full-time teaching capacity in Virginia public schools or in state educational facilities for use outside the classroom. The computers and related devices shall not be purchased with public funds, but shall be paid for and owned by teachers individually provided that no more than one such computer and related device per year shall be so purchased.

C. If VITA, or any agency or institution authorized by VITA, elects to procure personal computers and related peripheral equipment pursuant to any type of blanket purchasing arrangement under which public bodies, as defined in § 2.2-4301, may purchase such goods from any vendor following competitive procurement but without the conduct of an individual procurement by or for the using agency or institution, it shall establish performance-based specifications for the selection of equipment. Establishment of such contracts shall emphasize performance criteria including price, quality, and delivery without regard to "brand name." All vendors meeting the Commonwealth's performance requirements shall be afforded the opportunity to compete for such contracts. The CIO may enter into contracts with one or more other public bodies, or public agencies or institutions or localities of the several states, of the United States or its territories, or the District of Columbia for the provision of information technology services. Any contracts with a value of $1 million or more must be approved by the Secretary of Technology.

D. This section shall not be construed or applied so as to infringe upon, in any manner, the responsibilities for accounting systems assigned to the Comptroller under § 2.2-803. The CIO shall periodically evaluate the feasibility of outsourcing information technology resources and services and outsource those resources and services that are feasible and beneficial to the Commonwealth.

E. The CIO of VITA shall, on or before October 1, 2009, and every two years thereafter, solicit from each state agency and public institution of higher education a list of procurements that were competed with the private sector that appear on the Commonwealth Competition Council's commercial activities list and were, until that time, being performed by each state agency and public institution of higher education during the previous two years, and the outcome of that competition. The CIO shall make the lists available to the public on VITA's website. The CIO may enter into public-private partnership contracts to finance or implement information technology programs and projects. The CIO may issue a request for information to seek out potential private partners interested in providing programs or projects pursuant to an agreement under this subsection. The compensation for such services shall be computed with reference to and paid from the increased revenue or cost savings attributable to the successful implementation of the program or project for the period specified in the contract. The Secretary of Technology shall be responsible for reviewing and approving the programs and projects and the terms of contracts pursuant to this subsection. The CIO shall determine annually the total amount of increased revenue or cost savings attributable to the successful implementation of a program or project initiated pursuant to this subsection and such amount shall be deposited in the Virginia Technology Infrastructure Fund created in § 2.2-2023. The CIO is authorized to use moneys deposited in the Fund to pay private partners pursuant to contract terms for programs or projects initiated pursuant to this section. All moneys in excess of that required to be paid to private partners, as determined by the CIO, shall be reported to the Comptroller and retained in the Fund. The CIO shall prepare an annual report to the Governor and General Assembly on all contracts entered pursuant to this subsection, describing each information technology program or project, its progress, revenue impact, and such other information as may be relevant.

F. The CIO may provide for the centralized marketing, provision, leasing, and executing of license agreements for electronic access to public information and government services through the Internet, wireless devices, personal digital assistants, kiosks, or other such related media on terms and conditions as may be determined to be in the best interest of the Commonwealth. VITA may fix and collect fees and charges for (i) public information, media, and other incidental services furnished by it to any private individual or entity, notwithstanding the charges set forth in § 2.2-3704, and (ii) such use and services it provides to any state agency or local government. Nothing in this subsection authorizing VITA to fix and collect fees for providing information services shall be construed to prevent access to the public records of any public body pursuant to the provisions of the Virginia Freedom of Information Act (§ 2.2-3700 et seq.). VITA is authorized, subject to approval by the Secretary of Technology and any other affected Secretariat, to delegate the powers and responsibilities granted in this subsection to any agency within the executive branch.

G. This section shall not be construed or applied so as to infringe upon, in any manner, the responsibilities for accounting systems assigned to the Comptroller under § 2.2-803.

§ 2.2-2013. Internal service funds; Applications Services Internal Service Fund; Infrastructure Services Internal Service Fund; Telecommunication Services Internal Service Fund.

A. There are established the following internal service funds to be administered by VITA:

1. The Automated Applications Services Internal Service Fund to be used to finance automated systems design, development and testing services and staff of VITA;

2. The Computer Infrastructure Services Internal Service Fund to be used to finance computer infrastructure operations and staff of VITA, excluding telecommunications infrastructure; and

3. The Telecommunication Services Internal Service Fund to be used to finance telecommunications operations and staff of VITA.

B. There is established the Acquisition Services Special Fund to be administered by VITA and used to finance procurement and contracting activities and programs unallowable for federal fund reimbursement.

C. All users of services provided for in this chapter administered by VITA shall be assessed a surcharge, which shall be deposited in the appropriate fund. This charge shall be an amount sufficient to allow VITA to finance the operations and staff of the services offered.

D. Additional moneys necessary to establish these funds or provide for the administration of the activities of VITA may be advanced from the general account of the state treasury.

E. The CIO shall direct that the following activities be conducted with respect to VITA’s internal service funds:

1. VITA shall establish fee schedules for the collection of fees from users when general fund appropriations are not available for the services rendered.

2. VITA shall develop and implement information, billing, and collections systems that will aid state agencies in analyzing their use of VITA’s services and allow VITA to forecast trends in service demands.

3. By October 1 of each year, VITA shall submit biennial projections of future revenues and expenditures for each internal service fund and estimates of any anticipated changes to fee schedules to the Joint Legislative Audit and Review Commission and the Department of Planning and Budget.

4. That on or before October 1, 2010, the CIO shall, in consultation with the Joint Legislative Audit and Review Commission and the Department of Planning and Budget, develop standard documentation and information to be used as part of any requests for changes to its fee schedules and rates. In the event that changes to fee schedules or rates are required, the CIO shall submit the documentation developed in accordance with this section to the Joint Legislative Audit and Review Commission and the Department of Planning and Budget no later than September 1 prior to the fiscal year in which the new or revised rates are to take effect so that the impact of the rate changes can be considered for inclusion in the executive budget submitted to the General Assembly pursuant to §2.2-1508 of the Code of Virginia. In emergency circumstances, deviations from this approach shall be approved in advance by the Joint Legislative Audit and Review Commission.

§ 2.2-2023. Virginia Technology Infrastructure Fund created; contributions.

A. The Virginia Technology Infrastructure Fund (the Fund) is created in the state treasury. The Fund is to be used to fund major information technology projects or to pay private partners as authorized in subsection B of § 2.2-2007 E of § 2.2-2012.

B. The Fund shall consist of: (i) the transfer of general and nongeneral fund appropriations from state agencies which represent savings that accrue from reductions in the cost of information technology and communication services, (ii) the transfer of general and nongeneral fund appropriations from state agencies which represent savings from the implementation of information technology enterprise projects, (iii) funds identified pursuant to subsection B of § 2.2-2007 E of § 2.2-2012, (iv) such general and nongeneral fund fees or surcharges as may be assessed to agencies for enterprise or collaborative technology projects or use of enterprise and collaborative applications, (v) gifts, grants, or donations from public or private sources, and (vi) such other funds as may be appropriated by the General Assembly. Savings shall be as identified by the CIO through a methodology approved by the Board Secretary of Technology and the Secretary of Finance. The Auditor of Public Accounts shall certify the amount of any savings identified by the CIO. For public institutions of higher education, however, savings shall consist only of that portion of total savings that represent general funds. The State Comptroller is authorized to transfer cash consistent with appropriation transfers. Appropriated funds from federal sources are exempted from transfer. Except for funds to pay private partners as authorized in subsection B of § 2.2-2007 E of § 2.2-2012, moneys in the Fund shall only be expended as provided by the appropriation act.

Interest earned on the Fund shall be credited to the Fund. The Fund shall be permanent and nonreverting. Any unexpended balance in the Fund at the end of the biennium shall not be transferred to the general fund of the state treasury.

Article 7.
Division of Enterprise Applications Division.

§ 2.2-2033. Enterprise Applications Division established; appointment of Deputy CIO for Applications.

A. There is hereby established within VITA a Division of an Enterprise Applications (the Division) Division (EAD) to oversee the Commonwealth's efforts to modernize the planning, development, implementation, improvement, and retirement of Commonwealth applications, including the coordination and development of enterprise-wide or multi-agency applications. The Division shall exercise the powers and duties conferred in this article.

B. The Division EAD shall be headed by a Virginia Chief Applications Officer (CAO) Deputy CIO for Applications, appointed by and reporting to the CIO with the advice and consent of the Board. The Board CIO shall provide the CAO Deputy CIO for Applications with the powers necessary to direct the Commonwealth's efforts to modernize and oversee the planning, development, implementation, improvement, and retirement of enterprise-wide or multi-agency applications; and to manage the Commonwealth portal; and to approve and oversee annual agency technology application budgets and contractor-based personnel IT services expenditures for presentation to and approval by the Board.

C. The Deputy CIO for Applications shall have the following additional powers and duties concerning the planning, budgeting, acquisition, use, and disposal of information technology applications goods and services:

1. Formulate specifications and related architecture for the management, modification, and exchange of data pursuant to regulations, standards, policies, and guidelines developed by the Department of Technology Management (DTM);

2. Provide technical assistance to state agencies in such areas as (i) designing specifications and related architecture for applications and (ii) performing applications development services, including design, application programming, and maintenance; and

3. Identify any needed changes to existing regulations, standards, policies, and guidelines developed by DTM and submit those to the CIO.

§ 2.2-2034. Agency cooperation with EAD.

All agencies in the Commonwealth shall cooperate with the Chief Applications Officer Deputy CIO for Applications and the Division EAD in carrying out its the duties and responsibilities set forth in this article, including implementing data standards, managing and modernizing the Commonwealth's applications portfolio, developing an enterprise architecture, overseeing and approving technology applications expenditures, and improving portal collaboration.

Article 8.
Infrastructure Services Division.

§ 2.2-2035. Infrastructure Services Division established; appointment of Deputy CIO for Infrastructure.

A. There is hereby established within VITA an Infrastructure Services Division (ISD) to manage the consolidation and provision of the Commonwealth's information infrastructure services.

B. ISD shall be headed by a Deputy CIO for Infrastructure, appointed by and reporting to the CIO. The CIO shall provide the Deputy CIO for Infrastructure with the powers necessary to manage the Commonwealth's infrastructure services, including any managed services contracts.

C. The Deputy CIO for Infrastructure shall have the following additional powers and duties concerning the planning, budgeting, acquiring, using, operating, managing, and disposing of information technology infrastructure goods and services:

1. Formulate infrastructure specifications pursuant to regulations, standards, policies, and guidelines developed by the Department of Technology Management;

2. Identify any needed changes to existing regulations, standards, policies, and guidelines developed by the Department of Technology Management and submit those to the CIO;

3. Manage and coordinate the various information technology facilities and services, centers, and operations used by the Commonwealth; and

4. With the consent of the CIO, acquire, lease, or construct such facilities and equipment as necessary to deliver comprehensive information technology infrastructure services and to maintain such facilities and equipment owned or leased.

§ 2.2-2036. Agency cooperation with ISD.

All agencies in the Commonwealth shall cooperate with the Deputy CIO for Infrastructure and ISD in carrying out the duties and responsibilities set forth in this article.

CHAPTER 20.2.
DEPARTMENT OF TECHNOLOGY MANAGEMENT.
Article 1.
General Provisions.

§ 2.2-2037. Department of Technology Management established; appointment of Director.

A. There is hereby created the Department of Technology Management (DTM) which shall serve as the agency responsible for administration and enforcement of the provisions of this chapter. DTM is created in order to (i) develop regulations, standards, policies, and guidelines for management of information technology in the Commonwealth; (ii) oversee information technology security, procurements, projects, investments, planning, and budgeting; (iii) report on information technology status and trends in the Commonwealth; and (iv) in consultation with the Virginia Information Technologies Agency, identify and plan for the information technology needs of the Commonwealth.

B. The Governor shall appoint, subject to confirmation by the General Assembly, a Director to oversee the operation of DTM (the Director). The Director shall, under the direction and control of the Governor, exercise the powers and perform the duties conferred or imposed upon him by law and perform such other duties as may be required by the Governor.

C. The head of each state agency shall designate an existing employee to be the agency's information technology resource liaison who shall be responsible for compliance with the regulations, standards, policies, and guidelines developed pursuant to this chapter.

§ 2.2-2038. Duties of the Director; information technology standards.

A. The Director shall prescribe regulations, standards, policies, and guidelines necessary or incidental to the performance of duties or execution of powers conferred under this chapter.

B. The Director shall direct the formulation and promulgation of regulations, standards, policies, and guidelines for the procurement, development, and maintenance of information technology and telecommunications goods and services of every description for state agencies including, but not limited to, those (i) required to support state and local government exchange, acquisition, storage, use, sharing, and distribution of geographic, base map, or other data and related technologies, (ii) associated with the development of electronic transactions including the use of electronic signatures as provided in § 59.1-496, and (iii) necessary to support a unified approach to information technology throughout state government, thereby assuring the citizens and businesses of the Commonwealth receive the greatest possible security, value, and convenience from investments made in technology.

C. The Director shall have the following duties with regard to information technology investment management:

1. Direct the development of regulations, standards, policies, and guidelines for the effective management of information technology investments throughout their entire life cycles, including, but not limited to, project definition, procurement, development, implementation, operation, performance evaluation, and enhancement or retirement. Such regulations, standards, policies, and guidelines shall include, at a minimum, the periodic review by the Director of agency and public institutions of higher education information technology projects with an estimated cost threshold of $1 million or more or deemed to be mission-critical or of an enterprise nature by the Director. On a biennial basis beginning in 2010, the Director, in consultation with the Department of Planning and Budget, shall review the foregoing threshold and recommend to the Secretary of Technology any proposed statutory adjustments to the threshold deemed necessary to account for inflation or other policy considerations; and

2. Provide technical guidance to the Department of General Services and the Virginia Information Technologies Agency in the development of regulations, standards, policies, and guidelines for the recycling and disposal of computers and other technology assets. Such regulations, standards, policies, and guidelines shall include the expunging, in a manner as determined by the Director, of all state confidential data and personal identifying information of citizens of the Commonwealth prior to such sale, disposal, or other transfer of computers or other technology assets.

§ 2.2-2039. Duties of the Director relating to security of government information.

A. To provide for the security of state government electronic information from unauthorized uses, intrusions, or other security threats, the Director shall direct the development of regulations, standards, policies, and guidelines for assessing security risks, determining the appropriate security measures, and performing security audits of government electronic information. Such regulations, standards, policies, and guidelines shall apply to the Commonwealth's executive, legislative, and judicial branches and independent agencies and institutions of higher education. The Director shall work with representatives of the Chief Justice of the Supreme Court and the Joint Rules Committee of the General Assembly to identify their needs.

B. The Director shall also develop regulations, standards, policies, and guidelines that shall address the scope of security audits and the frequency of such security audits. In developing and updating such regulations, standards, policies, and guidelines, the Director shall designate a government entity to oversee, plan, and coordinate the conduct of periodic security audits of all executive branch and independent agencies and institutions of higher education. The Director shall coordinate these audits with the Auditor of Public Accounts and the Joint Legislative Audit and Review Commission. The Chief Justice of the Supreme Court and the Joint Rules Committee of the General Assembly shall determine the most appropriate methods to review the protection of electronic information within their branches.

C. For any executive branch agency, independent agency, or institution of higher education whose security audit results and plans for corrective action are unacceptable, the Director shall report such results to (i) the affected cabinet secretary, (ii) the Governor, and (iii) the Auditor of Public Accounts. Upon review of the security audit results in question, the Director may take action to suspend a public body's information technology projects pursuant to § 2.2-2043, limit additional information technology investments pending acceptable corrective actions, and recommend to the Governor any other appropriate actions.

D. All public bodies subject to such audits as required by this section shall fully cooperate with the entity designated to perform such audits and bear any associated costs. Public bodies that are not required to but elect to use the entity designated to perform such audits shall also bear any associated costs.

E. The provisions of this section shall not infringe upon responsibilities assigned to the Comptroller, the Auditor of Public Accounts, or the Joint Legislative Audit and Review Commission by other provisions of the Code of Virginia.

F. To ensure the security and privacy of citizens of the Commonwealth in their interactions with state government, the Director shall direct the development of regulations, standards, policies, and guidelines for the protection of confidential data maintained by state agencies against unauthorized access and use. Such regulations, standards, policies, and guidelines shall include, but not be limited to:

1. Requirements that any state employee or other authorized user of a state technology asset provide passwords or other means of authentication to (i) use a technology asset and (ii) access a state-owned or state-operated computer network or database; and

2. Requirements that a digital rights management system or other means of authenticating and controlling an individual's ability to access electronic records be utilized to limit access to and use of electronic records that contain confidential data to authorized individuals.

G. The Director shall promptly receive reports from directors of departments in the executive branch of state government made in accordance with § 2.2-603 and shall take such actions as are necessary, convenient, or desirable to ensure the security of the Commonwealth's electronic information and confidential data.

§ 2.2-2040. Duties of the Director; fiscal impact of any proposed regulations, standards, policies, or guidelines.

Prior to modifying existing regulations, standards, policies, or guidelines or promulgating new regulations, standards, policies, or guidelines, the Director shall submit to the Secretary of Technology a proposal with a description of, and need for, the modification or promulgation of a new standard, regulation, or policy and a fiscal impact analysis with an estimate of its potential fiscal impact on customer agencies.

§ 2.2-2041. Duties of the Director; procurement of information technology goods and services; computer equipment to be based on performance-based specifications.

A. The Director shall direct the formulation and promulgation of regulations, standards, policies, and guidelines for the procurement of information technology and telecommunications goods and services of every description for state agencies. Such regulations, standards, policies, and guidelines shall be developed in accordance with the Virginia Public Procurement Act (§ 2.2-4300 et seq.) and regulations that implement the electronic and information technology accessibility standards of the Rehabilitation Act of 1973 (29 U.S.C. § 794d), as amended. In no case shall such regulations, standards, policies, and guidelines exceed the requirements of the regulations that implement the electronic and information technology accessibility standards of the Rehabilitation Act of 1973, as amended.

B. If any agency or institution authorized pursuant to this section elects to procure personal computers and related peripheral equipment pursuant to any type of blanket purchasing arrangement under which public bodies, as defined in § 2.2-4301, may purchase such goods from any vendor following competitive procurement but without the conduct of an individual procurement by or for the using agency or institution, it shall establish performance-based specifications for the selection of equipment. Establishment of such contracts shall emphasize performance criteria including price, quality, and delivery without regard to "brand name." All vendors meeting the Commonwealth's performance requirements shall be afforded the opportunity to compete for such contracts.

C. On a biennial basis beginning in 2010, the Director shall solicit from each state agency and public institution of higher education a list of procurements that were competed with the private sector that appear on the Commonwealth Competition Council's commercial activities list and were, until that time, being performed by each state agency and public institution of higher education during the previous two years, and the outcome of that competition. The Director shall make the lists available to the public on DTM’s website.

D. The Director shall have the following duties with respect to the review and approval of information technology procurements and contracts:

1. Analyze and approve all procurements of information technology applications and infrastructure that are not delegated pursuant to this section;

2. Review and approve all agreements and contracts for information technology applications and infrastructure that are not delegated pursuant to this section, prior to execution between a state agency and another public or private agency;

3. Develop a policy to allow the delegation of varying degrees of approval that would exempt procurements and contracts from review requirements, but not from the Commonwealth's competitive procurement process, for any state agency that establishes, to the satisfaction of the Director, (i) its ability and willingness to administer efficiently and effectively the procurement of information technology goods and services or (ii) that it has been subjected to another review process coordinated through or approved by the Director.

E. This section shall not be construed or applied so as to infringe upon, in any manner, the responsibilities for accounting systems assigned to the Comptroller under § 2.2-803.

§ 2.2-2042. Duties of the Director relating to review of annual state agency technology budget requests and strategic planning; annual reports.

A. The Director shall have the following duties with regard to review of agency information technology budget requests:

1. Direct the development of regulations, standards, policies, and guidelines, in consultation with the Department of Planning and Budget, that are integrated into the Commonwealth's strategic planning and performance budgeting processes and ensure that state agencies and public institutions of higher education shall follow in developing technology-related budget requests.

Such regulations, standards, policies, and guidelines shall require consideration of the contribution of current and proposed technology expenditures to the support of agency and institution priority functional activities, as well as current and future operating expenses, and shall be utilized by all state agencies and public institutions of higher education in preparing budget requests.

2. Assist state agencies and public institutions of higher education in the preparation of budget requests for information technology that are consistent with the regulations, standards, policies, and guidelines developed pursuant to this section.

3. Review budget requests for information technology from state agencies and public institutions of higher education and recommend budget priorities to the Department of Planning and Budget. For state agencies, the review shall include annual agency technology application expenditures and contractor-based personnel IT services expenditures incurred by state agencies. Review of such budget requests shall also include, but not be limited to:

a. All projects and contracts for amounts exceeding $250,000. The Director shall disapprove projects between $250,000 and $1 million that do not conform to the statewide information plan, created pursuant to § 2.2-225, or to the individual plans of state agencies or institutions of higher education. On a biennial basis, the Director, in consultation with the Department of Planning and Budget, shall review the foregoing range and recommend to the Secretary of Technology any proposed statutory adjustments to the range deemed necessary to account for inflation or other policy considerations;

b. All projects in which the agency or institution has entered into or plans to enter into a contract, agreement, financing agreement, or such other arrangement that either requires the Commonwealth to pay for the contract by forgoing revenue collections; and

c. All projects in which the agency or institution allows or assigns to another party the responsibility of collecting on behalf of or for the Commonwealth any fees, charges, or other assessments or revenues to pay for the project.

For each project reviewed pursuant to this subdivision, the agency or institution, with the exception of public institutions of higher education that meet the conditions prescribed in subsection B of § 23-38.88, shall provide the Director (i) a summary of the terms, (ii) the anticipated duration, and (iii) the cost or charges to any user, whether a state agency or institution or other party not directly a party to the project arrangements. The description shall also include any terms or conditions that bind the Commonwealth or restrict the Commonwealth's operations and the methods of procurement employed to reach such terms.

B. The Director shall have the following duties with regard to information technology strategic planning:

1. Direct the development of regulations, standards, policies, and guidelines, in consultation with the Department of Planning and Budget, that are integrated into the Commonwealth's strategic planning and performance budgeting processes and ensure that state agencies and public institutions of higher education shall follow in developing information technology strategic plans.

On an annual basis, all state agencies and public institutions of higher education shall prepare and submit information technology plans to the Director for review and approval. These plans shall include but not be limited to information on new technology investments that are needed to address needs and opportunities in the current biennium; all projected investment needs in future biennia in a manner consistent with the life-cycle management standards promulgated by the Director; and information on the ongoing operations and maintenance costs of current applications and infrastructure under the direction of the agency. All state agencies and public institutions of higher education shall maintain current information technology plans that have been approved by the Director. As part of the strategic plan, the agency head, or the agency head’s designee, must provide an accurate and up-to-date inventory of the agency’s inventory of applications and infrastructure, as maintained or otherwise under the administration of the agency, prior to the Director’s review and approval of the agency’s information technology strategic plan. The Director shall disapprove such plans if the agency does not certify that such inventories are complete, accurate, and up to date.

2. Ensure that assistance is provided to state agencies and public institutions of higher education in the preparation of strategic plans for information technology that are consistent with the regulations, standards, policies, and guidelines developed pursuant to this section.

C. The Director shall have the following reporting responsibilities with regard to information technology:

1. The Director shall prepare an annual report for submission to the Secretary of Technology and the Joint Commission on Technology and Science on (i) the current status of the promulgation and adoption of regulations, standards, policies, and guidelines required pursuant to this chapter, plus any needed actions required to ensure their successful use by state agencies and institutions of higher education; (ii) the current condition of information technology in state agencies and institutions of higher education, factors impacting information technology, goals and objectives for information technology, and actions and investments needed to achieve goals and objectives; (iii) the status of recently completed or ongoing information technology projects undertaken by state agencies in terms of trends in their performance and plans to address areas of concern; (iv) trends in current and projected information technology spending by state agencies and at the enterprise level, including spending on projects, operations and maintenance, and payments to VITA; (v) results of security audits, including those state agencies, independent agencies and institutions of higher education that have not implemented acceptable regulations, standards, policies, and guidelines to control unauthorized uses, intrusions, or other security threats; and (vi) the extent to which security standards and guidelines have been adopted by state agencies.

The report submitted pursuant to this subdivision shall include an annual compilation and maintenance of an inventory of information technology used by agencies, including but not limited to personnel, facilities, equipment, goods, applications, infrastructure, and contracts for services.

2. The Director shall prepare an annual report for submission to the Secretary of Technology, the Information Technology Investment Council, and the Joint Commission on Technology and Science on a prioritized list of Recommended Technology Investment Projects based upon projects submitted for approval pursuant to this chapter. As part of this plan, the Director shall develop and regularly update a methodology for prioritizing projects based upon the allocation of points to defined criteria. The criteria and their definitions shall be presented in the plan. For each project listed in the plan, the Director shall indicate the number of points and how they were awarded. For each listed project, the Director also shall indicate the projected cost of the project, all projected costs of ongoing operations and maintenance activities, the projected useful life of the applications and infrastructure involved in the project, and the extent to which the project will incorporate existing standards for the maintenance, exchange, and security of data.

§ 2.2-2043. Duties of the Director; approval, modification, or suspension of any major information technology project.

A. Prior to approving the development of a major information technology project or the procurement of any major information technology project, the Director shall determine that the funding for such project has been included in the budget bill in accordance with § 2.2-1509.3. Notwithstanding the provisions of this section, upon determination by the Governor that an emergency exists and a major information technology project is necessary to address the emergency, the Director shall refer such project directly to the Secretary of Technology.

B. The Director may direct the modification or suspension of any major information technology project that, as the result of a periodic review, has not met the performance measures agreed to by the Director and the sponsoring agency or public institution of higher education or if he otherwise deems such action appropriate and consistent with the terms of any affected contracts. The Director may recommend to the Secretary of Technology the termination of such project. Nothing in this section shall be construed to supersede the responsibility of a board of visitors for the management and operation of a public institution of higher education.

The provisions of this section shall not apply to research projects, research initiatives, or instructional programs at public institutions of higher education. However, technology investments in research projects, research initiatives, or instructional programs at such institutions estimated to cost $1 million or more of general fund appropriations may be reviewed if the projects are deemed mission-critical by the institution or of enterprise application by the Director. The Director and the Secretary of Education, in consultation with public institutions of higher education, shall develop and provide to such institution criteria to be used in determining whether projects are mission-critical.

Article 2.
Project Management Division.

§ 2.2-2044. Project Management Division established; powers and duties.

A. There is established within DTM a Project Management Division (PMD). PMD shall exercise the powers and duties conferred in this article.

B. PMD shall have the power and duty to:

1. Establish minimum qualifications and training standards for project managers;

2. Review and approve all procurement solicitations involving major information technology projects;

3. Develop, implement, and regularly update regulations, standards, policies, and guidelines to be used by state agencies for the identification, selection, planning, and execution of information technology investments, including a methodology for the management of information technology projects;

4. Assign project management specialists to review and recommend to the Director information technology proposals based on criteria developed by PMD based on the (i) degree to which the project is consistent with the requesting agency's strategic plan; (ii) technical feasibility of the project; (iii) benefits to the Commonwealth, including customer service improvements; (iv) risks associated with the project; (v) continued funding requirements; and (vi) past performance by the agency on other projects; and

5. Provide oversight for state agency information technology projects.

§ 2.2-2045. Project approval and monitoring.

A. Prior to proceeding with any major information technology project, an agency shall submit to PMD a project proposal, outlining the business need for the project, the proposed technology solution, if known, and an explanation of how the project would support the agency's business objectives and the information technology strategic plan developed by the Secretary of Technology pursuant to § 2.2-225. The project management specialist may require the submission of additional information if needed to adequately review any such proposal. The project management specialist shall review the proposal and recommend its approval or rejection to the Director.

B. Upon approval of the Director of the project plan, an agency shall submit to PMD a project development proposal containing (i) a detailed business case including a cost-benefit analysis; (ii) a business process analysis, if applicable; (iii) system requirements, if known; (iv) a proposed development plan and project management structure; and (v) a proposed resource or funding plan. The project management specialist may require the submission of additional information necessary to meet the criteria developed by PMD. The project management specialist assigned to review the project development proposal shall recommend its approval or rejection to the Director. If the Director determines that the proposal should be approved, he shall recommend such approval to the Secretary of Technology.

C. Upon approval of the Secretary of Technology of the project development proposal involving a major information technology project that requires the procurement of goods or services, the agency shall submit a copy of any Invitation for Bid (IFB) or Request for Proposal (RFP) to PMD. The project management specialist shall review the IFB or RFP and recommend its approval or rejection to the Director. The Director shall have the final authority to approve the IFB or RFP prior to its release and shall approve the proposed contract for the award of the project.

D. Whenever an agency has received approval from the Secretary of Technology to proceed with the development and acquisition of a major information technology project, an internal agency oversight committee shall be established by the Director. The internal agency oversight committee shall provide ongoing oversight for the project and have the authority to approve or reject any changes in the project's scope, schedule, or budget. The Director shall ensure that the project has in place adequate project management and oversight structures for addressing major issues that could affect the project's scope, schedule or budget and shall address issues that cannot be resolved by the internal agency oversight committee. Whenever an enterprise or multiagency project has received approval from the Secretary of Technology, the primary project oversight shall be conducted by a committee composed of representatives from agencies impacted by the project, which shall be established by the Director.

Article 3.
Virginia Geographic Information Network.

§ 2.2-2046. Definitions.

As used in this article, unless the context requires a different meaning:

"Base map data" means the digitized common geographic data that are used by most geographic information systems applications to reference or link attribute or other geographic data.

"Division" means the Geographic Information Network Division.

"Geographic data" means data that contain either coordinates that reference a geographic location or area or attribute data that can be related to a geographic area or location.

"Geographic information system (GIS)" means a computerized system that stores and links geographic data to allow a wide range of information processing and display operations, as well as map production, analysis, and modeling.

§ 2.2-2047. Geographic Information Network Division; Division coordinator; established.

There is established within DTM a Geographic Information Network Division, which shall foster the creative utilization of geographic information and oversee the development of a catalog of GIS data available in the Commonwealth. The Division shall be headed by a coordinator who shall be under the supervision of and report to the Director. The Division shall exercise the powers and duties conferred in this article.

§ 2.2-2048. Powers and duties of the Division; Division coordinator.

A. The powers and duties of the Division shall include:

1. Requesting the services, expertise, supplies and facilities of DTM from the Director on issues concerning the Division;

2. Accepting grants from the United States government and agencies and instrumentalities thereof and any other source. To those ends, the Division shall have the power to comply with such conditions and execute such agreements as may be necessary or desirable;

3. Fixing, altering, charging, and collecting rates, rentals, and other charges for the use or sale of products of, or services rendered by, the Division, at rates which reflect the fair market value;

4. Soliciting, receiving, and considering proposals for funding projects or initiatives from any state or federal agency, local or regional government, public institution of higher education, nonprofit organization, or private person or corporation;

5. Soliciting and accepting funds, goods and in-kind services that are part of any accepted project proposal;

6. Establishing ad hoc committees or project teams to investigate related technology or technical issues and providing results and recommendations for Division action; and

7. Establishing such bureaus, sections or units as the Division deems appropriate to carry out its powers and duties.

B. The Division coordinator shall:

1. Oversee the development of and recommend to DTM the promulgation of those policies and guidelines required to support state and local government exchange, acquisition, storage, use, sharing and distribution of geographic or base map data and related technologies;

2. Foster the development of a coordinated comprehensive system for providing ready access to electronic state government geographic data products for individuals, businesses, and other entities;

3. Initiate and manage projects or conduct procurement activities relating to the development or acquisition of geographic data or statewide base map data or both;

4. Plan for and coordinate the development or procurement of priority geographic base map data;

5. Develop, maintain, and provide, in the most cost-effective manner, access to the catalog of Virginia geographic data and governmental geographic data users;

6. Provide, upon request, advice and guidance on all agreements and contracts from all branches of state government for geographic data acquisition and design and the installation and maintenance of geographic information systems;

7. Compile a data catalog consisting of descriptions of GIS coverages maintained by individual state and local government agencies;

Nothing in this article shall be construed to require that GIS data be physically delivered to the Division. All state agencies that maintain GIS databases shall report to the Division the details of the data that they develop, acquire, and maintain. Each agency shall submit quarterly reports to the Division specifying all updates to existing data as well as all data development and acquisition currently in progress. Data exempt from the Virginia Freedom of Information Act (§ 2.2-3700 et seq.) need not be reported to the Division.

8. Identify and collect information and technical requirements to assist the Division in setting priorities for the development of state digital geographic data and base maps that meet the needs of state agencies, institutions of higher education, and local governments;

9. Provide services, geographic data products, and access to the repository at rates established by the Division; and

10. Ensure the compliance of those policies, standards, and guidelines developed by DTM required to support and govern the security of state and local government exchange, acquisition, storage, use, sharing, and distribution of geographic or base map data and related technologies.

§ 2.2-2049. GIS Fund created.

There is hereby created in the state treasury a special, nonreverting fund to be known as the GIS Fund, hereafter referred to as the Fund. The Fund shall be established on the books of the Comptroller. All moneys collected pursuant to subsection A of § 2.2-2027 shall be paid into the state treasury and credited to the Fund. Interest earned on moneys in the Fund shall remain in the Fund and be credited to it. Any moneys remaining in the Fund, including interest thereon, at the end of each fiscal year shall not revert to the general fund but shall remain in the Fund. Moneys in the Fund shall be used solely for the purposes set forth in this article. Expenditures and disbursements from the Fund shall be made by the State Treasurer on warrants issued by the Comptroller upon written request signed by the Director.

§ 2.2-2050. Additional powers and duties of the Director.

The Director shall have the power and duty, on the recommendation of the Division coordinator, to (i) receive and disburse funds; (ii) enter into contracts for the purpose of carrying out the provisions of this article; and (iii) rent office space and procure equipment, goods, and services that are necessary to carry out the provisions of this article.

§ 2.2-2051. Nonstock corporation to assist in the development of GIS data.

DTM is hereby authorized to establish a nonstock corporation under Chapter 10 (§ 13.1-801 et seq.) of Title 13.1 as an instrumentality to assist DTM and the Division in the development and acquisition of geographic data and statewide base map data. On or before December 1 of each year, DTM shall report on the activities of the nonstock corporation to the Governor and the General Assembly.

Article 4.
Public Safety Communications Division.

§ 2.2-2052. Public Safety Communications Division established; appointment of Virginia Public Safety Communications Coordinator; duties of PSCD.

A. There is established within DTM a Public Safety Communications Division (PSCD), which shall be headed by a Virginia Public Safety Communications Coordinator, appointed by the Director with the advice and consent of the Wireless E-911 Services Board. The PSCD shall consist of such personnel as the Director deems necessary. The operating expenses, administrative costs, and salaries of the employees of PSCD shall be paid from the Wireless E-911 Fund created pursuant to § 56-484.17.

B. PSCD shall provide staff support to the Wireless E-911 Services Board and encourage, promote, and assist in the development and deployment of statewide enhanced emergency telecommunications systems.

Article 35.
Information Technology Investment Council.

§ 2.2-2699.5. Information Technology Investment Council; purpose; membership; chairman; staff; compensation.

A. The Information Technology Investment Council (ITIC) is established as a policy board, within the meaning of § 2.2-2100, in the executive branch of state government. The ITIC shall consist of 16 members as follows: the Governor's Chief of Staff and each Cabinet Secretary, who shall serve ex officio with voting privileges; the Directors of the Senate Finance and House Appropriations Committees or their designees, who shall each serve ex officio with nonvoting privileges; and three nonlegislative citizen members appointed by the Governor to serve with nonvoting privileges. One nonlegislative citizen member shall have experience as senior information technology management personnel for a company with annual gross revenues in excess of $50 million and two nonlegislative citizen members shall have experience in information technology systems or other technology systems, including but not limited to human resources, environment, transportation, or finance.

The ex officio members of the ITIC shall serve terms coincident with their respective terms of office. Nonlegislative citizen members shall be appointed for terms of four years. Appointments to fill vacancies, other than by expiration of a term, shall be for the unexpired terms. All members may be reappointed. However, no nonlegislative citizen member shall serve more than two consecutive four-year terms. The remainder of any term to which a member is appointed to fill a vacancy shall not constitute a term in determining the member's eligibility for reappointment. Vacancies shall be filled in the same manner as the original appointments.

B. The Chief of Staff shall serve as chairman and the ITIC shall meet at least quarterly each year. The meetings of the ITIC shall be held at the call of the chairman or whenever the majority of the members so request.

C. The disclosure requirements of subsection B of § 2.2-3114 of the State and Local Government Conflict of Interests Act (§ 2.2-3100 et seq.) shall apply to citizen members of the ITIC.

D. The Governor's Office shall provide staff to the ITIC.

E. Nonlegislative citizen members shall receive compensation and shall be reimbursed for all reasonable and necessary expenses incurred in the performance of their duties, as provided in § 2.2-2813 and § 2.2-2825. Funding for the costs of compensation and expenses of the members shall be provided by the Governor's Office.

§ 2.2-2699.6. Powers and duties of the ITIC.

The ITIC shall:

1. Approve the Recommended Technology Investment Projects report prepared by the Project Management Division pursuant to § 2.2-2042.

2. Approve plans for the development, maintenance, and replacement of enterprise and multiagency applications developed by the Council on Technology Services established pursuant to § 2.2-2699.7.

3. Advise the Secretary of Technology on the termination of projects pursuant to § 2.2-225.

Article 36.
Council on Technology Services.

§ 2.2-2699.7. Council on Technology Services; purpose; membership; compensation; chairman.

A. The Council on Technology Services (COTS) is established as an advisory council, within the meaning of § 2.2-2100, in the executive branch of state government. COTS shall consist of 22 members as follows: the Directors of the Departments of Accounts, General Services, Human Resource Management, and Planning and Budget, who shall serve ex officio; one employee from an agency under each of the remaining Cabinet Secretaries, as set out in Chapter 2 (§ 2.2-200), to be appointed by the Governor; one member from an independent agency of state government to be appointed by the Governor; two members from public institutions of higher education to be appointed by the Governor; two members from local government to be appointed by the Governor; one member from the Supreme Court of Virginia to be appointed by the Chief Justice; the Director of the Division of Legislative Automated Systems, who shall serve ex officio; and three nonlegislative citizen members to be appointed by the Governor. Nonlegislative citizen members shall have experience in information technology systems or other technology systems including but not limited to human resources, environment, transportation, or finance. Ex officio members shall serve for terms coincident with their terms of office and all other members shall serve for a term of two years and be eligible for reappointment. All members shall serve with voting privileges. COTS shall elect from its membership a chairman, vice-chairman, and other officers as deemed necessary. COTS which shall meet at least once per quarter and at other times as shall be called by the chairman.

B. The disclosure requirements of subsection B of § 2.2-3114 of the State and Local Government Conflict of Interests Act (§ 2.2-3100 et seq.) shall apply to citizen members of the Council.

C. The Virginia Information Technologies Agency shall provide staff to the Council.

D. Nonlegislative citizen members shall receive compensation and shall be reimbursed for all reasonable and necessary expenses incurred in the performance of their duties, as provided in § 2.2-2813 and § 2.2-2825. Funding for the costs of compensation and expenses of the members shall be provided by the Virginia Information Technologies Agency.

E. COTS may form advisory committees composed of representatives from executive branch agencies and institutions to carry out the purposes of this article. Nothing in this section shall prevent executive branch agencies and institutions from committing additional resources to COTS.

§ 2.2-2699.8. Powers and duties of COTS.

COTS shall have the following duties:

1. To advise the Chief Information Officer on the application and infrastructure services provided by the Virginia Information Technologies Agency;

2. To advise the Director of the Department of Technology Management on the development of information technology regulations, standards, policies, and guidelines; the list of Recommended Technology Investment Projects; and proposed uses of state funds resulting from agency budget reviews; and

3. To develop, for approval by the Information Technology Investment Council, plans for the development, maintenance, and replacement of enterprise and multiagency applications.

§ 2.2-2423. Virginia Geographic Information Network Advisory Board; membership; terms; quorum; compensation and expenses.

A. The Virginia Geographic Information Network Advisory Board (the Board) is hereby established as an advisory board, within the meaning of § 2.2-2100, in the executive branch of state government. The Board shall advise the Geographic Information Network Division (the Division) of the Virginia Information Technologies Agency Department of Technology Management on issues related to the exercise of the Division's powers and duties.

B. The Board shall consist of 18 members appointed as follows: nine nonlegislative citizen members to be appointed by the Governor that consist of one agency director from one of the natural resources agencies, one official from a state university, one elected official representing a local government in the Commonwealth, one member of the Virginia Association of Surveyors, one elected official who serves on a planning district commission, two representatives of utilities or transportation industries utilizing geographic data, and two representatives of private businesses with expertise and experience in the establishment, operation, and maintenance of geographic information systems; four members of the House of Delegates to be appointed by the Speaker of the House of Delegates; two members of the Senate to be appointed by the Senate Committee on Rules; the Chief Information Officer Director of the Department of Technology Management, the Commonwealth Transportation Commissioner, and the Executive Director of the Economic Development Partnership Authority or their designees who shall serve as ex officio, voting members. Gubernatorial appointees may be nonresidents of the Commonwealth. All members of the Board appointed by the Governor shall be confirmed by each house of the General Assembly. The agency director and state university official appointed by the Governor may each designate a member of his organization as an alternate who may attend meetings in his place and be counted as a member of the Board for the purposes of a quorum.

Any members of the Board who are representatives of private businesses that provide geographic information services, and their companies, are precluded from contracting to provide goods or services to the Division.

C. Legislative members' terms shall be coincident with their terms of office. The gubernatorial appointees to the Board shall serve five-year terms, except for the initial appointees whose terms were staggered. Members appointed by the Governor shall serve no more than two consecutive five-year terms. Vacancies occurring other than by expiration of a term shall be filled for the unexpired term. Vacancies shall be filled in the same manner as the original appointments. The remainder of any term to which a member is appointed to fill a vacancy shall not constitute a term in determining the member's eligibility to serve.

D. The Board shall elect from its membership a chairman, vice-chairman, and any other officers deemed necessary. The duties and terms of the officers shall be prescribed by the members. A majority of the Board shall constitute a quorum. The Board shall meet at least quarterly or at the call of its chairman or the Chief Information Officer.

E. Legislative members of the Board shall receive such compensation as provided in § 30-19.12 and nonlegislative citizen members shall receive such compensation as provided in § 2.2-2813 for their services. All members shall be reimbursed for all reasonable and necessary expenses incurred in the performance of their duties as provided in §§ 2.2-2813 and 2.2-2825. Funding for the costs of compensation and expenses of the members shall be provided by the Virginia Geographic Information Network Division of the Virginia Information Technologies Agency.

F. The Geographic Information Network Division shall provide staff support to the Board.

§ 2.2-4343. Exemption from operation of chapter for certain transactions.

A. The provisions of this chapter shall not apply to:

1. The Virginia Port Authority in the exercise of any of its powers in accordance with Chapter 10 (§ 62.1-128 et seq.) of Title 62.1, provided the Authority implements, by policy or regulation adopted by the Board of Commissioners and approved by the Department of General Services, procedures to ensure fairness and competitiveness in the procurement of goods and services and in the administration of its capital outlay program. This exemption shall be applicable only so long as such policies and procedures meeting the requirements remain in effect.

2. The Virginia Retirement System for selection of services related to the management, purchase or sale of authorized investments, actuarial services, and disability determination services. Selection of these services shall be governed by the standard set forth in § 51.1-124.30.

3. The State Treasurer in the selection of investment management services related to the external management of funds shall be governed by the standard set forth in § 2.2-4514, and shall be subject to competitive guidelines and policies that are set by the Commonwealth Treasury Board and approved by the Department of General Services.

4. The Department of Social Services or local departments of social services for the acquisition of motor vehicles for sale or transfer to Temporary Assistance to Needy Families (TANF) recipients.

5. The College of William and Mary in Virginia, Virginia Commonwealth University, the University of Virginia, and Virginia Polytechnic Institute and State University in the selection of services related to the management and investment of their endowment funds, endowment income, gifts, all other nongeneral fund reserves and balances, or local funds of or held by the College or Universities pursuant to § 23-44.1, 23-50.10:01, 23-76.1, or 23-122.1. However, selection of these services shall be governed by the Uniform Prudent Management of Institutional Funds Act (§ 55-268.11 et seq.) as required by §§ 23-44.1, 23-50.10:01, 23-76.1, and 23-122.1.

6. The Board of the Virginia College Savings Plan for the selection of services related to the operation and administration of the Plan, including, but not limited to, contracts or agreements for the management, purchase, or sale of authorized investments or actuarial, record keeping, or consulting services. However, such selection shall be governed by the standard set forth in § 23-38.80.

7. Public institutions of higher education for the purchase of items for resale at retail bookstores and similar retail outlets operated by such institutions. However, such purchase procedures shall provide for competition where practicable.

8. The purchase of goods and services by agencies of the legislative branch that may be specifically exempted therefrom by the Chairman of the Committee on Rules of either the House of Delegates or the Senate. Nor shall the contract review provisions of § 2.2-2011 apply to such procurements. The exemption shall be in writing and kept on file with the agency's disbursement records.

9. Any town with a population of less than 3,500, except as stipulated in the provisions of §§ 2.2-4305, 2.2-4308, 2.2-4311, 2.2-4315, 2.2-4330, 2.2-4333 through 2.2-4338, 2.2-4343.1, and 2.2-4367 through 2.2-4377.

10. Any county, city or town whose governing body has adopted, by ordinance or resolution, alternative policies and procedures which are (i) based on competitive principles and (ii) generally applicable to procurement of goods and services by such governing body and its agencies, except as stipulated in subdivision 12.

This exemption shall be applicable only so long as such policies and procedures, or other policies and procedures meeting the requirements of § 2.2-4300, remain in effect in such county, city or town. Such policies and standards may provide for incentive contracting that offers a contractor whose bid is accepted the opportunity to share in any cost savings realized by the locality when project costs are reduced by such contractor, without affecting project quality, during construction of the project. The fee, if any, charged by the project engineer or architect for determining such cost savings shall be paid as a separate cost and shall not be calculated as part of any cost savings.

11. Any school division whose school board has adopted, by policy or regulation, alternative policies and procedures that are (i) based on competitive principles and (ii) generally applicable to procurement of goods and services by the school board, except as stipulated in subdivision 12.

This exemption shall be applicable only so long as such policies and procedures, or other policies or procedures meeting the requirements of § 2.2-4300, remain in effect in such school division. This provision shall not exempt any school division from any centralized purchasing ordinance duly adopted by a local governing body.

12. Notwithstanding the exemptions set forth in subdivisions 9 through 11, the provisions of subsections C and D of § 2.2-4303, and §§ 2.2-4305, 2.2-4308, 2.2-4311, 2.2-4315, 2.2-4317, 2.2-4330, 2.2-4333 through 2.2-4338, 2.2-4343.1, and 2.2-4367 through 2.2-4377 shall apply to all counties, cities and school divisions, and to all towns having a population greater than 3,500 in the Commonwealth.

The method for procurement of professional services set forth in subdivision 3 a of § 2.2-4301 in the definition of competitive negotiation shall also apply to all counties, cities and school divisions, and to all towns having a population greater than 3,500, where the cost of the professional service is expected to exceed $30,000 in the aggregate or for the sum of all phases of a contract or project. A school board that makes purchases through its public school foundation or purchases educational technology through its educational technology foundation, either as may be established pursuant to § 22.1-212.2:2 shall be exempt from the provisions of this chapter, except, relative to such purchases, the school board shall comply with the provisions of §§ 2.2-4311 and 2.2-4367 through 2.2-4377.

13. A public body that is also a utility operator may purchase services through or participate in contracts awarded by one or more utility operators that are not public bodies for utility marking services as required by the Underground Utility Damage Prevention Act (§ 56-265.14 et seq.). A purchase of services under this subdivision may deviate from the procurement procedures set forth in this chapter upon a determination made in advance by the public body and set forth in writing that competitive sealed bidding is either not practicable or not fiscally advantageous to the public, and the contract is awarded based on competitive principles.

14. Procurement of any construction or planning and design services for construction by a Virginia nonprofit corporation or organization not otherwise specifically exempted when (i) the planning, design or construction is funded by state appropriations of $10,000 or less or (ii) the Virginia nonprofit corporation or organization is obligated to conform to procurement procedures that are established by federal statutes or regulations, whether those federal procedures are in conformance with the provisions of this chapter.

15. Purchases, exchanges, gifts or sales by the Citizens' Advisory Council on Furnishing and Interpreting the Executive Mansion.

16. The Eastern Virginia Medical School in the selection of services related to the management and investment of its endowment and other institutional funds. The selection of these services shall, however, be governed by the Uniform Prudent Management of Institutional Funds Act (§ 55-268.11 et seq.).

17. The Department of Corrections in the selection of pre-release and post-incarceration services.

18. The Board of the Chippokes Plantation Farm Foundation in entering into agreements with persons for the construction, operation, and maintenance of projects consistent with the Chippokes Plantation State Park Master Plan approved by the Director of the Department of Conservation and Recreation pursuant to the requirements of § 10.1-200.1 and designed to further an appreciation for rural living and the contributions of the agricultural, forestry, and natural resource based industries of the Commonwealth, provided such projects are supported solely by private or nonstate funding.

19. The University of Virginia Medical Center to the extent provided by subdivision B 3 of § 23-77.4.

20. The purchase of goods and services by a local governing body or any authority, board, department, instrumentality, institution, agency or other unit of state government when such purchases are made under a remedial plan established by the Governor pursuant to subsection C of § 2.2-4310 or by a chief administrative officer of a county, city or town pursuant to § 15.2-965.1.

21. The contract by community services boards or behavioral health authorities with an administrator or management body pursuant to a joint agreement authorized by § 37.2-512 or 37.2-615.

B. Where a procurement transaction involves the expenditure of federal assistance or contract funds, the receipt of which is conditioned upon compliance with mandatory requirements in federal laws or regulations not in conformance with the provisions of this chapter, a public body may comply with such federal requirements, notwithstanding the provisions of this chapter, only upon the written determination of the Governor, in the case of state agencies, or the governing body, in the case of political subdivisions, that acceptance of the grant or contract funds under the applicable conditions is in the public interest. Such determination shall state the specific provision of this chapter in conflict with the conditions of the grant or contract.

§ 23-38.88. Eligibility for restructured financial and administrative operational authority.

A. Public institutions of higher education shall be eligible for the following restructured financial and operational authority:

1. To dispose of their surplus materials at the location where the surplus materials are held and to retain any proceeds from such disposal as provided in subdivision B 14 of § 2.2-1124;

2. To have the option, as provided in subsection C of § 2.2-1132 and pursuant to the conditions and provisions under such subsection, to contract with a building official of the locality in which construction is taking place and for such official to perform any inspection and certifications required for the purpose of complying with the Uniform Statewide Building Code (§ 36-97 et seq.) pursuant to subsection C of § 36-98.1;

3. For those public institutions of higher education that have in effect a signed memorandum of understanding with the Secretary of Administration regarding participation in the nongeneral fund decentralization program as set forth in the appropriation act, as provided in subsection C of § 2.2-1132, to enter into contracts for specific construction projects without the preliminary review and approval of the Division of Engineering and Buildings of the Department of General Services, provided such institutions are in compliance with the requirements of the Virginia Public Procurement Act (§ 2.2-4300 et seq.) and utilize the general terms and conditions for those forms of procurement approved by the Division and the Office of the Attorney General;

4. To acquire easements as provided in subdivision 4 of § 2.2-1149;

5. To enter into an and/or lease or capital lease pursuant to the conditions and provisions provided in subdivision 5 of § 2.2-1149;

6. To convey an easement pertaining to any property such institution owns or controls as provided in subsection C of § 2.2-1150;

7. In accordance with the conditions and provisions of subdivision C 2 of § 2.2-1153, to sell surplus real property valued at less than $5 million, which is possessed and controlled by the institution;

8. For purposes of compliance with § 2.2-4310, to procure goods, services, and construction from a vendor that the institution has certified as a small, women-, and minority-owned business enterprise pursuant to the conditions and provisions provided in § 2.2-1404.1;

9. To be exempt from review of their budget request for information technology by the CIO as provided in subdivision A 4 of § 2.2-2007 Department of Technology Management;

10. To be allowed to establish policies for the designation of administrative and professional faculty positions at the institution pursuant to the conditions and provisions provided in subsection E of § 2.2-2901;

11. To receive the financial benefits described under § 2.2-5005 pursuant to the conditions and provisions of such section;

12. To be exempt from reporting its purchases to the Secretary of Education, provided that all purchases, including sole source purchases, are placed through the Commonwealth's electronic procurement system using proper system codes for the methods of procurement;

13. To utilize as methods of procurement a fixed price, design-build or construction management contract notwithstanding the provisions of § 2.2-4306; and

14. The restructured financial and operational authority set forth in Subchapter Article 2 (§ 23-38.90) and Subchapter Article 3 (§ 23-38.91 et seq.) of this chapter.

No such authority shall be granted unless the institution meets the conditions set forth in this chapter.

B. The Board of Visitors of a public institution of higher education shall commit to the Governor and the General Assembly by August 1, 2005, through formal resolution adopted according to its own bylaws, to meeting the state goals specified below, and shall be responsible for ensuring that such goals are met, in addition to such other responsibilities as may be prescribed by law. Each such institution shall commit to the Governor and the General Assembly to:

1. Consistent with its institutional mission, provide access to higher education for all citizens throughout the Commonwealth, including underrepresented populations, and, consistent with subdivision 4 of § 23-9.6:1 and in accordance with anticipated demand analysis, meet enrollment projections and degree estimates as agreed upon with the State Council of Higher Education for Virginia. Each such institution shall bear a measure of responsibility for ensuring that the statewide demand for enrollment is met;

2. Consistent with § 23-9.2:3.03, ensure that higher education remains affordable, regardless of individual or family income, and through a periodic assessment, determine the impact of tuition and fee levels net of financial aid on applications, enrollment, and student indebtedness incurred for the payment of tuition and fees;

3. Offer a broad range of undergraduate and, where appropriate, graduate programs consistent with its mission and assess regularly the extent to which the institution's curricula and degree programs address the Commonwealth's need for sufficient graduates in particular shortage areas, including specific academic disciplines, professions, and geographic regions;

4. Ensure that the institution's academic programs and course offerings maintain high academic standards, by undertaking a continuous review and improvement of academic programs, course availability, faculty productivity, and other relevant factors;

5. Improve student retention such that students progress from initial enrollment to a timely graduation, and that the number of degrees conferred increases as enrollment increases;

6. Consistent with its institutional mission, develop articulation agreements that have uniform application to all Virginia community colleges and meet appropriate general education and program requirements at the four-year institution, provide additional opportunities for associate degree graduates to be admitted and enrolled, and offer dual enrollment programs in cooperation with high schools;

7. Actively contribute to efforts to stimulate the economic development of the Commonwealth and the area in which the institution is located, and for those institutions subject to a management agreement set forth in Subchapter Article 3 (§ 23-38.91 et seq.) of this chapter, in areas that lag the Commonwealth in terms of income, employment, and other factors;

8. Consistent with its institutional mission, increase the level of externally funded research conducted at the institution and facilitate the transfer of technology from university research centers to private sector companies;

9. Work actively and cooperatively with elementary and secondary school administrators, teachers, and students in public schools and school divisions to improve student achievement, upgrade the knowledge and skills of teachers, and strengthen leadership skills of school administrators;

10. Prepare a six-year financial plan consistent with § 23-9.2:3.03;

11. Conduct the institution's business affairs in a manner that maximizes operational efficiencies and economies for the institution, contributes to maximum efficiencies and economies of state government as a whole, and meets the financial and administrative management standards as specified by the Governor pursuant to § 2.2-5004 and included in the appropriation act that is in effect, which shall include best practices for electronic procurement and leveraged purchasing, information technology, real estate portfolio management, and diversity of suppliers through fair and reasonable consideration of small, women-owned, and minority-owned business enterprises; and

12. Seek to ensure the safety and security of the Commonwealth's students on college and university campuses.

Upon making such commitments to the Governor and the General Assembly by August 1, 2005, the public institution of higher education shall be allowed to exercise the restructured financial and operational authority set forth in subdivisions A 1 through A 13 of § 23-38.88, subject to such conditions as may be provided under the enabling statutes granting the additional authority.

C. As provided in § 23-9.6:1.01, the State Council of Higher Education shall in consultation with the respective chairmen of the House Committees on Education and Appropriations and the Senate Committees on Finance and Education and Health or their designees, representatives of public institutions of higher education, and such other state officials as may be designated by the Governor, develop objective measures of educational-related performance and institutional performance benchmarks for such objective measures. At a minimum, the State Council shall develop such objective measures and institutional performance benchmarks for the goals and objectives set forth in subdivisions B 1 through B 10 and B 12. In addition, the Governor shall develop objective measures of financial and administrative management performance and related institutional performance benchmarks for the goals and objectives set forth in subdivision B 11.

As provided in subsection C of § 23-9.6:1.01, any public institution of higher education that has been certified during the fiscal year by the State Council of Higher Education for Virginia as meeting the institutional performance benchmarks in effect for the fiscal year as set forth in the general appropriation act shall be provided the financial benefits under § 2.2-5005. Such benefits shall first be provided as determined under such section.

D. 1. The restructured financial and operational authority set forth in Subchapter Article 3 (§ 23-38.91 et seq.) of this chapter shall only be granted in accordance with the expressed terms of a management agreement between the public institution of higher education and the Commonwealth.

No restructured financial or operational authority set forth in Subchapter Article 3 (§ 23-38.91 et seq.) of this chapter shall be granted to a public institution of higher education unless such authority is expressly included in the management agreement. In addition, the only implied authority that shall be granted from entering into a management agreement is that implied authority that is actually necessary to carry out the expressed grant of restructured financial or operational authority. As a matter of law, the initial presumption shall be that any restructured financial or operational authority set forth in Subchapter Article 3 is not included in the management agreement. These requirements shall also apply to any other provision included in Subchapter Article 3.

2. No public institution of higher education shall enter into a management agreement unless:

a. (i) Its most current and unenhanced bond rating received from (a) Moody's Investors Service, Inc., (b) Standard & Poor's, Inc., or (c) Fitch Investor's Services, Inc. is at least AA- (i.e., AA minus) or its equivalent, provided that such bond rating has been received within the last three years of the date that the initial agreement is entered into or (ii) the institution has (a) participated in decentralization pilot programs in the areas of finance and capital outlay, (b) demonstrated management competency in those two areas as evidenced by a written certification from the Cabinet Secretary or Secretaries designated by the Governor, (c) received additional operational authority under a memorandum of understanding pursuant to § 23-38.90 in at least one functional area, and (d) demonstrated management competency in that area for a period of at least two years. In submitting "The Budget Bill" for calendar year 2005 pursuant to subsection A of § 2.2-1509, the Governor shall include criteria for determining whether or not an institution has demonstrated the management competency required by clause (ii) of this subdivision;

b. An absolute two-thirds, or more, of the institution's governing body shall have voted in the affirmative for a resolution expressing the sense of the body that the institution is qualified to be, and should be, governed by the provisions of Subchapter Article 3 (§ 23-38.91 et seq.) of this chapter, which resolution shall be included in the initial management agreement;

c. The institution agrees to reimburse the Commonwealth for any additional costs to the Commonwealth in providing health or other group insurance benefits to employees, and in undertaking any risk management program, that are attributable to the institution's exercise of any restructured financial or operational authority set forth in Subchapter Article 323-38.91 et seq.). The institution's agreement to reimburse the Commonwealth for such additional costs shall be expressly included in each management agreement with the institution. The Secretary of Finance and the Secretary of Administration, in consultation with the Virginia Retirement System and the affected institutions, shall establish procedures for determining any amounts to be paid by each institution and a mechanism for transferring the appropriate amounts directly and solely to the programs whose costs have been affected.

In developing management agreements, public institutions of higher education shall give consideration to potential future impacts of tuition increases on the Virginia College Savings Plan (§ 23-38.75) and shall discuss such potential impacts with parties participating in development of such agreements. The chief executive officer of the Virginia College Savings Plan shall provide to the institution and such parties the Plan's assumptions underlying the contract pricing of the program; and

d. Before executing a management agreement with the Commonwealth that affects insurance or benefit programs administered by the Virginia Retirement System, the Governor shall transmit a draft of the relevant provisions to the Board of Trustees of the Virginia Retirement System, which shall review the relevant provisions in order to ensure compliance with the applicable provisions of Title 51.1, administrative policies and procedures and federal regulations governing retirement plans. The Board shall advise the Governor and appropriate Cabinet Secretaries of any conflicts.

3. Each initial management agreement with an institution shall remain in effect for a period of three years. Subsequent management agreements with the institution shall remain in effect for a period of five years.

If an existing agreement is not renewed or a new agreement executed prior to the expiration of the three-year or five-year term, as applicable, the existing agreement shall remain in effect on a provisional basis for a period not to exceed one year. If, after the expiration of the provisional one-year period, the management agreement has not been renewed or a new agreement executed, the institution shall no longer be granted any of the financial or operational authority set forth in Subchapter Article 3 (§ 23-38.91 et seq.) of this chapter, unless and until such time as a new management agreement is entered into between the institution and the Commonwealth.

The Joint Legislative Audit and Review Commission, in cooperation with the Auditor of Public Accounts, shall conduct a review relating to the initial management agreement with each public institution of higher education. The review shall cover a period of at least the first 24 months from the effective date of the management agreement. The review shall include, but shall not be limited to, the degree of compliance with the expressed terms of the management agreement, the degree to which the institution has demonstrated its ability to manage successfully the administrative and financial operations of the institution without jeopardizing the financial integrity and stability of the institution, the degree to which the institution is meeting the objectives described in subsection B, and any related impact on students and employees of the institution from execution of the management agreement. The Joint Legislative Audit and Review Commission shall make a written report of its review no later than June 30 of the third year of the management agreement. The Joint Legislative Audit and Review Commission is authorized, but not required, to conduct a similar review of any management agreement entered into subsequent to the initial agreement.

4. The right and power by the Governor to void a management agreement shall be expressly included in each management agreement. The management agreement shall provide that if the Governor makes a written determination that a public institution of higher education that has entered into a management agreement with the Commonwealth is not in substantial compliance with the terms of the agreement or with the requirements of this chapter in general, (i) the Governor shall provide a copy of that written determination to the chairmen of the Board of Visitors or other governing body of the public institution of higher education and to the members of the General Assembly, and (ii) the institution shall develop and implement a plan of corrective action, satisfactory to the Governor, for purposes of coming into substantial compliance with the terms of the management agreement and with the requirements of this chapter, as soon as practicable, and shall provide a copy of such corrective action plan to the members of the General Assembly. If after a reasonable period of time after the corrective action plan has been implemented by the institution, the Governor determines that the institution is not yet in substantial compliance with the management agreement or the requirements of this chapter, the Governor may void the management agreement. Upon the Governor voiding a management agreement, the affected public institution of higher education shall not be allowed to exercise any restructured financial or operational authority pursuant to the provisions of Subchapter Article 3 (§ 23-38.91 et seq.) unless and until the institution enters into a subsequent management agreement with the Secretary or Secretaries designated by the Governor or the void management agreement is reinstated by the General Assembly.

5. A management agreement with a public institution of higher education shall not grant any of the restructured financial or operational authority set forth in Subchapter Article 3 (§ 23-38.91 et seq.) of this chapter to the Virginia Cooperative Extension and Agricultural Experiment Station, the University of Virginia College at Wise, or the Virginia Institute of Marine Sciences or to an affiliated entity of the institution unless such intent, as well as the degree of the restructured financial or operational authority to be granted, is expressly included in the management agreement.

6. Following the execution of each management agreement with a public institution of higher education and submission of that management agreement to the Chairmen of the House Committee on Appropriations, the House Committee on Education, the Senate Committee on Finance, and the Senate Committee on Education and Health pursuant to § 23-38.97, the Governor shall include a recommendation for approval of the management agreement in "The Budget Bill" submitted pursuant to subsection A of § 2.2-1509 or in his gubernatorial amendments submitted pursuant to subsection E of § 2.2-1509 due by the December 20 that immediately follows the date of submission of the management agreement to such Committees. Following the General Assembly's consideration of whether to approve or disapprove the management agreement as recommended, if the management agreement is approved as part of the general appropriation act, it shall become effective on the effective date of such general appropriation act. However, no management agreement shall be entered into by a public institution of higher education and the Secretary or Secretaries designated by the Governor after November 15 of a calendar year.

E. A covered institution and the members of its governing body, officers, directors, employees, and agents shall be entitled to the same sovereign immunity to which they would be entitled if the institution were not governed by this chapter; provided further, that the Virginia Tort Claims Act (§ 8.01-195.1 et seq.) and its limitations on recoveries shall remain applicable with respect to institutions governed by this chapter.

§ 23-38.111. Information technology.

Subject to the terms of the management agreement, covered institutions may be exempt from the provisions governing the Virginia Information Technologies Agency, Chapter 20.1 (§ 2.2-2005 et seq.) of Title 2.2., and the provisions governing the Information Technologies Investment Board, Article 20 of Chapter 24 (§ 2.2-2457 et seq.) of Title 2.2;, provided, however, that the governing body of a covered institution shall adopt, and the covered institution shall comply with, policies for the procurement of information technology goods and services, including professional services, that are consistent with the requirements of § 23-38.110 and that include provisions addressing cooperative arrangements for such procurement as described in § 23-38.110, and shall adopt and comply with institutional policies and professional best practices regarding strategic planning for information technology, project management, security, budgeting, infrastructure, and ongoing operations.

§ 23-77.4. Medical center management.

A. The General Assembly recognizes and finds that the economic viability of the University of Virginia Medical Center, hereafter referred to as the Medical Center, together with the requirement for its specialized management and operation, and the need of the Medical Center to participate in cooperative arrangements reflective of changes in health care delivery, as set forth in § 23-77.3, are dependent upon the ability of the management of the Medical Center to make and implement promptly decisions necessary to conduct the affairs of the Medical Center in an efficient, competitive manner. The General Assembly also recognizes and finds that it is critical to, and in the best interests of, the Commonwealth that the University continue to fulfill its mission of providing quality medical and health sciences education and related research and, through the presence of its Medical Center, continue to provide for the care, treatment, health-related services, and education activities associated with Virginia patients, including indigent and medically indigent patients. Because the General Assembly finds that the ability of the University to fulfill this mission is highly dependent upon revenues derived from providing health care through its Medical Center, and because the General Assembly also finds that the ability of the Medical Center to continue to be a reliable source of such revenues is heavily dependent upon its ability to compete with other providers of health care that are not subject to the requirements of law applicable to agencies of the Commonwealth, the University is hereby authorized to implement the following modifications to the management and operation of the affairs of the Medical Center in order to enhance its economic viability:

B. Capital projects; leases of property; procurement of goods, services and construction.

1. Capital projects.

a. For any Medical Center capital project entirely funded by a nongeneral fund appropriation made by the General Assembly, all post-appropriation review, approval, administrative, and policy and procedure functions performed by the Department of General Services, the Division of Engineering and Buildings, the Department of Planning and Budget and any other agency that supports the functions performed by these departments are hereby delegated to the University, subject to the following stipulations and conditions: (i) the Board of Visitors shall develop and implement an appropriate system of policies, procedures, reviews and approvals for Medical Center capital projects to which this subdivision applies; (ii) the system so adopted shall provide for the review and approval of any Medical Center capital project to which this subdivision applies in order to ensure that, except as provided in clause (iii), the cost of any such capital project does not exceed the sum appropriated therefor and that the project otherwise complies with all requirements of the Code of Virginia regarding capital projects, excluding only the post-appropriation review, approval, administrative, and policy and procedure functions performed by the Department of General Services, the Division of Engineering and Buildings, the Department of Planning and Budget and any other agency that supports the functions performed by these departments; (iii) the Board of Visitors may, during any fiscal year, approve a transfer of up to a total of 15 percent of the total nongeneral fund appropriation for the Medical Center in order to supplement funds appropriated for a capital project or capital projects of the Medical Center, provided that the Board of Visitors finds that the transfer is necessary to effectuate the original intention of the General Assembly in making the appropriation for the capital project or projects in question; (iv) the University shall report to the Department of General Services on the status of any such capital project prior to commencement of construction of, and at the time of acceptance of, any such capital project; and (v) the University shall ensure that Building Officials and Code Administrators (BOCA) Code and fire safety inspections of any such project are conducted and that such projects are inspected by the State Fire Marshal or his designee prior to certification for building occupancy by the University's assistant state building official to whom such inspection responsibility has been delegated pursuant to § 36-98.1. Nothing in this section shall be deemed to relieve the University of any reporting requirement pursuant to § 2.2-1513. Notwithstanding the foregoing, the terms and structure of any financing of any capital project to which this subdivision applies shall be approved pursuant to § 2.2-2416.

b. No capital project to which this subdivision applies shall be materially increased in size or materially changed in scope beyond the plans and justifications that were the basis for the project's appropriation unless: (i) the Governor determines that such increase in size or change in scope is necessary due to an emergency or (ii) the General Assembly approves the increase or change in a subsequent appropriation for the project. After construction of any such capital project has commenced, no such increase or change may be made during construction unless the conditions in (i) or (ii) have been satisfied.

2. Leases of property.

a. The University shall be exempt from the provisions of § 2.2-1149 and from any rules, regulations and guidelines of the Division of Engineering and Buildings in relation to leases of real property that it enters into on behalf of the Medical Center and, pursuant to policies and procedures adopted by the Board of Visitors, may enter into such leases subject to the following conditions: (i) the lease must be an operating lease and not a capital lease as defined in guidelines established by the Secretary of Finance and Generally Accepted Accounting Principles (GAAP); (ii) the University's decision to enter into such a lease shall be based upon cost, demonstrated need, and compliance with guidelines adopted by the Board of Visitors which direct that competition be sought to the maximum practical degree, that all costs of occupancy be considered, and that the use of the space to be leased actually is necessary and is efficiently planned; (iii) the form of the lease is approved by the Special Assistant Attorney General representing the University; (iv) the lease otherwise meets all requirements of law; (v) the leased property is certified for occupancy by the building official of the political subdivision in which the leased property is located; and (vi) upon entering such leases and upon any subsequent amendment of such leases, the University shall provide copies of all lease documents and any attachments thereto to the Department of General Services.

b. Notwithstanding the provisions of §§ 2.2-1155 and 23-4.1, but subject to policies and procedures adopted by the Board of Visitors, the University may lease, for a purpose consistent with the mission of the Medical Center and for a term not to exceed 50 years, property in the possession or control of the Medical Center.

c. Notwithstanding the foregoing, the terms and structure of any financing arrangements secured by capital leases or other similar lease financing agreements shall be approved pursuant to § 2.2-2416.

3. Procurement of goods, services and construction.

Contracts awarded by the University in compliance with this section, on behalf of the Medical Center, for the procurement of goods; services, including professional services; construction; and information technology and telecommunications, shall be exempt from (i) the Virginia Public Procurement Act (§ 2.2-4300 et seq.), except as provided below; (ii) the requirements of the Division of Purchases and Supply of the Department of General Services as set forth in Article 3 (§ 2.2-1109 et seq.) of Chapter 11 of Title 2.2; (iii) the requirements of the Division of Engineering and Buildings as set forth in Article 4 (§ 2.2-1129 et seq.) of Chapter 11 of Title 2.2; and (iv) the authority of the Chief Information Officer and the Virginia Information Technologies Agency as set forth in Chapter 20.1 (§ 2.2-2005 et seq.) of Title 2.2 and the Information Technology Investment Board created pursuant to § 2.2-2457; and (v) the authority of the Department of Technology Management as set forth in Chapter 20.2 (§ 2.2-2037 et seq.) of Title 2.2 regarding the review and approval of contracts for (a) the construction of Medical Center capital projects and (b) information technology and telecommunications projects; however, the provisions of this subdivision may not be implemented by the University until such time as the Board of Visitors has adopted guidelines generally applicable to the procurement of goods, services, construction and information technology and telecommunications projects by the Medical Center or by the University on behalf of the Medical Center. Such guidelines shall be based upon competitive principles and shall in each instance seek competition to the maximum practical degree. The guidelines shall implement a system of competitive negotiation for professional services; shall prohibit discrimination because of race, religion, color, sex, or national origin of the bidder or offeror in the solicitation or award of contracts; may take into account in all cases the dollar amount of the intended procurement, the term of the anticipated contract, and the likely extent of competition; may implement a prequalification procedure for contractors or products; may include provisions for cooperative procurement arrangements with private health or educational institutions, or with public agencies or institutions of the several states, territories of the United States or the District of Columbia; shall incorporate the prompt payment principles of §§ 2.2-4350 and 2.2-4354; and may implement provisions of law. The following sections of the Virginia Public Procurement Act shall continue to apply to procurements by the Medical Center or by the University on behalf of the Medical Center: §§ 2.2-4311, 2.2-4315, and 2.2-4342 (which section shall not be construed to require compliance with the prequalification application procedures of subsection B of § 2.2-4317), 2.2-4330, 2.2-4333 through 2.2-4341, and 2.2-4367 through 2.2-4377.

C. Subject to such conditions as may be prescribed in the budget bill under § 2.2-1509 as enacted into law by the General Assembly, the State Comptroller shall credit, on a monthly basis, to the nongeneral fund operating cash balances of the University of Virginia Medical Center the imputed interest earned by the investment of such nongeneral fund operating cash balances, including but not limited to those balances derived from patient care revenues, on deposit with the State Treasurer.

§ 56-484.12. Definitions.

As used in this article, unless the context requires a different meaning:

"Automatic location identification" or "ALI" means a telecommunications network capability that enables the automatic display of information defining the geographical location of the telephone used to place a wireless Enhanced 9-1-1 call.

"Automatic number identification" or "ANI" means a telecommunications network capability that enables the automatic display of the telephone number used to place a wireless Enhanced 9-1-1 call.

"Board" means the Wireless E-911 Services Board created pursuant to this article.

"Chief Information Officer" or "CIO" means the Chief Information Officer appointed pursuant to § 2.2-2005.

"Coordinator" means the Virginia Public Safety Communications Systems Coordinator employed by the Division PSCD.

"CMRS" means mobile telecommunications service as defined in the federal Mobile Telecommunications Sourcing Act, 4 U.S.C. § 124, as amended.

"CMRS provider" means an entity authorized by the Federal Communications Commission to provide CMRS within the Commonwealth of Virginia.

"Division" means the Division of Public Safety Communications created in § 2.2-2031.

"Director" means the Director of the Department of Technology Management.

"Enhanced 9-1-1 service" or "E-911" means a service consisting of telephone network features and PSAPs provided for users of telephone systems enabling such users to reach a PSAP by dialing the digits "9-1-1." Such service automatically directs 9-1-1 emergency telephone calls to the appropriate PSAPs by selective routing based on the geographical location from which the emergency call originated and provides the capability for ANI and ALI features.

"FCC order" means Federal Communications Commission Order 94-102 (61 Federal Register 40348) and any other FCC order that affects the provision of E-911 service to CMRS customers.

"Local exchange carrier" means any public service company granted a certificate to furnish public utility service for the provision of local exchange telephone service pursuant to Chapter 10.1 (§ 56-265.1 et seq.) of Title 56.

"Place of primary use" has the meaning as defined in the federal Mobile Telecommunications Sourcing Act, 4 U.S.C. § 124, as amended.

"PSCD" means the Public Safety Communications Division established pursuant to § 2.2-2052.

"Public safety answering point" or "PSAP" means a facility (i) equipped and staffed on a 24-hour basis to receive and process E-911 calls or (ii) that intends to receive and process E-911 calls and has notified CMRS providers in its jurisdiction of its intention to receive and process such calls.

"VoIP service" means interconnected voice over Internet protocol service as defined in the Code of Federal Regulations, Title 47, Part 9, section 9.3, as amended.

"Wireless E-911 CMRS costs" means all reasonable, direct recurring and nonrecurring capital costs and operating expenses incurred by CMRS providers in designing, upgrading, leasing, purchasing, programming, installing, testing, administering, delivering, or maintaining all necessary data, hardware, software and local exchange telephone service required to provide wireless E-911 service, which have been sworn to by an authorized agent of a CMRS provider.

"Wireless E-911 fund" means a dedicated fund consisting of all moneys collected pursuant to the wireless E-911 surcharge, as well as any additional funds otherwise allocated or donated to the wireless E-911 fund.

"Wireless E-911 service" means the E-911 service required to be provided by CMRS providers pursuant to the FCC order.

"Wireless E-911 surcharge" means a monthly fee of $0.75 billed by each CMRS provider and CMRS reseller on each CMRS number of a customer with a place of primary use in Virginia; provided, however, that any fee collected or paid pursuant to the third paragraph of subsection B of § 56-484.17 is not required to be billed.

§ 56-484.13. Wireless E-911 Services Board; membership; terms; compensation.

A. The Wireless E-911 Services Board is hereby created. The Board shall plan, promote and offer assistance:

1. In the statewide development, deployment, and maintenance of enhanced wireless emergency telecommunications services and technologies; and

2. In the development and deployment of enhanced wireline emergency telecommunications services and technologies only in specific local jurisdictions that were not wireline E-911 capable by July 1, 2000.

The Board shall exercise the powers and duties conferred in this article.

B. The Wireless E-911 Services Board may promote and offer planning assistance:

1. In the statewide development, deployment, and maintenance of VoIP E-911 and any other future communications technologies accessing E-911 for emergency purposes;

2. To the Virginia Information Technologies Agency (VITA) Department of Technology Management, and other stakeholder agencies, in the development and deployment of a statewide public safety network that will support future E-911 and other public safety applications; and

3. However, the Board shall seek funding from sources other than CMRS providers or customers of CMRS to support efforts that exceed the scope of wireless E-911 service.

C. The Board shall consist of 15 members as follows: the Director of the Virginia Department of Emergency Management, who shall serve as chairman of the Board; the Comptroller, who shall serve as the treasurer of the Board; the Chief Information Officer Director; and the following 12 members to be appointed by the Governor: one member representing the Virginia State Police, one member representing a local exchange carrier providing E-911 service in Virginia, two members representing wireless service providers authorized to do business in Virginia, three county, city or town PSAP directors or managers representing diverse regions of Virginia, one Virginia sheriff, one chief of police, one fire chief, one emergency medical services manager, and one finance officer of a county, city, or town.

D. All members appointed by the Governor shall serve five-year terms. The CIO Director and the Comptroller shall serve terms coincident with their terms of office. No gubernatorial appointee shall serve more than two consecutive terms.

E. A majority of the Board shall constitute a quorum. The Board shall meet at least quarterly or at the call of its chairman.

F. Members of the Board shall serve without compensation; however, members of the Board shall be reimbursed for expenses as provided in §§ 2.2-2813 through 2.2-2826.

G. The Division PSCD shall provide staff support to the Board. The Geographic Information Network Division created in § 2.2-2026 § 2.2-2047 and the Virginia Department of Transportation shall provide such technical advice as the Board requires.

§ 56-484.14. Powers and duties of Wireless E-911 Services Board.

The Board shall have the power and duty to:

1. Make and enter into all contracts and agreements necessary or incidental to the performance of its duties and the execution of its powers, including purchase agreements payable from (i) the Wireless E-911 Fund and (ii) other moneys appropriated for the provision of enhanced 9-1-1 services.

2. Pursue all legal remedies to enforce any provision of this article, or any contract entered into pursuant to this article.

3. Develop a comprehensive, statewide enhanced 9-1-1 plan for wireless E-911, VoIP E-911, and any other future communications technologies accessing E-911 for emergency purposes. In constructing and periodically updating this plan as appropriate, the Board shall monitor trends and advances in enhanced wireless, VoIP, and other emergency telecommunications technologies, plan and forecast future needs for these enhanced technologies, and formulate strategies for the efficient and effective delivery of enhanced 9-1-1 services in the future with the exclusion of traditional circuit-switched wireline 9-1-1 service.

4. Grant such extensions of time for compliance with the provisions of § 56-484.16 as the Board deems appropriate.

5. Take all steps necessary to inform the public of the use of the digits "9-1-1" as the designated emergency telephone number and the use of the digits "#-7-7" as a designated non-emergency telephone number.

6. Report annually to the Governor, the Senate Committee on Finance and the House Committee on Appropriations, and the Virginia State Crime Commission on (i) the state of enhanced 9-1-1 services in the Commonwealth, (ii) the impact of, or need for, legislation affecting enhanced 9-1-1 services in the Commonwealth, and (iii) the need for changes in the E-911 funding mechanism provided to the Board, as appropriate.

7. Provide advisory technical assistance to PSAPs and state and local law enforcement, and fire and emergency medical service agencies, upon request.

8. Collect, distribute, and withhold moneys from the Wireless E-911 Fund as provided in this article.

9. Develop a comprehensive single, statewide electronic addressing database to support geographic data and statewide base map data programs pursuant to § 2.2-2027 § 2.2-2048.

10. Receive such funds as may be appropriated for purposes consistent with this article and such gifts, donations, grants, bequests, or other funds as may be received from, applied for or offered by either public or private sources.

11. Manage other moneys appropriated for the provision of enhanced emergency telecommunications services.

12. Perform all acts necessary, convenient or desirable to carrying out the purposes of this article.

13. Drawing from the work of E-911 professional organizations, in its sole discretion, publish best practices for PSAPs. These best practices shall be voluntary and recommended by a subcommittee composed of PSAP representatives.

14. Monitor developments in enhanced 9-1-1 service and multiline telephone systems and the impact of such technologies upon the implementation of Article 8 (§ 56-484.19 et seq.) of Chapter 15 of Title 56. The Board shall include its assessment of such impact in the annual report filed pursuant to subdivision 6.

§ 56-484.15. Wireless Carrier E-911 Cost Recovery Subcommittee established.

A. There is hereby established a Wireless Carrier E-911 Cost Recovery Subcommittee of the Board. The Subcommittee shall (i) meet only to determine whether costs submitted by CMRS providers are reasonable and direct to the provision of wireless E-911 service and (ii) review only those documents necessary to determine whether costs submitted by CMRS providers are reasonable and direct to the provision of wireless E-911 service.

B. The Subcommittee shall consist of the following eight members from the Board: the representative of the Virginia State Police; the three PSAP directors or managers; the finance officer of a county, city or town; the CIO Director, the Director of the Virginia Department of Emergency Management, who shall serve as the Subcommittee's chairman; and the Comptroller.

C. Staff to the Subcommittee shall be provided by the Division of Public Safety Communications PSCD created pursuant to § 2.2-2031 § 2.2-2052.

D. Unless otherwise ordered by a court of competent jurisdiction, no member or staff of the Subcommittee shall release or disclose the contents of documents used to determine whether costs submitted by CMRS providers are reasonable and direct to the provision of wireless E-911 service.

§ 56-484.17. Wireless E-911 Fund; uses of Fund; enforcement; audit required.

A. There is hereby created in the state treasury a special nonreverting fund to be known as the Wireless E-911 Fund (the Fund). The Fund shall be established on the books of the Comptroller. Interest earned on moneys in the Fund shall remain in the Fund and be credited to it. Any moneys remaining in the Fund, including interest thereon, at the end of each fiscal year shall not revert to the general fund but shall remain in the Fund. Except as provided in § 2.2-2031 § 2.2-2052, moneys in the Fund shall be used for the purposes stated in subsections C through D. Expenditures and disbursements from the Fund shall be made by the State Treasurer on warrants issued by the Comptroller upon written request signed by the Chief Information Officer of the Commonwealth Director.

B. Each CMRS provider shall collect a wireless E-911 surcharge from each of its customers whose place of primary use is within the Commonwealth. In addition, the wireless E-911 surcharge shall be imposed on wireless customers who purchase prepaid CMRS service, subject to the provisions in this subsection. However, no surcharge shall be imposed on federal, state and local government agencies. A payment equal to all wireless E-911 surcharges shall be remitted within 30 days to the Board for deposit in the Fund. Each CMRS provider and CMRS reseller may retain an amount equal to three percent of the amount collected to defray the costs of collecting the surcharges. State and local taxes shall not apply to any wireless E-911 surcharge collected from customers. Surcharges collected from customers who do not purchase CMRS service on a prepaid basis shall be subject to the provisions of the federal Mobile Telecommunications Sourcing Act (4 U.S.C. § 116 et seq., as amended).

For CMRS customers who do not purchase CMRS service on a prepaid basis, the CMRS provider and CMRS reseller shall collect the surcharge through regular periodic billing.

For CMRS customers who purchase CMRS service on a prepaid basis, the wireless E-911 surcharge shall be determined according to one of the following methodologies:

a. The CMRS provider and CMRS reseller shall collect, on a monthly basis, the wireless E-911 surcharge from each active prepaid customer whose account balance is equal to or greater than the amount of the surcharge; or

b. The CMRS provider and CMRS reseller shall divide its total earned prepaid wireless telephone revenue with respect to prepaid customers in the Commonwealth within the monthly E-911 reporting period by $50, multiply the quotient by the surcharge amount, and pay the resulting amount to the Board without collecting a separate charge from its prepaid customers for such amount; or

c. The CMRS provider and CMRS reseller shall collect the surcharge at the point of sale.

Collection of the wireless E-911 surcharge from or with respect to prepaid customers shall not reduce the sales price for purposes of taxes which are collected at point of sale.

C. Sixty percent of the Wireless E-911 Fund shall be distributed on a monthly basis to the PSAPs according to the percentage of recurring wireless E-911 funding received by the PSAP as determined by the Board. The Board shall calculate the distribution percentage for each PSAP at the start of each fiscal year based on the cost and call load data from the previous fiscal year and implement this percentage by October 1 of the current year. Using 30% of the Wireless E-911 Fund, the Board shall provide full payment to CMRS providers of all wireless E-911 CMRS costs. For these purposes each CMRS provider shall submit to the Board on or before December 31 of each year an estimate of wireless E-911 CMRS costs it expects to incur during the next fiscal year of counties and municipalities in whose jurisdiction it operates. The Board shall review such estimates and advise each CMRS provider on or before the following March 1 whether its estimate qualifies for payment hereunder and whether the Wireless E-911 Fund is expected to be sufficient for such payment during said fiscal year. The remaining 10% of the Fund and any remaining funds for the previous fiscal year from the 30% for CMRS providers shall be distributed to PSAPs or on behalf of PSAPs based on grant requests received by the Board each fiscal year. The Board shall establish criteria for receiving and making grants from the Fund, including procedures for determining the amount of a grant and payment schedule; however, the grants must be to the benefit of wireless E-911. Any grant funding that has not been committed by the Board by the end of the fiscal year shall be distributed to the PSAPs based on the same distribution percentage used during the fiscal year in which the funding was collected; however, the Board may retain some or all of this uncommitted funding for an identified funding need in the next fiscal year.

D. After the end of each fiscal year, on a schedule adopted by the Board, the Board shall audit the grant funding received by all recipients to ensure it was utilized in accordance with the grant requirements. For the fiscal year ending June 30, 2005, the Board shall determine whether qualifying payments to PSAP operators and CMRS providers during the preceding fiscal year exceeded or were less than the actual wireless E-911 PSAP costs or wireless E-911 CMRS costs of any PSAP operator or CMRS provider. Each funding recipient shall provide such verification of such costs as may be requested by the Board. Any overpayment shall be refunded to the Board or credited to payments during the then current fiscal year, on such schedule as the Board shall determine. If payments are less than the actual costs reported, the Board may include the additional funding in the then current fiscal year.

E. The Auditor of Public Accounts, or his legally authorized representatives, shall annually audit the Wireless E-911 Fund. The cost of such audit shall be borne by the Board and be payable from the Wireless E-911 Fund, as appropriate. The Board shall furnish copies of the audits to the Governor, the Public Safety Subcommittees of the Senate Committee on Finance and the House Committee on Appropriations, and the Virginia State Crime Commission.

F. The special tax authorized by § 58.1-1730 shall not be imposed on consumers of CMRS.

§ 58.1-1840.1. Virginia Tax Amnesty Program established.

A. There is hereby established the Virginia Tax Amnesty Program. It is the intent of this program to improve voluntary compliance with the tax laws and to increase and to accelerate collections of certain taxes owed to the Commonwealth.

B. The Virginia Tax Amnesty Program shall be administered by the Department of Taxation, and any person, individual, corporation, estate, trust or partnership required to file a return or to pay any tax administered or collected by the Department of Taxation shall be eligible to participate, subject to the requirements set forth below and guidelines established by the Tax Commissioner.

C. The Tax Commissioner shall establish guidelines and rules for the procedures for participation and any other rules that are deemed necessary by the Tax Commissioner. The guidelines and rules issued by the Tax Commissioner regarding the Virginia Tax Amnesty Program shall be exempt from the Administrative Process Act (§ 2.2-4000 et seq.).

D. The Virginia Tax Amnesty Program shall have the following features:

1. The program shall be conducted during the period July 1, 2009, through June 30, 2010, and shall not last less than 60 nor more than 75 days. The exact dates of the program shall be established by the Tax Commissioner.

2. All civil or criminal penalties assessed or assessable, as provided in this title, including the addition to tax under §§ 58.1-492 and 58.1-504, and one-half of the interest assessed or assessable, as provided in this title, which are the result of nonpayment, underpayment, nonreporting or underreporting of tax liabilities, shall be waived upon receipt of the payment of the amount of taxes and interest owed, with the following exceptions:

a. No person, individual, corporation, estate, trust or partnership currently under investigation or prosecution for filing a fraudulent return or failing to file a return with the intent to evade tax shall qualify to participate.

b. No person, individual, corporation, estate, trust or partnership shall be eligible to participate in the program with respect to any assessment outstanding for which the date of assessment is less than 90 days prior to the first day of the program or with respect to any liability arising from the failure to file a return for which the due date of the return is less than 90 days prior to the first day of the program.

c. No person, individual, corporation, estate, or trust shall be eligible to participate in the program with respect to any tax liability from the income taxes imposed by §§ 58.1-320, 58.1-360 and 58.1-400, if the tax liability is attributable to taxable years beginning on and after January 1, 2008.

E. For the purpose of computing the outstanding balance due because of the nonpayment, underpayment, nonreporting or underreporting of any tax liability that has not been assessed prior to the first day of the program, the rate of interest specified for omitted taxes and assessments under § 58.1-15 shall not be applicable. The Tax Commissioner shall, instead, establish one interest rate to be used for each taxable year that approximates the average "underpayment rate" specified under § 58.1-15 for the five-year period immediately preceding the program.

F. 1. If any taxpayer eligible for amnesty under this section and under the rules and guidelines established by the Tax Commissioner retains any outstanding balance after the close of the Virginia Tax Amnesty Program because of the nonpayment, underpayment, nonreporting or underreporting of any tax liability eligible for relief under the Virginia Tax Amnesty Program, then such balance shall be subject to a 20 percent penalty on the unpaid tax. This penalty is in addition to all other penalties that may apply to the taxpayer.

2. Any taxpayer who defaults upon any agreement to pay tax and interest arising out of a grant of amnesty is subject to reinstatement of the penalty and interest forgiven and the imposition of the penalty under this section as though the taxpayer retained the original outstanding balance at the close of the Virginia Tax Amnesty Program.

G. For the purpose of implementing the Virginia Tax Amnesty Program, the Department is exempt from §§ 2.2-2015 and 2.2-2018 through 2.2-2021 §§ 2.2-2043 and 2.2-2045 pertaining to the Virginia Information Technologies Agency's Department of Technology Management's project management and procurement oversight.

2.  That §§ 2.2-2008, 2.2-2010, 2.2-2011, 2.2-2014, 2.2-2015, Article 2 (§§ 2.2-2016 through 2.2-2021), Article 4 (§§ 2.2-2025 through 2.2-2030), and Article 5 (§ 2.2-2031) of Chapter 20.1 of Title 2.2, and Article 20 (§§ 2.2-2457 through 2.2-2458.1) of Chapter 24 of Title 2.2 of the Code of Virginia are repealed.

3.  That the Chief Information Officer shall continue to serve as the Chief Information Officer of the Commonwealth for a period of at least six months after the effective date of this act or until such time as the Governor has appointed a new Chief Information Officer.

4.  That on or before October 1, 2010, the Chief Information Officer shall, in consultation with the Joint Legislative Audit and Review Commission and the Department of Planning and Budget, develop standard documentation and information to be used as part of any requests for changes to its fee schedules and rates.

5.  That on or before October 1, 2010, the Secretary of Technology shall submit a report to the General Assembly on the progress of implementing the provisions of this act, including a plan to create the Department of Technology Management. The report shall be delivered to the chairs of the House and Senate General Laws Committees, the House Appropriations and Senate Finance Committees, and the House Science and Technology Committee.

6.  That the Department of Technology Management shall be organized and operational by January 1, 2011.

7.  That on or before October 1, 2010 the Secretary of Technology, in consultation with the Joint Legislative Audit and Review Commission and any other parties as directed by the Secretary of Technology, shall develop a new review, approval, and monitoring process for information technology projects to replace the process required by § 2.2-2045.  The new process shall be operational by January 1, 2011, and shall be implemented and regularly updated by the Project Management Division under the direction of the Director of the Department of Technology Management. The process shall be designed to ensure that information technology projects conform to the statewide information management plan and the information management plans of agencies and public institutions of higher education. The process shall also be designed to ensure that projects are provided with appropriate levels of oversight once they are under execution. The level of review and oversight shall vary depending upon defined risk factors including, but not limited to, the cost of the project. In order to achieve the above goals, the process shall describe a methodology for agencies to follow in conceiving, planning, developing, scheduling and executing information technology projects, including procurements related to those projects.

8. That on or before October 1, 2010 the Secretary of Technology, in consultation with the Joint Legislative Audit and Review Commission and any other parties as directed by the Secretary of Technology, shall develop a process for VITA to review, and the Department of Technology Management to approve, information technology procurements requested by VITA and other state agencies. The process shall be operational by January 1, 2011, and shall be implemented and maintained by the Director of the Department of Technology Management and the Chief Information Officer. The process shall be designed to ensure that all such procurements conform to the statewide information management plan and the information management plans of agencies and public institutions of higher education. The level of review shall vary depending upon defined risk factors including, but not limited to, the cost of the procurement. In order to achieve the above goals, the process shall describe a methodology for agencies to follow in requesting and executing information technology procurements.

9. That by October 1, 2010 the Secretary of Technology, in consultation with the Joint Legislative Audit and Review Commission, the Chief Information Officer,  and any other parties as directed by the Secretary of Technology, shall propose a plan to reorganize the functions of the Public Safety Communications Division and the Virginia Geographic Information Network. This plan shall include, but not be limited to, consideration of formation of a single Integrated Services Division; the desired extent to which this Division should serve as a clearinghouse for geographic and base map data; and any needed statutory changes in the authority, powers, and resources of the Division needed to ensure the efficient and effective coordination of public safety communications and geographic information systems services between local governments and state agencies. This plan shall also consider the extent to which regional provision of public safety communications and geographic information systems services is desirable and feasible, and the role of the Division in their provision, and also recommend steps to increase regional cooperation to promote the efficient and effective provision of these services.

10.  That no additional funds from the general appropriation act passed by the 2010 Session of the General Assembly shall be used to implement the provisions of this act. Any additional funding necessary to implement the provisions of this act shall be provided from internal service funds maintained by the Virginia Information Technologies Agency.