67-827A. POWERS AND DUTIES. The office of information technology services is hereby authorized and directed:
(1)(a)(i) To control and approve the acquisition and installation of all telecommunications equipment and facilities for all departments and institutions of state government, except as provided in subparagraphs (ii), (iii) and (iv) of this paragraph;
(ii) To coordinate the acquisition and installation of all telecommunications equipment and facilities for the institutions of higher education and the elected officers in the executive branch;
(iii) To coordinate the acquisition and installation of all telecommunications equipment and facilities for the legislative and judicial branches;
(iv) Provided however, that the acquisition and installation of all public safety and microwave equipment shall be under the control of the military division.
(b) In approving or coordinating the acquisition or installation of telecommunications equipment or facilities, the office shall first consult with and consider the recommendations and advice of the directors or executive heads of the various departments or institutions. Any acquisition or installation of any telecommunications equipment or facilities that is contrary to the office’s recommendation, or is not in harmony with the state’s overall plan for telecommunications and information sharing, shall be reported in writing to the governor and the legislature.
(2) To provide a system of telecommunications for all departments and institutions of state government. Funds received pursuant to this subsection shall be appropriated for payment of telecommunication and telephone charges incurred by the various agencies and institutions of state government.
(3) To provide a means whereby political subdivisions of the state may use the state telecommunications system, upon such terms and under such conditions as the office of information technology services may establish.
(4) To accept federal funds granted by congress or by executive order for all or any of the purposes of this chapter, as well as gifts and donations from individuals and private organizations or foundations.
(5) To oversee implementation of cybersecurity policies to foster risk and cybersecurity management telecommunications and decision-making with both internal and external organizational stakeholders.
(6) To coordinate and consult with state agencies and officials regarding information security needs.
(7) To coordinate with state agencies and officials on penetration tests and vulnerability scans of state technology systems in order to identify steps to mitigate identified risks.
(8) To coordinate with state agencies and officials to ensure that state agencies implement mandatory education and training of state employees and provide guidance on appropriate levels of training for various classifications of state employees.
(9) To coordinate with appropriate state agencies to create, coordinate, publish, routinely update and market a statewide cybersecurity website as an information repository for intelligence-sharing and cybersecurity best practices.
(10) To coordinate public and private entities to develop, create and promote statewide public outreach efforts to protect personal information and sensitive data from cyber threats.
(l1) To promulgate and adopt reasonable rules for effecting the purposes of this act pursuant to the provisions of chapter 52, title 67, Idaho Code.
History:
[67-827A, added 2018, ch. 258, sec. 2, p. 610.]