Statutes, codes, and regulations
Iowa Administrative Code
Agency 129 - CHIEF INFORMATION OFFICER, OFFICE OF THETitle I - GENERAL OFFICE PROCEDURES
Chapter 8 - INFORMATION TECHNOLOGY GOVERNANCE
Rule 129-8.6 - Waivers from information technology governance requirements

Iowa Admin. Code r. 129-8.6

Download
PDF
Current through Register Vol. 47, No. 11, December 11, 2024
Rule 129-8.6 - Waivers from information technology governance requirements
(1)Requests for waiver. A participating agency may file a request for waiver from an information technology governance requirement, in whole or in part, in accordance with the following form, manner, and content requirements.
a. Form and manner. A request for waiver shall be made on forms provided by the office and may be submitted by email to cio@iowa.gov. A request for waiver must be signed by the head of the participating agency seeking the waiver.
b. Content. The request shall:
(1) Include the name and address of the participating agency and a telephone number and email address for the point of contact at the participating agency to whom inquiries and notices regarding the request for waiver may be directed;
(2) Include a reference to the specific information technology governance requirement for which the waiver is submitted;
(3) Include a statement of facts, including a description of the problem or issue prompting the request;
(4) Describe the participating agency's preferred solution;
(5) Outline an alternative approach to be implemented by the participating agency intended to satisfy the waived information technology governance requirement;
(6) Describe the business case for the alternative approach;
(7) Include a copy of a third-party audit or report that compares the participating agency's preferred solution to the information technology solution that can be provided by the office;
(8) Outline the economic justification for the waiver or a statement as to why the waiver is in the best interests of the state;
(9) Specify the time period for which the waiver is requested and, to the extent a permanent waiver is requested, explain why a temporary waiver would be impracticable; and
(10) Include or be accompanied by any other information, including supporting evidence or documentation, deemed relevant by the participating agency, including information that would aid the office in applying the factors outlined in Iowa Code section 8B.21(5)"b" or determining whether granting the request, in whole or in part, is in the best interests of the state of Iowa.
c. The office and participating agency shall collaborate on both determining the need for a waiver and, if a waiver is determined to be necessary, the development of request for waiver.
(2)Notice, additional information, and opportunity for meeting.
a. Notice. The office may notify other participating agencies that may be interested in or affected by the office's decision regarding a request for waiver and may allow other participating agencies to review the request for waiver and related materials submitted in connection therewith.
b. Additional information.
(1) The office may request, or require in accordance with Iowa Code section 8B.21(1)"k" and "/," additional information, evidence, or documentation from the participating agency submitting the request that would aid the office in assessing the request in accordance with the factors outlined in Iowa Code section 8B.21(5)"b" and in determining whether granting the request, in whole or in part, is ultimately in the best interests of the state of Iowa.
(2) The office may permit, or require in accordance with Iowa Code section 8B.21(1)"k" and "/," other participating agencies that may be interested in or affected by the office's decision to submit supporting or competing viewpoints, evidence, or documentation that would aid the office in assessing the request in accordance with the factors outlined in Iowa Code section 8B.21(5)"b" and in determining whether granting the request, in whole or in part, is ultimately in the best interests of the state of Iowa.
c. The office shall coordinate and schedule a meeting with the participating agency submitting the request or any other participating agency that may be interested in or affected by the office's decision.
(3)Granting a waiver. In response to the office's receipt of a request for waiver under and in accordance with this chapter, the CIO may issue an order waiving, in whole or in part, an information technology governance requirement. The CIO may only grant a waiver if the participating agency shows that the waiver would be in the best interests of the state. In determining whether to grant a waiver, in whole or in part, the CIO shall consider the factors outlined in Iowa Code section 8B.21(5)"b." The final decision on whether the circumstances justify the grant of a requested waiver, in whole or in part, shall be in the sole discretion of the CIO.
a. An order granting or denying a waiver, in whole or in part, shall be in writing and shall:
(1) Identify the participating agency(ies) to which the order applies;
(2) Identify the specific information technology governance requirements involved;
(3) Include a statement of the relevant facts and reasons for the decision, including an application of the factors outlined in Iowa Code section 8B.21(5)"b" and an explanation as to how the waiver is or is not in the best interests of the state; and
(4) To the extent a waiver is granted, describe the precise scope of the waiver including its duration and any conditions associated therewith.
b. A waiver, if granted, shall provide the narrowest exception possible to the information technology governance requirements involved.
c. The CIO may place any condition on a waiver that the CIO finds desirable to protect the best interests of the state.
d. A waiver shall not be permanent unless the requestor can show that a temporary waiver would be impracticable. If a temporary waiver is granted, there is no automatic right to renewal. At the sole discretion of the CIO, a waiver may be renewed if the CIO finds that grounds for a waiver continue to exist.
e. The CIO shall grant or deny a request for waiver as soon as practicable but, in any event, shall do so within 120 days of its receipt, unless the petitioner agrees to a later date or the CIO, specifying good cause, extends this time period with respect to a particular petition for an additional 30 days.
f. Service of order. Within seven days of its issuance, any order issued under this chapter shall be transmitted to the participating agency by email to the contact at the participating agency identified in the request for waiver. The office may also transmit a copy of the order to other participating agencies that may be interested in or affected by the office's decision.
g. Consolidation. In the event the CIO receives similar requests for waivers from multiple participating agencies concerning the same information technology governance requirements, the CIO may consolidate the requests and issue a single ruling granting or denying the requests, in whole or in part.
(4)Cancellation of a waiver. A waiver issued by the CIO pursuant to this chapter may be withdrawn, canceled, or modified after appropriate notice and fact-finding. Failure of a participating agency to cooperate in any fact-finding process initiated by the CIO to determine whether a waiver previously issued pursuant to this chapter should be withdrawn, canceled, or modified is grounds to cancel or modify a previously granted waiver.
(5)Violation of a waiver. Violation of a condition in a waiver order shall be treated as a violation of the information technology governance requirement for which the waiver was granted.
(6)Defense. After the CIO issues an order granting a waiver, the order is a defense within its terms and the specific facts indicated therein for the participating agency to which the order pertains in any proceeding in which the rule in question is sought to be invoked.

Iowa Admin. Code r. 129-8.6

Adopted by IAB December 18, 2019/Volume XLII, Number 13, effective 1/22/2020