Section 125.18 - Office of information technology - duties of director - contracts(A) There is hereby established the office of information technology within the department of administrative services. The office shall be under the supervision of a state chief information officer to be appointed by the director of administrative services and subject to removal at the pleasure of the director. The chief information officer is an assistant director of administrative services.(B) Under the direction of the director of administrative services, the state chief information officer shall lead, oversee, and direct state agency activities related to information technology development and use. In that regard, the state chief information officer shall do all of the following: (1) Coordinate and superintend statewide efforts to promote common use and development of technology by state agencies. The office of information technology shall establish policies and standards that govern and direct state agency participation in statewide programs and initiatives.(2) Coordinate with the office of procurement services to establish policies and standards for state agency acquisition of information technology supplies and services;(3) Establish policies and standards for the use of common information technology by state agencies, including, but not limited to, hardware, software, technology services, and security, and the extension of the service life of information technology systems, with which state agencies shall comply;(4) Establish criteria and review processes to identify state agency information technology projects or purchases that require alignment or oversight. As appropriate, the department of administrative services shall provide the governor and the director of budget and management with notice and advice regarding the appropriate allocation of resources for those projects. The state chief information officer may require state agencies to provide, and may prescribe the form and manner by which they must provide, information to fulfill the state chief information officer's alignment and oversight role;(5) Establish policies and procedures for the security of personal information that is maintained and destroyed by state agencies;(6) Employ a chief information security officer who is responsible for the implementation of the policies and procedures described in division (B)(5) of this section and for coordinating the implementation of those policies and procedures in all of the state agencies;(7) Employ a chief privacy officer who is responsible for advising state agencies when establishing policies and procedures for the security of personal information and developing education and training programs regarding the state's security procedures;(8) Establish policies on the purchasing, use, and reimbursement for use of handheld computing and telecommunications devices by state agency employees;(9) Establish policies for the reduction of printing and for the increased use of electronic records by state agencies;(10) Establish policies for the reduction of energy consumption by state agencies;(11) Compute the amount of revenue attributable to the amortization of all equipment purchases and capitalized systems from information technology service delivery and major information technology purchases, MARCS administration, and enterprise applications operating appropriation items and major computer purchases capital appropriation items that is recovered as part of the information technology services rates the department of administrative services charges and deposits into the information technology fund created in section 125.15 of the Revised Code, and the user fees the department of administrative services charges and deposits in the MARCS administration fund created in section 4501.29 of the Revised Code, the rates the department of administrative services charges to benefiting agencies for the operation and management of information technology applications and deposits in the enterprise applications fund. The enterprise applications fund is hereby created in the state treasury.(12) Regularly review and make recommendations regarding improving the infrastructure of the state's cybersecurity operations with existing resources and through partnerships between government, business, and institutions of higher education;(13) Assist, as needed, with general state efforts to grow the cybersecurity industry in this state.(C)(1) The chief information security officer shall assist each state agency with the development of an information technology security strategic plan and review that plan, and each state agency shall submit that plan to the state chief information officer. The chief information security officer may require that each state agency update its information technology security strategic plan annually as determined by the state chief information officer.(2) Prior to the implementation of any information technology data system, a state agency shall prepare or have prepared a privacy impact statement for that system.(D) When a state agency requests a purchase of information technology supplies or services under Chapter 125. of the Revised Code, the state chief information officer may review and reject the requested purchase for noncompliance with information technology direction, plans, policies, standards, or project-alignment criteria.(E) The office of information technology may operate technology services for state agencies in accordance with this chapter. Notwithstanding any provision of the Revised Code to the contrary, the office of information technology may assess a transaction fee on each license or registration issued as part of an electronic licensing system operated by the office in an amount determined by the office not to exceed three dollars and fifty cents. The transaction fee shall apply to all transactions, regardless of form, that immediately precede the issuance, renewal, reinstatement, reactivation of, or other activity that results in, a license or registration to operate as a regulated professional or entity. Each license or registration is a separate transaction to which a fee under this division applies. Notwithstanding any provision of the Revised Code to the contrary, if a fee is assessed under this section, no agency, board, or commission shall issue a license or registration unless a fee required by this division has been received. The director of administrative services may collect the fee or require a state agency, board, or commission for which the system is being operated to collect the fee. Amounts received under this division shall be deposited in or transferred to the occupational licensing and regulatory fund created in section 4743.05 or the Revised Code.
(F) With the approval of the director of administrative services, the office of information technology may establish cooperative agreements with federal and local government agencies and state agencies that are not under the authority of the governor for the provision of technology services and the development of technology projects.(G) The office of information technology may operate a program to make information technology purchases. The director of administrative services may recover the cost of operating the program from all participating government entities by issuing intrastate transfer voucher billings for the procured technology or through any pass-through billing method agreed to by the director of administrative services, the director of budget and management, and the participating government entities that will receive the procured technology. If the director of administrative services chooses to recover the program costs through intrastate transfer voucher billings, the participating government entities shall process the intrastate transfer vouchers to pay for the cost. Amounts received under this section for the information technology purchase program shall be deposited to the credit of the information technology governance fund created in section 125.15 of the Revised Code.
(H) Upon request from the director of administrative services, the director of budget and management may transfer cash from the information technology fund created in section 125.15 of the Revised Code, the MARCS administration fund created in section 4501.29 of the Revised Code, or the enterprise applications fund created in division (B)(11) of this section to the major information technology purchases fund in an amount not to exceed the amount computed under division (B)(11) of this section. The major information technology purchases fund is hereby created in the state treasury.(I) As used in this section:
(1) "Personal information" has the same meaning as in section 149.45 of the Revised Code.(2) "State agency" means every organized body, office, or agency established by the laws of the state for the exercise of any function of state government, other than any state-supported institution of higher education, the office of the auditor of state, treasurer of state, secretary of state, or attorney general, the adjutant general's department, the bureau of workers' compensation, the industrial commission, the public employees retirement system, the Ohio police and fire pension fund, the state teachers retirement system, the school employees retirement system, the state highway patrol retirement system, the general assembly or any legislative agency, the capitol square review advisory board, or the courts or any judicial agency.Amended by 135th General Assembly, HB 33,§101.01, eff. 10/3/2023.Amended by 134th General Assembly, HB 110,§101.01, eff. 9/30/2021.Amended by 133rd General Assembly, HB 166,§101.01, eff. 10/17/2019.Amended by 132nd General Assembly, HB 49,§101.01, eff. 9/29/2017.Amended by 130th General Assembly, HB 483,§101.01, eff. 9/15/2014.Amended by 129th General Assembly, HB 153, §101.01, eff. 6/30/2011.Amended by 128th General Assembly, HB 1, §101.01, eff. 10/16/2009.Effective Date: 09-29-2005; 2008 HB46 09-01-2008; 2008 HB562 09-22-2008.