Skip to Navigation | Skip to Main Content | Skip to Site Map | Mobile Site

Senate Tracker: Sign Up | Login

The Florida Senate

CS/CS/CS/HB 1033 — Information Technology Security

by State Affairs Committee; Government Operations Appropriations Subcommittee; Government Operations Subcommittee; Rep. Artiles and others (CS/SB 7050 by Appropriations Committee; and Governmental Oversight and Accountability Committee)

This summary is provided for information only and does not represent the opinion of any Senator, Senate Officer, or Senate Office.

Prepared by: Governmental Oversight and Accountability Committee (GO)

This bill revises the duties of the Agency for State Technology (AST). Specifically, the bill directs the AST to develop guidelines, policies and processes for state agencies to:

  • Mitigate security risks;

  • Allow state agencies to contract with a private sector vendor to complete risk assessments;

  • Establish computer security incident response teams;

  • Establish information technology security incident reporting processes to respond timely to suspected technology security incidents; and

  • Incorporate information obtained through detection and response activities into a state agency’s response plan.


The bill directs state agencies to:

  • Establish computer security incident response teams and comply with the applicable guidelines and processes establishedby the AST;

  • Incorporate information learned from incident response activities into future plans;

  • Implement risk assessment remediation plans recommended by the AST;

  • Provide cybersecurity training to employees within 30 days of employment; and

  • Provide incident and breach information to the AST and the Cybercrime Office of the FDLE within certain timeframes.


The bill revises the seven member AST Technology Advisory Council to require at least one member appointed by the Governor to be a cybersecurity expert.


The bill directs the AST, in collaboration with the Department of Management Services (DMS), to:

  • Establish an information technology policy for all information technology-related state contracts, including state term contracts for information technology commodities, consultant services, and staff augmentation services;

  • Evaluate vendor responses for state term contract solicitations and invitations to negotiate;

  • Answer vendor questions on state term contract solicitations; and

  • Ensure that the information technology policy developed herein is included in all solicitations and contracts which are administratively executed by the DMS.


The bill provides specified requirements for the information technology policy.


If approved by the Governor, these provisions take effect July 1, 2016.

Vote: Senate 38-0; House 111-0