Skip to Navigation | Skip to Main Content | Skip to Site Map

MyFloridaHouse.gov | Mobile Site

Senate Tracker: Sign Up | Login

The Florida Senate

2010 Florida Statutes

Chapter 282
COMMUNICATIONS AND DATA PROCESSING
CHAPTER 282
CHAPTER 282
COMMUNICATIONS AND DATA PROCESSING
PART I

ENTERPRISE INFORMATION TECHNOLOGY SERVICES MANAGEMENT

(ss. 282.003-282.34)
PART II

ACCESSIBILITY OF INFORMATION AND TECHNOLOGY

(ss. 282.601-282.606)
PART III

COMMUNICATION INFORMATION TECHNOLOGY SERVICES

(ss. 282.701-282.711)
PART I

ENTERPRISE INFORMATION TECHNOLOGY
SERVICES MANAGEMENT

282.003
Short title.
282.0041
Definitions.
282.0055
Assignment of information technology.
282.0056
Development of work plan; development of implementation plans; and policy recommendations.
282.201
State data center system; agency duties and limitations.
282.203
Primary data centers.
282.204
Northwood Shared Resource Center.
282.205
Southwood Shared Resource Center.
282.3055
Agency chief information officer; appointment; duties.
282.315
Agency Chief Information Officers Council; creation.
282.318
Enterprise security of data and information technology.
282.322
Special monitoring process for designated information resources management projects.
282.33
Objective standards for data center energy efficiency.
282.34
Statewide e-mail service.
282.003

Short title.

This part may be cited as the “Enterprise Information Technology Services Management Act.”

History.

s. 8, ch. 87-137; s. 1, ch. 92-98; s. 93, ch. 92-142; s. 4, ch. 96-390; s. 7, ch. 97-286; s. 45, ch. 99-13; s. 4, ch. 2008-116; s. 5, ch. 2009-80.

282.0041

Definitions.

As used in this chapter, the term:

(1)

“Agency” has the same meaning as in s. 216.011(1)(qq), except that for purposes of this chapter, “agency” does not include university boards of trustees or state universities.

(2)

“Agency chief information officer” means the person employed by the agency head to coordinate and manage the information technology functions and responsibilities applicable to that agency, to participate and represent the agency in developing strategies for implementing enterprise information technology services established pursuant to this part, and to develop recommendations for enterprise information technology policy.

(3)

“Agency Chief Information Officers Council” means the council created in s. 282.315.

(4)

“Agency for Enterprise Information Technology” means the agency created in s. 14.204.

(5)

“Agency information technology service” means a service that directly helps an agency fulfill its statutory or constitutional responsibilities and policy objectives and is usually associated with the agency’s primary or core business functions.

(6)

“Annual budget meeting” means a meeting of the board of trustees of a primary data center to review data center usage to determine the apportionment of board members for the following fiscal year, review rates for each service provided, and determine any other required changes.

(7)

“Breach” has the same meaning as in s. 817.5681(4).

(8)

“Business continuity plan” means a plan for disaster recovery which provides for the continued functioning of a primary data center during and after a disaster.

(9)

“Computing facility” means agency space containing fewer than a total of 10 physical or logical servers, any of which supports a strategic or nonstrategic information technology service, as described in budget instructions developed pursuant to s. 216.023, but excluding single, logical-server installations that exclusively perform a utility function such as file and print servers.

(10)

“Customer entity” means an entity that obtains services from a primary data center.

(11)

“Data center” means agency space containing 10 or more physical or logical servers any of which supports a strategic or nonstrategic information technology service, as described in budget instructions developed pursuant to s. 216.023.

(12)

“Department” means the Department of Management Services.

(13)

“Enterprise information technology service” means an information technology service that is used in all agencies or a subset of agencies and is established in law to be designed, delivered, and managed at the enterprise level.

(14)

“E-mail, messaging, and calendaring service” means the enterprise information technology service that enables users to send, receive, file, store, manage, and retrieve electronic messages, attachments, appointments, and addresses.

(15)

“Information-system utility” means a full-service information-processing facility offering hardware, software, operations, integration, networking, and consulting services.

(16)

“Information technology” means equipment, hardware, software, firmware, programs, systems, networks, infrastructure, media, and related material used to automatically, electronically, and wirelessly collect, receive, access, transmit, display, store, record, retrieve, analyze, evaluate, process, classify, manipulate, manage, assimilate, control, communicate, exchange, convert, converge, interface, switch, or disseminate information of any kind or form.

(17)

“Information technology policy” means statements that describe clear choices for how information technology will deliver effective and efficient government services to residents and improve state agency operations. A policy may relate to investments, business applications, architecture, or infrastructure. A policy describes its rationale, implications of compliance or noncompliance, the timeline for implementation, metrics for determining compliance, and the accountable structure responsible for its implementation.

(18)

“Performance metrics” means the measures of an organization’s activities and performance.

(19)

“Primary data center” means a state or nonstate agency data center that is a recipient entity for consolidation of nonprimary data centers and computing facilities. A primary data center may be authorized in law or designated by the Agency for Enterprise Information Technology pursuant to s. 282.201.

(20)

“Project” means an endeavor that has a defined start and end point; is undertaken to create or modify a unique product, service, or result; and has specific objectives that, when attained, signify completion.

(21)

“Risk analysis” means the process of identifying security risks, determining their magnitude, and identifying areas needing safeguards.

(22)

“Service level” means the key performance indicators (KPI) of an organization or service which must be regularly performed, monitored, and achieved.

(23)

“Service-level agreement” means a written contract between a data center and a customer entity which specifies the scope of services provided, service level, the duration of the agreement, the responsible parties, and service costs. A service-level agreement is not a rule pursuant to chapter 120.

(24)

“Standards” means required practices, controls, components, or configurations established by an authority.

(25)

“SUNCOM Network” means the state enterprise telecommunications system that provides all methods of electronic or optical telecommunications beyond a single building or contiguous building complex and used by entities authorized as network users under this part.

(26)

“Telecommunications” means the science and technology of communication at a distance, including electronic systems used in the transmission or reception of information.

(27)

“Threat” means any circumstance or event that may cause harm to the integrity, availability, or confidentiality of information technology resources.

(28)

“Total cost” means all costs associated with information technology projects or initiatives, including, but not limited to, value of hardware, software, service, maintenance, incremental personnel, and facilities. Total cost of a loan or gift of information technology resources to an agency includes the fair market value of the resources.

(29)

“Usage” means the billing amount charged by the primary data center, less any pass-through charges, to the customer entity.

(30)

“Usage rate” means a customer entity’s usage or billing amount as a percentage of total usage.

History.

ss. 3, 11, ch. 83-92; s. 17, ch. 87-137; ss. 10, 11, ch. 90-160; s. 4, ch. 91-171; s. 10, ch. 91-221; s. 5, ch. 91-429; s. 3, ch. 92-98; s. 95, ch. 92-142; s. 14, ch. 94-226; s. 11, ch. 94-340; s. 9, ch. 97-286; s. 16, ch. 2000-164; s. 51, ch. 2001-61; s. 10, ch. 2001-261; s. 4, ch. 2007-105; s. 5, ch. 2008-116; s. 6, ch. 2009-80; s. 5, ch. 2010-78; s. 9, ch. 2010-148.

Note.

Former s. 282.303.

282.0055

Assignment of information technology.

In order to ensure the most effective and efficient use of the state’s information technology and information technology resources and notwithstanding other provisions of law to the contrary, policies for the design, planning, project management, and implementation of enterprise information technology services shall be the responsibility of the Agency for Enterprise Information Technology for executive branch agencies created or authorized in statute to perform legislatively delegated functions. The supervision, design, delivery, and management of agency information technology shall remain within the responsibility and control of the individual state agency.

History.

s. 5, ch. 2007-105; s. 6, ch. 2008-116.

282.0056

Development of work plan; development of implementation plans; and policy recommendations.

(1)

For the purposes of carrying out its responsibilities under s. 282.0055, the Agency for Enterprise Information Technology shall develop an annual work plan within 60 days after the beginning of the fiscal year describing the activities that the agency intends to undertake for that year, including proposed outcomes and completion timeframes. The work plan must be presented at a public hearing that includes the Agency Chief Information Officers Council, which may review and comment on the plan. The work plan must thereafter be approved by the Governor and Cabinet and submitted to the President of the Senate and the Speaker of the House of Representatives. The work plan may be amended as needed, subject to approval by the Governor and Cabinet.

(2)

The agency may develop and submit to the President of the Senate, the Speaker of the House of Representatives, and the Governor by October 1 of each year implementation plans for proposed enterprise information technology services to be established in law.

(3)

In developing policy recommendations and implementation plans for established and proposed enterprise information technology services, the agency shall describe the scope of operation, conduct costs and requirements analyses, conduct an inventory of all existing information technology resources that are associated with each service, and develop strategies and timeframes for statewide migration.

(4)

For the purpose of completing its work activities, each state agency shall provide to the agency all requested information, including, but not limited to, the state agency’s costs, service requirements, and equipment inventories.

(5)

Within 60 days after the end of each fiscal year, the agency shall report to the Governor and Cabinet, the President of the Senate, and the Speaker of the House of Representatives on what was achieved or not achieved in the prior year’s work plan.

History.

s. 6, ch. 2007-105; s. 7, ch. 2008-116; s. 7, ch. 2009-80.

282.201

State data center system; agency duties and limitations.

A state data center system that includes all primary data centers, other nonprimary data centers, and computing facilities, and that provides an enterprise information technology service as defined in s. 282.0041, is established.

(1)

INTENT.The Legislature finds that the most efficient and effective means of providing quality utility data processing services to state agencies requires that computing resources be concentrated in quality facilities that provide the proper security, infrastructure, and staff resources to ensure that the state’s data is maintained reliably and safely, and is recoverable in the event of a disaster. Efficiencies resulting from such consolidation include the increased ability to leverage technological expertise and hardware and software capabilities; increased savings through consolidated purchasing decisions; and the enhanced ability to deploy technology improvements and implement new policies consistently throughout the consolidated organization. Therefore it is the intent of the Legislature that agency data centers and computing facilities be consolidated into primary data centers to the maximum extent possible by 2019.

(2)

AGENCY FOR ENTERPRISE INFORMATION TECHNOLOGY DUTIES.The Agency for Enterprise Information Technology shall:

(a)

Collect and maintain information necessary for developing policies relating to the data center system, including, but not limited to, an inventory of facilities.

(b)

Annually approve cost-recovery mechanisms and rate structures for primary data centers which recover costs through charges to customer entities.

(c)

By December 31 of each year, submit to the Legislature recommendations to improve the efficiency and effectiveness of computing services provided by state data center system facilities. Such recommendations may include, but need not be limited to:

1.

Policies for improving the cost-effectiveness and efficiency of the state data center system.

2.

Infrastructure improvements supporting the consolidation of facilities or preempting the need to create additional data centers or computing facilities.

3.

Standards for an objective, credible energy performance rating system that data center boards of trustees can use to measure state data center energy consumption and efficiency on a biannual basis.

4.

Uniform disaster recovery standards.

5.

Standards for primary data centers providing transparent financial data to user agencies.

6.

Consolidation of contract practices or coordination of software, hardware, or other technology-related procurements.

7.

Improvements to data center governance structures.

(d)

By October 1 of each year beginning in 2009, recommend to the Governor and Legislature at least two nonprimary data centers for consolidation into a primary data center or nonprimary data center facility.

1.

The consolidation proposal must provide a transition plan that includes:

a.

Estimated transition costs for each data center or computing facility recommended for consolidation;

b.

Detailed timeframes for the complete transition of each data center or computing facility recommended for consolidation;

c.

Proposed recurring and nonrecurring fiscal impacts, including increased or decreased costs and associated budget impacts for affected budget entities;

d.

Substantive legislative changes necessary to implement the transition; and

e.

Identification of computing resources to be transferred and those that will remain in the agency. The transfer of resources must include all hardware, software, staff, contracted services, and facility resources performing data center management and operations, security, backup and recovery, disaster recovery, system administration, database administration, system programming, job control, production control, print, storage, technical support, help desk, and managed services but excluding application development.

2.

Recommendations shall be based on the goal of maximizing current and future cost savings. The agency shall consider the following criteria in selecting consolidations that maximize efficiencies by providing the ability to:

a.

Consolidate purchase decisions;

b.

Leverage expertise and other resources to gain economies of scale;

c.

Implement state information technology policies more effectively;

d.

Maintain or improve the level of service provision to customer entities; and

e.

Make progress towards the state’s goal of consolidating data centers and computing facilities into primary data centers.

3.

The agency shall establish workgroups as necessary to ensure participation by affected agencies in the development of recommendations related to consolidations.

(e)

By December 31, 2010, the agency shall develop and submit to the Legislature an overall consolidation plan for state data centers. The plan shall indicate a timeframe for the consolidation of all remaining nonprimary data centers into primary data centers, including existing and proposed primary data centers, by 2019.

(f)

Develop and establish rules relating to the operation of the state data center system which comply with applicable federal regulations, including 2 C.F.R. part 225 and 45 C.F.R. The rules may address:

1.

Ensuring that financial information is captured and reported consistently and accurately.

2.

Requiring the establishment of service-level agreements executed between a data center and its customer entities for services provided.

3.

Requiring annual full cost recovery on an equitable rational basis. The cost-recovery methodology must ensure that no service is subsidizing another service and may include adjusting the subsequent year’s rates as a means to recover deficits or refund surpluses from a prior year.

4.

Requiring that any special assessment imposed to fund expansion is based on a methodology that apportions the assessment according to the proportional benefit to each customer entity.

5.

Requiring that rebates be given when revenues have exceeded costs, that rebates be applied to offset charges to those customer entities that have subsidized the costs of other customer entities, and that such rebates may be in the form of credits against future billings.

6.

Requiring that all service-level agreements have a contract term of up to 3 years, but may include an option to renew for up to 3 additional years contingent on approval by the board, and require at least a 180-day notice of termination.

7.

Designating any nonstate data center as a primary data center if the center:

a.

Has an established governance structure that represents customer entities proportionally.

b.

Maintains an appropriate cost-allocation methodology that accurately bills a customer entity based on the actual direct and indirect costs to the customer entity, and prohibits the subsidization of one customer entity’s costs by another entity.

c.

Has sufficient raised floor space, cooling, and redundant power capacity, including uninterruptible power supply and backup power generation, to accommodate the computer processing platforms and support necessary to host the computing requirements of additional customer entities.

8.

Removing a nonstate data center from primary data center designation if the nonstate data center fails to meet standards necessary to ensure that the state’s data is maintained pursuant to subparagraph 7.

(3)

STATE AGENCY DUTIES.

(a)

For the purpose of completing its work activities as described in subsection (1), each state agency shall provide to the Agency for Enterprise Information Technology all requested information and any other information relevant to the agency’s ability to effectively transition its computer services into a primary data center. The agency shall also participate as required in workgroups relating to specific consolidation planning and implementation tasks as assigned by the Agency for Enterprise Information Technology and determined necessary to accomplish consolidation goals.

(b)

Each state agency shall submit to the Agency for Enterprise Information Technology information relating to its data centers and computing facilities as required in instructions issued by July 1 of each year by the Agency for Enterprise Information Technology. The information required may include:

1.

Amount of floor space used and available.

2.

Numbers and capacities of mainframes and servers.

3.

Storage and network capacity.

4.

Amount of power used and the available capacity.

5.

Estimated expenditures by service area, including hardware and software, numbers of full-time equivalent positions, personnel turnover, and position reclassifications.

6.

A list of contracts in effect for the fiscal year, including, but not limited to, contracts for hardware, software and maintenance, including the expiration date, the contract parties, and the cost of the contract.

7.

Service-level agreements by customer entity.

(c)

The chief information officer of each state agency shall assist the Agency for Enterprise Information Technology at the request of the Agency for Enterprise Information Technology.

(d)

Each state agency customer of a primary data center shall notify the data center, by May 31 and November 30 of each year, of any significant changes in anticipated utilization of data center services pursuant to requirements established by the boards of trustees of each primary data center.

(4)

AGENCY LIMITATIONS.

(a)

Unless authorized by the Legislature or as provided in paragraphs (b) and (c), a state agency may not:

1.

Create a new computing facility or data center, or expand the capability to support additional computer equipment in an existing computing facility or nonprimary data center;

2.

Transfer existing computer services to a nonprimary data center or computing facility;

3.

Terminate services with a primary data center or transfer services between primary data centers without giving written notice of intent to terminate or transfer services 180 days before such termination or transfer; or

4.

Initiate a new computer service if it does not currently have an internal data center except with a primary data center.

(b)

Exceptions to the limitations in subparagraphs (a)1., 2., and 4. may be granted by the Agency for Enterprise Information Technology if there is insufficient capacity in a primary data center to absorb the workload associated with agency computing services.

1.

A request for an exception must be submitted in writing to the Agency for Enterprise Information Technology. The agency must accept, accept with conditions, or deny the request within 60 days after receipt of the written request. The agency’s decision is not subject to chapter 120.

2.

At a minimum, the agency may not approve a request unless it includes:

a.

Documentation approved by the primary data center’s board of trustees which confirms that the center cannot meet the capacity requirements of the agency requesting the exception within the current fiscal year.

b.

A description of the capacity requirements of the agency requesting the exception.

c.

Documentation from the agency demonstrating why it is critical to the agency’s mission that the expansion or transfer must be completed within the fiscal year rather than when capacity is established at a primary data center.

(c)

Exceptions to subparagraph (a)3. may be granted by the board of trustees of the primary data center if the termination or transfer of services can be absorbed within the current cost-allocation plan.

(d)

Upon the termination of or transfer of agency computing services from the primary data center, the primary data center shall require information sufficient to determine compliance with this section. If a primary data center determines that an agency is in violation of this section, it shall report the violation to the Agency for Enterprise Information Technology.

(5)

RULES.The Agency for Enterprise Information Technology is authorized to adopt rules pursuant to ss. 120.536(1) and 120.54 to administer the provisions of this part relating to the state data center system including the primary data centers.

History.

s. 8, ch. 2008-116; s. 24, ch. 2009-21; s. 8, ch. 2009-80; s. 44, ch. 2010-5; s. 2, ch. 2010-148.

282.203

Primary data centers.

(1)

DATA CENTER DUTIES.Each primary data center shall:

(a)

Serve customer entities as an information-system utility.

(b)

Cooperate with customer entities to offer, develop, and support the services and applications as defined and provided by the center’s board of trustees and customer entities.

(c)

Comply with rules adopted by the Agency for Enterprise Information Technology, pursuant to this section, and coordinate with the agency in the consolidation of data centers.

(d)

Provide transparent financial statements to customer entities, the center’s board of trustees, and the Agency for Enterprise Information Technology. The financial statements shall be provided as follows:

1.

Annually, by July 30 for the current fiscal year and by December 1 for the subsequent fiscal year, the data center must provide the total annual budgeted costs by major expenditure category, including, but not limited to, salaries, expense, operating capital outlay, contracted services, or other personnel services, which directly relate to the provision of each service and which separately indicate the administrative overhead allocated to each service.

2.

Annually, by July 30 for the current fiscal year and by December 1 for the subsequent fiscal year, the data center must provide total projected billings for each customer entity which are required to recover the costs of the data center.

3.

Annually, by January 31, the data center must provide updates of the financial statements required under subparagraphs 1. and 2. for the current fiscal year.

4.

By February 15, for proposed legislative budget increases, the data center must provide updates of the financial statements required under subparagraphs 1. and 2. for the subsequent fiscal year.

The financial information required under subparagraphs 1., 2., and 3. must be based on current law and current appropriations.

(e)

Annually, by October 1, submit to the board of trustees cost-reduction proposals, including strategies and timetables for lowering customer entities’ costs without reducing the level of services.

(f)

By December 31, 2010, submit organizational plans that minimize the annual recurring cost of center operations and eliminate the need for state agency customers to maintain data center skills and staff within their agency. The plans shall:

1.

Establish an efficient organizational structure describing the roles and responsibilities of all positions and business units in the centers;

2.

Define a human resources planning and management process that shall be used to make required center staffing decisions; and

3.

Develop a process for projecting staffing requirements based on estimated workload identified in customer agency service level agreements.

(g)

Maintain the performance of the facility, which includes ensuring proper data backup, data backup recovery, an effective disaster recovery plan, and appropriate security, power, cooling and fire suppression, and capacity.

(h)

Develop a business continuity plan and conduct a live exercise of the plan at least annually. The plan must be approved by the board and the Agency for Enterprise Information Technology.

(i)

Enter into a service-level agreement with each customer entity to provide services as defined and approved by the board in compliance with rules of the Agency for Enterprise Information Technology. A service-level agreement may not have a term exceeding 3 years but may include an option to renew for up to 3 years contingent on approval by the board.

1.

A service-level agreement, at a minimum, must:

a.

Identify the parties and their roles, duties, and responsibilities under the agreement;

b.

Identify the legal authority under which the service-level agreement was negotiated and entered into by the parties;

c.

State the duration of the contractual term and specify the conditions for contract renewal;

d.

Prohibit the transfer of computing services between primary data center facilities without at least 180 days’ notice of service cancellation;

e.

Identify the scope of work;

f.

Identify the products or services to be delivered with sufficient specificity to permit an external financial or performance audit;

g.

Establish the services to be provided, the business standards that must be met for each service, the cost of each service, and the process by which the business standards for each service are to be objectively measured and reported;

h.

Identify applicable funds and funding streams for the services or products under contract;

i.

Provide a timely billing methodology for recovering the cost of services provided to the customer entity;

j.

Provide a procedure for modifying the service-level agreement to address changes in projected costs of service;

k.

Provide that a service-level agreement may be terminated by either party for cause only after giving the other party and the Agency for Enterprise Information Technology notice in writing of the cause for termination and an opportunity for the other party to resolve the identified cause within a reasonable period; and

l.

Provide for mediation of disputes by the Division of Administrative Hearings pursuant to s. 120.573.

2.

A service-level agreement may include:

a.

A dispute resolution mechanism, including alternatives to administrative or judicial proceedings;

b.

The setting of a surety or performance bond for service-level agreements entered into with nonstate agency primary data centers, which may be designated by the Agency for Enterprise Information Technology; or

c.

Additional terms and conditions as determined advisable by the parties if such additional terms and conditions do not conflict with the requirements of this section or rules adopted by the Agency for Enterprise Information Technology.

3.

The failure to execute a service-level agreement within 60 days after service commencement shall, in the case of an existing customer entity, result in a continuation of the terms of the service-level agreement from the prior fiscal year, including any amendments that were formally proposed to the customer entity by the primary data center within the 3 months before service commencement, and a revised cost-of-service estimate. If a new customer entity fails to execute an agreement within 60 days after service commencement, the data center may cease services.

(j)

Plan, design, establish pilot projects for, and conduct experiments with information technology resources, and implement enhancements in services if such implementation is cost-effective and approved by the board.

(k)

Enter into a memorandum of understanding with the agency where the data center is administratively located which establishes the services to be provided by that agency to the data center and the cost of such services.

(l)

Be the custodian of resources and equipment that are located, operated, supported, and managed by the center for the purposes of chapter 273.

(2)

BOARD OF TRUSTEES.Each primary data center shall be headed by a board of trustees as defined in s. 20.03.

(a)

The members of the board shall be appointed by the agency head or chief executive officer of the representative customer entities of the primary data center and shall serve at the pleasure of the appointing customer entity.

1.

For each of the first 2 fiscal years that a center is in operation, membership shall be as provided in subparagraph 3. based on projected customer entity usage rates for the fiscal operating year of the primary data center. However, at a minimum:

a.

During the Southwood Shared Resource Center’s first 2 operating years, the Department of Transportation, the Department of Highway Safety and Motor Vehicles, the Department of Health, and the Department of Revenue must each have at least one trustee.

b.

During the Northwood Shared Resource Center’s first operating year, the Department of State and the Department of Education must each have at least one trustee.

2.

After the second full year of operation, membership shall be as provided in subparagraph 3. based on the most recent estimate of customer entity usage rates for the prior year and a projection of usage rates for the first 9 months of the next fiscal year. Such calculation must be completed before the annual budget meeting held before the beginning of the next fiscal year so that any decision to add or remove board members can be voted on at the budget meeting and become effective on July 1 of the subsequent fiscal year.

3.

Each customer entity that has a projected usage rate of 4 percent or greater during the fiscal operating year of the primary data center shall have one trustee on the board.

4.

The total number of votes for each trustee shall be apportioned as follows:

a.

Customer entities of a primary data center whose usage rate represents 4 but less than 15 percent of total usage shall have one vote.

b.

Customer entities of a primary data center whose usage rate represents 15 but less than 30 percent of total usage shall have two votes.

c.

Customer entities of a primary data center whose usage rate represents 30 but less than 50 percent of total usage shall have three votes.

d.

A customer entity of a primary data center whose usage rate represents 50 percent or more of total usage shall have four votes.

e.

A single trustee having one vote shall represent those customer entities that represent less than 4 percent of the total usage. The trustee shall be selected by a process determined by the board.

(b)

Before July 1 of each year, each board of trustees of a primary data center shall elect a chair and a vice chair to a term of 1 year or until a successor is elected. The vice chair shall serve in the absence of the chair. The chair may be elected to serve one additional successive term.

(c)

Members of the board representing customer entities who fail to timely pay for data center services do not have voting rights.

(d)

A majority of the members constitutes a quorum. The board shall take action by a majority vote of the members if a quorum is present. If there is a tie, the chair shall be on the prevailing side.

(e)

The executive director of the Agency for Enterprise Information Technology shall be the advisor to the board.

(f)

To facilitate planned data center consolidations, board membership may be adjusted as provided in the General Appropriations Act.

(3)

BOARD DUTIES.Each board of trustees of a primary data center shall:

(a)

Employ an executive director, pursuant to s. 20.05, who serves at the pleasure of the board. The executive director is responsible for the daily operation of the primary data center, ensuring compliance with all laws and rules regulating the primary data center, managing primary data center employees, and the performance of the primary data center. The board shall establish an annual performance evaluation process for the executive director. The appointment of the executive director must be reconfirmed by the board biennially.

(b)

Establish procedures for the primary data center to ensure that budgeting and accounting procedures, cost-recovery methodologies, and operating procedures are in compliance with laws governing the state data center system, rules adopted by the Agency for Enterprise Information Technology, and applicable federal regulations, including 2 C.F.R. part 225 and 45 C.F.R.

(c)

Monitor the operation of the primary data center to ensure compliance by the executive director and employees with laws and rules governing the primary data center, and ensure that staff members are accountable for the performance of the primary data center.

(d)

Provide each customer entity with full disclosure concerning plans for new, additional, or reduced service requirements, including expected achievable service levels and performance metrics.

(e)

Ensure the sufficiency and transparency of the primary data center financial information by:

1.

Establishing policies that ensure that cost-recovery methodologies, billings, receivables, expenditure, budgeting, and accounting data are captured and reported timely, consistently, accurately, and transparently and, upon adoption of rules by the Agency for Enterprise Information Technology, are in compliance with such rules.

2.

Requiring execution of service-level agreements by the data center and each customer entity for services provided by the data center to the customer entity.

3.

Requiring cost recovery for the full cost of services, including direct and indirect costs. The cost-recovery methodology must ensure that no service is subsidizing another service without an affirmative vote of approval by the customer entity providing the subsidy.

4.

Establishing special assessments to fund expansions based on a methodology that apportions the assessment according to the proportional benefit to each customer entity.

5.

Providing rebates to customer entities when revenues exceed costs and offsetting charges to those who have subsidized other customer entity costs based on actual prior year final expenditures. Rebates may be credited against future billings.

6.

Approving all expenditures committing over $50,000 in a fiscal year.

7.

Projecting costs and revenues at the beginning of the third quarter of each fiscal year through the end of the fiscal year. If in any given fiscal year the primary data center is projected to earn revenues that are below costs for that fiscal year after first reducing operating costs where possible, the board shall implement any combination of the following remedies to cover the shortfall:

a.

The board may direct the primary data center to adjust current year chargeback rates through the end of the fiscal year to cover the shortfall. The rate adjustments shall be implemented using actual usage rate and billing data from the first three quarters of the fiscal year and the same principles used to set rates for the fiscal year.

b.

The board may direct the primary data center to levy one-time charges on all customer entities to cover the shortfall. The one-time charges shall be implemented using actual usage rate and billing data from the first three quarters of the fiscal year and the same principles used to set rates for the fiscal year.

c.

The customer entities represented by each board member may provide payments to cover the shortfall in proportion to the amounts each entity paid in the prior fiscal year.

(f)

Meet as often as necessary, but not less than once per quarter, and hold the annual budget meeting between April 1 and June 30 of each year.

(g)

Approve the portfolio of services offered by the data center.

(h)

By July 1 of each year, submit to the Agency for Enterprise Information Technology proposed cost-recovery mechanisms and rate structures for all customer entities for the fiscal year including the cost-allocation methodology for administrative expenditures and the calculation of administrative expenditures as a percent of total costs.

(i)

Consider energy-efficient products and their total cost of ownership when replacing, upgrading, or expanding:

1.

Data center facilities, including, but not limited to, environmental, power, and control systems; and

2.

Data center network, storage, and computer equipment. If the total cost of ownership, including initial acquisition cost, is estimated to be equal to or lower than existing infrastructure, technical specifications for energy-efficient products should be incorporated into the replacement, upgrade, or expansion planning and acquisition process.

(j)

Maintain the capabilities of the primary data center’s facilities. Maintenance responsibilities include, but are not limited to, ensuring that adequate conditioned floor space, fire suppression, cooling, and power is in place; replacing aging equipment when necessary; and making decisions related to data center expansion and renovation, periodic upgrades, and improvements that are required to ensure the ongoing suitability of the facility as an enterprise data center consolidation site in the state data center system. To the extent possible, the board shall ensure that its approved annual cost-allocation plan recovers sufficient funds from its customers to provide for these needs pursuant to s. 282.201(2)(e).

(k)

Coordinate with other primary data centers and the Agency for Enterprise Information Technology in order to consolidate purchases of goods and services and lower the cost of providing services to customer entities.

(l)

Contract with other primary data centers for the provision of administrative services or with the agency within which the primary data center is housed, whichever is most cost-effective.

History.

s. 9, ch. 2008-116; s. 9, ch. 2009-80; s. 3, ch. 2010-148.

282.204

Northwood Shared Resource Center.

The Northwood Shared Resource Center is an agency established within the Department of Children and Family Services for administrative purposes only.

(1)

The center is a primary data center and shall be a separate budget entity that is not subject to control, supervision, or direction of the department in any manner, including, but not limited to, purchasing, transactions involving real or personal property, personnel, or budgetary matters.

(2)

The center shall be headed by a board of trustees as provided in s. 282.203, who shall comply with all requirements of that section related to the operation of the center and with the rules of the Agency for Enterprise Information Technology related to the design and delivery of enterprise information technology services.

History.

s. 10, ch. 2008-116; s. 10, ch. 2009-80; s. 45, ch. 2010-5; s. 4, ch. 2010-148.

282.205

Southwood Shared Resource Center.

The Southwood Shared Resource Center is an agency established within the department for administrative purposes only.

(1)

The center is designated as a primary data center and shall be a separate budget entity that is not subject to control, supervision, or direction of the department in any manner, including, but not limited to, purchasing, transactions involving real or personal property, personnel, or budgetary matters.

(2)

The center shall be headed by a board of trustees as provided in s. 282.203, who shall comply with all requirements of that section related to the operation of the center and with the rules of the Agency for Enterprise Information Technology related to the design and delivery of enterprise information technology services.

History.

s. 11, ch. 2008-116; s. 11, ch. 2009-80.

282.3055

Agency chief information officer; appointment; duties.

(1)(a)

Each agency head shall appoint or contract for an agency chief information officer.

(b)

The agency chief information officer must, at a minimum, have knowledge and experience in both management and information technology resources.

(2)

The duties of the agency chief information officer include, but are not limited to:

(a)

Coordinating and facilitating the planning and management of agency information technology services.

(b)

Implementing agency information technology planning and management procedures, guidelines, and standards that are consistent with the procedures and standards adopted by the Agency for Enterprise Information Technology.

(c)

Advising agency senior management as to the information technology resource planning and management needs of the agency.

(d)

Assisting in the development and prioritization of the information technology resource needs for the agency’s legislative budget request.

(e)

Assisting the Agency for Enterprise Information Technology in the development of strategies for implementing the enterprise information technology services established in law and developing recommendations for enterprise information technology policy.

History.

s. 10, ch. 97-286; s. 20, ch. 2000-164; s. 23, ch. 2001-261; s. 8, ch. 2007-105.

282.315

Agency Chief Information Officers Council; creation.

The Legislature finds that enhancing communication, consensus building, coordination, and facilitation with respect to issues concerning enterprise information technology resources are essential to improving the management of such resources.

(1)

There is created an Agency Chief Information Officers Council to:

(a)

Enhance communication and collaboration among the Agency Chief Information Officers and the Agency for Enterprise Information Technology.

(b)

Identify and recommend best practices that are characteristic of highly successful technology organizations, as well as exemplary information technology applications for use by state agencies, and assist the Agency for Enterprise Information Technology in developing strategies for implementing the enterprise information technology services established in law and developing recommendations for enterprise information technology policy.

(c)

Identify efficiency opportunities among state agencies and make recommendations for action to the Agency for Enterprise Information Technology. This includes recommendations relating to the consolidation of agency data center and computing facilities, including operational policies, procedures and standards for the consolidated facilities, and procedures and standards for planning the migration to consolidated facilities.

(d)

Assist the Agency for Enterprise Information Technology in identifying critical enterprise information technology issues and, when appropriate, make recommendations for solving enterprise resource planning and management deficiencies.

(e)

Annually, by October 1, identify information technology products, as defined in s. 282.0041, which, if purchased in a consolidated manner, would result in savings to the state, and develop recommendations regarding a process for consolidating such purchases. The council shall transmit its recommendations to the Agency for Enterprise Information Technology.

(2)

Members of the council shall include the Agency Chief Information Officers, including the Chief Information Officers of the agencies and governmental entities, except that there shall be one Chief Information Officer selected by the state attorneys and one Chief Information Officer selected by the public defenders. The council shall appoint a chair, vice chair, and secretary from among its members to a 1-year term each. The council shall establish procedures governing council business.

(3)

The Agency for Enterprise Information Technology shall provide administrative support to the council.

History.

s. 10, ch. 97-286; s. 24, ch. 2000-164; s. 25, ch. 2001-261; s. 9, ch. 2007-105; s. 12, ch. 2008-116; s. 5, ch. 2010-148.

282.318

Enterprise security of data and information technology.

(1)

This section may be cited as the “Enterprise Security of Data and Information Technology Act.”

(2)

Information technology security is established as an enterprise information technology service as defined in s. 282.0041.

(3)

The Office of Information Security within the Agency for Enterprise Information Technology is responsible for establishing rules and publishing guidelines for ensuring an appropriate level of security for all data and information technology resources for executive branch agencies. The office shall also perform the following duties and responsibilities:

(a)

Develop, and annually update by February 1, an enterprise information security strategic plan that includes security goals and objectives for the strategic issues of information security policy, risk management, training, incident management, and survivability planning.

(b)

Develop enterprise security rules and published guidelines for:

1.

Comprehensive risk analyses and information security audits conducted by state agencies.

2.

Responding to suspected or confirmed information security incidents, including suspected or confirmed breaches of personal information or exempt data.

3.

Agency security plans, including strategic security plans and security program plans.

4.

The recovery of information technology and data following a disaster.

5.

The managerial, operational, and technical safeguards for protecting state government data and information technology resources.

(c)

Assist agencies in complying with the provisions of this section.

(d)

Pursue appropriate funding for the purpose of enhancing domestic security.

(e)

Provide training for agency information security managers.

(f)

Annually review the strategic and operational information security plans of executive branch agencies.

(4)

To assist the Office of Information Security in carrying out its responsibilities, each agency head shall, at a minimum:

(a)

Designate an information security manager to administer the security program of the agency for its data and information technology resources. This designation must be provided annually in writing to the office by January 1.

(b)

Submit to the office annually by July 31, the agency’s strategic and operational information security plans developed pursuant to the rules and guidelines established by the office.

1.

The agency strategic information security plan must cover a 3-year period and define security goals, intermediate objectives, and projected agency costs for the strategic issues of agency information security policy, risk management, security training, security incident response, and survivability. The plan must be based on the enterprise strategic information security plan created by the office. Additional issues may be included.

2.

The agency operational information security plan must include a progress report for the prior operational information security plan and a project plan that includes activities, timelines, and deliverables for security objectives that, subject to current resources, the agency will implement during the current fiscal year. The cost of implementing the portions of the plan which cannot be funded from current resources must be identified in the plan.

(c)

Conduct, and update every 3 years, a comprehensive risk analysis to determine the security threats to the data, information, and information technology resources of the agency. The risk analysis information is confidential and exempt from the provisions of s. 119.07(1), except that such information shall be available to the Auditor General and the Agency for Enterprise Information Technology for performing postauditing duties.

(d)

Develop, and periodically update, written internal policies and procedures, which include procedures for notifying the office when a suspected or confirmed breach, or an information security incident, occurs. Such policies and procedures must be consistent with the rules and guidelines established by the office to ensure the security of the data, information, and information technology resources of the agency. The internal policies and procedures that, if disclosed, could facilitate the unauthorized modification, disclosure, or destruction of data or information technology resources are confidential information and exempt from s. 119.07(1), except that such information shall be available to the Auditor General and the Agency for Enterprise Information Technology for performing postauditing duties.

(e)

Implement appropriate cost-effective safeguards to address identified risks to the data, information, and information technology resources of the agency.

(f)

Ensure that periodic internal audits and evaluations of the agency’s security program for the data, information, and information technology resources of the agency are conducted. The results of such audits and evaluations are confidential information and exempt from s. 119.07(1), except that such information shall be available to the Auditor General and the Agency for Enterprise Information Technology for performing postauditing duties.

(g)

Include appropriate security requirements in the written specifications for the solicitation of information technology and information technology resources and services, which are consistent with the rules and guidelines established by the office.

(h)

Provide security awareness training to employees and users of the agency’s communication and information resources concerning information security risks and the responsibility of employees and users to comply with policies, standards, guidelines, and operating procedures adopted by the agency to reduce those risks.

(i)

Develop a process for detecting, reporting, and responding to suspected or confirmed security incidents, including suspected or confirmed breaches consistent with the security rules and guidelines established by the office.

1.

Suspected or confirmed information security incidents and breaches must be immediately reported to the office.

2.

For incidents involving breaches, agencies shall provide notice in accordance with s. 817.5681 and to the office in accordance with this subsection.

(5)

Each state agency shall include appropriate security requirements in the specifications for the solicitation of contracts for procuring information technology or information technology resources or services which are consistent with the rules and guidelines established by the Office of Information Security.

(6)

The Agency for Enterprise Information Technology may adopt rules relating to information security and to administer the provisions of this section.

(7)

By December 31, 2010, the Agency for Enterprise Information Technology shall develop, and submit to the Governor, the President of the Senate, and the Speaker of the House of Representatives a proposed implementation plan for information technology security. The agency shall describe the scope of operation, conduct costs and requirements analyses, conduct an inventory of all existing security information technology resources, and develop strategies, timeframes, and resources necessary for statewide migration.

History.

ss. 1, 2, 3, ch. 84-236; s. 28, ch. 87-137; s. 1, ch. 89-14; s. 7, ch. 90-160; s. 13, ch. 91-171; s. 234, ch. 92-279; s. 55, ch. 92-326; s. 22, ch. 94-340; s. 863, ch. 95-148; s. 131, ch. 96-406; s. 15, ch. 97-286; s. 25, ch. 2000-164; s. 26, ch. 2001-261; s. 18, ch. 2006-26; s. 10, ch. 2007-105; s. 12, ch. 2009-80; s. 46, ch. 2010-5.

282.322

Special monitoring process for designated information resources management projects.

For each information resources management project which is designated for special monitoring in the General Appropriations Act, with a proviso requiring a contract with a project monitor, the Technology Review Workgroup established pursuant to s. 216.0446, in consultation with each affected agency, shall be responsible for contracting with the project monitor. Upon contract award, funds equal to the contract amount shall be transferred to the Technology Review Workgroup upon request and subsequent approval of a budget amendment pursuant to s. 216.292. With the concurrence of the Legislative Auditing Committee, the office of the Auditor General shall be the project monitor for other projects designated for special monitoring. However, nothing in this section precludes the Auditor General from conducting such monitoring on any project designated for special monitoring. In addition to monitoring and reporting on significant communications between a contracting agency and the appropriate federal authorities, the project monitoring process shall consist of evaluating each major stage of the designated project to determine whether the deliverables have been satisfied and to assess the level of risks associated with proceeding to the next stage of the project. The major stages of each designated project shall be determined based on the agency’s information systems development methodology. Within 20 days after an agency has completed a major stage of its designated project or at least 90 days, the project monitor shall issue a written report, including the findings and recommendations for correcting deficiencies, to the agency head, for review and comment. Within 20 days after receipt of the project monitor’s report, the agency head shall submit a written statement of explanation or rebuttal concerning the findings and recommendations of the project monitor, including any corrective action to be taken by the agency. The project monitor shall include the agency’s statement in its final report, which shall be forwarded, within 7 days after receipt of the agency’s statement, to the agency head, the inspector general’s office of the agency, the Executive Office of the Governor, the appropriations committees of the Legislature, the Joint Legislative Auditing Committee, the Technology Review Workgroup, the President of the Senate, the Speaker of the House of Representatives, and the Office of Program Policy Analysis and Government Accountability. The Auditor General shall also receive a copy of the project monitor’s report for those projects in which the Auditor General is not the project monitor.

History.

s. 23, ch. 94-340; s. 11, ch. 97-100; s. 16, ch. 97-286; s. 23, ch. 98-73; s. 30, ch. 98-136; s. 40, ch. 99-399; s. 27, ch. 2001-261; s. 11, ch. 2007-105; s. 20, ch. 2008-116.

282.33

Objective standards for data center energy efficiency.

(1)

By July 1, 2009, the Agency for Enterprise Information Technology shall define objective standards for:

(a)

Measuring data center energy consumption and efficiency, including, but not limited to, airflow and cooling, power consumption and distribution, and environmental control systems in a data center facility.

(b)

Calculating total cost of ownership of energy-efficient information technology products, including initial purchase, installation, ongoing operation and maintenance, and disposal costs over the life cycle of the product.

(2)

State shared resource data centers and other data centers that the Agency for Enterprise Information Technology has determined will be recipients for consolidating data centers, which are designated by the Agency for Enterprise Information Technology, shall evaluate their data center facilities for energy efficiency using the standards established in this section.

(a)

Results of these evaluations shall be reported to the Agency for Enterprise Information Technology, the President of the Senate, and the Speaker of the House of Representatives. Reports shall enable the tracking of energy performance over time and comparisons between facilities.

(b)

By December 31, 2010, and biennially thereafter, the Agency for Enterprise Information Technology shall submit to the Legislature recommendations for reducing energy consumption and improving the energy efficiency of state primary data centers.

(3)

The primary means of achieving maximum energy savings across all state data centers and computing facilities shall be the consolidation of data centers and computing facilities as determined by the Agency for Enterprise Information Technology. State data centers and computing facilities in the state data center system shall be established as an enterprise information technology service as defined in s. 282.0041. The Agency for Enterprise Information Technology shall make recommendations on consolidating state data centers and computing facilities, pursuant to s. 282.0056, by December 31, 2009.

(4)

When the total cost of ownership of an energy-efficient product is less than or equal to the cost of the existing data center facility or infrastructure, technical specifications for energy-efficient products should be incorporated in the plans and processes for replacing, upgrading, or expanding data center facilities or infrastructure, including, but not limited to, network, storage, or computer equipment and software.

History.

s. 111, ch. 2008-227; s. 13, ch. 2009-80.

282.34

Statewide e-mail service.

A state e-mail system that includes the delivery and support of e-mail, messaging, and calendaring capabilities is established as an enterprise information technology service as defined in s. 282.0041. The service shall be designed to meet the needs of all executive branch agencies. The primary goals of the service are to minimize the state investment required to establish, operate, and support the statewide service; reduce the cost of current e-mail operations and the number of duplicative e-mail systems; and eliminate the need for each state agency to maintain its own e-mail staff.

(1)

The Southwood Shared Resource Center, a primary data center, shall be the provider of the statewide e-mail service for all state agencies. The center shall centrally host, manage, operate, and support the service, or outsource the hosting, management, operational, or support components of the service in order to achieve the primary goals identified in this section.

(2)

The Agency for Enterprise Information Technology, in consultation with the Southwood Shared Resource Center, shall establish and coordinate a multiagency project team to develop a competitive solicitation for establishing the statewide e-mail service.

(a)

The Southwood Shared Resource Center shall issue the competitive solicitation by August 31, 2010, with vendor responses required by October 15, 2010. Issuance of the competitive solicitation does not obligate the agency and the center to conduct further negotiations or to execute a contract. The decision to conduct or conclude negotiations, or execute a contract, must be made solely at the discretion of the agency.

(b)

The competitive solicitation must include detailed specifications describing:

1.

The current e-mail approach for state agencies and the specific business objectives met by the present system.

2.

The minimum functional requirements necessary for successful statewide implementation and the responsibilities of the prospective service provider and the agency.

3.

The form and required content for submitted proposals, including, but not limited to, a description of the proposed system and its internal and external sourcing options, a 5-year life-cycle-based pricing based on cost per mailbox per month, and a decommissioning approach for current e-mail systems; an implementation schedule and implementation services; a description of e-mail account management, help desk, technical support, and user provisioning services; disaster recovery and backup and restore capabilities; antispam and antivirus capabilities; remote access and mobile messaging capabilities; and staffing requirements.

(c)

Other optional requirements specifications may be included in the competitive solicitation if not in conflict with the primary goals of the statewide e-mail service.

(d)

The competitive solicitation must permit alternative financial and operational models to be proposed, including, but not limited to:

1.

Leasing or usage-based subscription fees;

2.

Installing and operating the e-mail service within the Southwood Shared Resource Center or in a data center operated by an external service provider; or

3.

Provisioning the e-mail service as an Internet-based offering provided to state agencies. Specifications for proposed models must be optimized to meet the primary goals of the e-mail service.

(3)

By December 31, 2010, or within 1 month after negotiations are complete, whichever is later, the multiagency project team and the Agency for Enterprise Information Technology shall prepare a business case analysis containing its recommendations for procuring the statewide e-mail service for submission to the Governor and Cabinet, the President of the Senate, and the Speaker of the House of Representatives. The business case is not subject to challenge or protest pursuant to chapter 120. The business case must include, at a minimum:

(a)

An assessment of the major risks that must be managed for each proposal compared to the risks for the current state agency e-mail system and the major benefits that are associated with each.

(b)

A cost-benefit analysis that estimates all major cost elements associated with each sourcing option, focusing on the nonrecurring and recurring life-cycle costs of each option. The analysis must include a comparison of the estimated total 5-year life-cycle cost of the current agency e-mail systems versus each enterprise e-mail sourcing option in order to determine the feasibility of funding the migration and operation of the statewide e-mail service and the overall level of savings that can be expected. The 5-year life-cycle costs for each state agency must include, but are not limited to:

1.

The total recurring operating costs of the current agency e-mail systems, including monthly mailbox costs, staffing, licensing and maintenance costs, hardware, and other related e-mail product and service costs.

2.

An estimate of nonrecurring hardware and software refresh, upgrade, or replacement costs based on the expected 5-year obsolescence of current e-mail software products and equipment through the 2014 fiscal year, and the basis for the estimate.

3.

An estimate of recurring costs associated with the energy consumption of current agency e-mail equipment, and the basis for the estimate.

4.

Any other critical costs associated with the current agency e-mail systems which can reasonably be estimated and included in the business case analysis.

(c)

A comparison of the migrating schedules of each sourcing option to the statewide e-mail service, including the approach and schedule for the decommissioning of all current state agency e-mail systems beginning with phase 1 and phase 2 as provided in subsection (4).

(4)

All agencies must be completely migrated to the statewide e-mail service as soon as financially and operationally feasible, but no later than June 30, 2015.

(a)

The following statewide e-mail service implementation schedule is established for state agencies:

1.

Phase 1.The following agencies must be completely migrated to the statewide e-mail system by June 30, 2012: the Agency for Enterprise Information Technology; the Department of Community Affairs, including the Division of Emergency Management; the Department of Corrections; the Department of Health; the Department of Highway Safety and Motor Vehicles; the Department of Management Services, including the Division of Administrative Hearings, the Division of Retirement, the Commission on Human Relations, and the Public Employees Relations Commission; the Southwood Shared Resource Center; and the Department of Revenue.

2.

Phase 2.The following agencies must be completely migrated to the statewide e-mail system by June 30, 2013: the Department of Business and Professional Regulation; the Department of Education, including the Board of Governors; the Department of Environmental Protection; the Department of Juvenile Justice; the Department of the Lottery; the Department of State; the Department of Law Enforcement; the Department of Veterans’ Affairs; the Judicial Administration Commission; the Public Service Commission; and the Statewide Guardian Ad Litem Office.

3.

Phase 3.The following agencies must be completely migrated to the statewide e-mail system by June 30, 2014: the Agency for Health Care Administration; the Agency for Workforce Innovation; the Department of Financial Services, including the Office of Financial Regulation and the Office of Insurance Regulation; the Department of Agriculture and Consumer Services; the Executive Office of the Governor; the Department of Transportation; the Fish and Wildlife Conservation Commission; the Agency for Persons With Disabilities; the Northwood Shared Resource Center; and the State Board of Administration.

4.

Phase 4.The following agencies must be completely migrated to the statewide e-mail system by June 30, 2015: the Department of Children and Family Services; the Department of Citrus; the Department of Elderly Affairs; and the Department of Legal Affairs.

(b)

Agency requests to modify their scheduled implementing date must be submitted in writing to the Agency for Enterprise Information Technology. Any exceptions or modifications to the schedule must be approved by the Agency for Enterprise Information Technology based only on the following criteria:

1.

Avoiding nonessential investment in agency e-mail hardware or software refresh, upgrade, or replacement.

2.

Avoiding nonessential investment in new software or hardware licensing agreements, maintenance or support agreements, or e-mail staffing for current e-mail systems.

3.

Resolving known agency e-mail problems through migration to the statewide e-mail service.

4.

Accommodating unique agency circumstances that require an acceleration or delay of the implementation date.

(5)

In order to develop the implementation plan for the statewide e-mail service, the Agency for Enterprise Information Technology shall establish and coordinate a statewide e-mail project team. The agency shall also consult with and, as necessary, form workgroups consisting of agency e-mail management staff, agency chief information officers, agency budget directors, and other administrative staff. The statewide e-mail implementation plan must be submitted to the Governor, the President of the Senate, and the Speaker of the House of Representatives by July 1, 2011.

(6)

Unless authorized by the Legislature or as provided in subsection (7), a state agency may not:

(a)

Initiate a new e-mail service or execute a new e-mail contract or new e-mail contract amendment for nonessential products or services with any entity other than the provider of the statewide e-mail service;

(b)

Terminate a statewide e-mail service without giving written notice of termination 180 days in advance; or

(c)

Transfer e-mail system services from the provider of the statewide e-mail service.

(7)

Exceptions to paragraphs (6)(a), (b), and (c) may be granted by the Agency for Enterprise Information Technology only if the Southwood Shared Resource Center is unable to meet agency business requirements for the e-mail service, and if such requirements are essential to maintain agency operations. Requests for exceptions must be submitted in writing to the Agency for Enterprise Information Technology and include documented confirmation by the Southwood Shared Resource Center board of trustees that it cannot meet the requesting agency’s e-mail service requirements.

(8)

Each agency shall include the budget issues necessary for migrating to the statewide e-mail service in its legislative budget request before the first full year it is scheduled to migrate to the statewide service in accordance with budget instructions developed pursuant to s. 216.023.

(9)

The Agency for Enterprise Information Technology shall adopt rules to standardize the format for state agency e-mail addresses.

(10)

State agencies must fully cooperate with the Agency for Enterprise Information Technology in the performance of its responsibilities established in this section.

(11)

The Agency for Enterprise Information Technology shall recommend changes to an agency’s scheduled date for migration to the statewide e-mail service pursuant to this section, annually by December 31, until migration to the statewide service is complete.

History.

s. 14, ch. 2009-80; s. 6, ch. 2010-148.

PART II

ACCESSIBILITY OF INFORMATION
AND TECHNOLOGY

282.601
Accessibility of electronic information and information technology.
282.602
Definitions.
282.603
Access to electronic and information technology for persons with disabilities; undue burden; limitations.
282.604
Adoption of rules.
282.605
Exceptions.
282.606
Intent.
282.601

Accessibility of electronic information and information technology.

(1)

In order to improve the accessibility of electronic information and information technology and increase the successful education, employment, access to governmental information and services, and involvement in community life, the executive, legislative, and judicial branches of state government shall, when developing, competitively procuring, maintaining, or using electronic information or information technology acquired on or after July 1, 2006, ensure that state employees with disabilities have access to and are provided with information and data comparable to the access and use by state employees who are not individuals with disabilities, unless an undue burden would be imposed on the agency.

(2)

Individuals with disabilities who are members of the public seeking information or services from state agencies that are subject to this part shall be provided with access to and use of information and data comparable to that provided to the public who are not individuals with disabilities, unless an undue burden would be imposed on the agency.

History.

s. 73, ch. 2006-227.

282.602

Definitions.

As used in this part, the term:

(1)

“Accessible electronic information and information technology” means electronic information and information technology that conforms to the standards for accessible electronic information and information technology as set forth by s. 508 of the Rehabilitation Act of 1973, as amended, and 29 U.S.C. s. 794(d), including the regulations set forth under 36 C.F.R. part 1194.

(2)

“Alternate methods” means a different means of providing information to people with disabilities, including product documentation. The term includes, but is not limited to, voice, facsimile, relay service, TTY, Internet posting, captioning, text-to-speech synthesis, and audio description.

(3)

“Electronic information and information technology” includes information technology and any equipment or interconnected system or subsystem of equipment that is used in creating, converting, or duplicating data or information. The term includes, but is not limited to, telecommunications products such as telephones, information kiosks and transaction machines, Internet websites, multimedia systems, and office equipment such as copiers and facsimile machines. The term does not include any equipment that contains embedded information technology that is an integral part of the product if the principal function of the technology is not the acquisition, storage, manipulation, management, movement, control, display, switching, interchange, transmission, or reception of data or information.

(4)

“Information technology” means any equipment or interconnected system or subsystem of equipment that is used in the automatic acquisition, storage, manipulation, management, movement, control, display, switching, interchange, transmission, or reception of data or information. The term includes computers, ancillary equipment, software, firmware and similar procedures, services, and support services, and related resources.

(5)

“Undue burden” means significant difficulty or expense. In determining whether an action would result in an undue burden, a state agency shall consider all agency resources that are available to the program or component for which the product is being developed, procured, maintained, or used.

(6)

“State agency” means any agency of the executive, legislative, or judicial branch of state government.

History.

s. 73, ch. 2006-227.

282.603

Access to electronic and information technology for persons with disabilities; undue burden; limitations.

(1)

Each state agency shall develop, procure, maintain, and use accessible electronic information and information technology acquired on or after July 1, 2006, that conforms to the applicable provisions set forth by s. 508 of the Rehabilitation Act of 1973, as amended, and 29 U.S.C. s. 794(d), including the regulations set forth under 36 C.F.R. part 1194, except when compliance with this section imposes an undue burden; however, in such instance, a state agency must provide individuals with disabilities with the information and data involved by an alternative method of access that allows the individual to use the information and data.

(2)

This section does not require a state agency to install specific accessibility-related software or attach an assistive technology device at a work station of a state employee who is not an individual with a disability.

(3)

This section does not require a state agency, when providing the public with access to information or data through electronic information technology, to make products owned by the state agency available for access and use by individuals with disabilities at a location other than the location at which the electronic information and information technology are normally provided to the public. This section does not require a state agency to purchase products for access and use by individuals with disabilities at a location other than at the location where the electronic information and information technology are normally provided to the public.

History.

s. 73, ch. 2006-227.

282.604

Adoption of rules.

The Department of Management Services shall, with input from stakeholders, adopt rules pursuant to ss. 120.536(1) and 120.54 for the development, procurement, maintenance, and use of accessible electronic information technology by governmental units.

History.

s. 73, ch. 2006-227.

282.605

Exceptions.

(1)

This part does not apply to electronic information and information technology of the Department of Military Affairs or the Florida National Guard if the function, operation, or use of the information or technology involves intelligence activities or cryptologic activities related to national security, the command and control of military forces, equipment that is an integral part of a weapon or weapons system, or systems that are critical to the direct fulfillment of military or intelligence missions. Systems that are critical to the direct fulfillment of military or intelligence missions do not include a system that is used for routine administrative and business applications, including, but not limited to, payroll, finance, logistics, and personnel management applications.

(2)

This part does not apply to electronic information and information technology of a state agency if the function, operation, or use of the information or technology involves criminal intelligence activities. Such activities do not include information or technology that is used for routine administrative and business applications, including, but not limited to, payroll, finance, logistics, and personnel management applications.

(3)

This part does not apply to electronic information and information technology that is acquired by a contractor and that is incidental to the contract.

(4)

This part applies to competitive solicitations issued or new systems developed by a state agency on or after July 1, 2006.

History.

s. 73, ch. 2006-227.

282.606

Intent.

It is the intent of the Legislature that, in construing this part, due consideration and great weight be given to the interpretations of the federal courts relating to comparable provisions of s. 508 of the Rehabilitation Act of 1973, as amended, and 29 U.S.C. s. 794(d), including the regulations set forth under 36 C.F.R. part 1194, as of July 1, 2006.

History.

s. 73, ch. 2006-227.

PART III

COMMUNICATION INFORMATION
TECHNOLOGY SERVICES

282.701
Short title.
282.702
Powers and duties.
282.703
SUNCOM Network; exemptions from the required use.
282.704
Use of state SUNCOM Network by municipalities.
282.705
Use of state SUNCOM Network by nonprofit corporations.
282.706
Use of SUNCOM Network by libraries.
282.707
SUNCOM Network; criteria for usage.
282.708
Emergency assumption of control.
282.709
State agency law enforcement radio system and interoperability network.
282.7101
Statewide system of regional law enforcement communications.
282.711
Remote electronic access services.
282.701

Short title.

This part may be cited as the “Communication Information Technology Services Act.”

History.

s. 16, ch. 2009-80.

282.702

Powers and duties.

The Department of Management Services shall have the following powers, duties, and functions:

(1)

To publish electronically the portfolio of services available from the department, including pricing information; the policies and procedures governing usage of available services; and a forecast of the department’s priorities for each telecommunications service.

(2)

To adopt technical standards by rule for the state telecommunications network which ensure the interconnection and operational security of computer networks, telecommunications, and information systems of agencies.

(3)

To enter into agreements related to information technology and telecommunications services with state agencies and political subdivisions of the state.

(4)

To purchase from or contract with information technology providers for information technology, including private line services.

(5)

To apply for, receive, and hold authorizations, patents, copyrights, trademarks, service marks, licenses, and allocations or channels and frequencies to carry out the purposes of this part.

(6)

To purchase, lease, or otherwise acquire and to hold, sell, transfer, license, or otherwise dispose of real, personal, and intellectual property, including, but not limited to, patents, trademarks, copyrights, and service marks.

(7)

To cooperate with any federal, state, or local emergency management agency in providing for emergency telecommunications services.

(8)

To control and approve the purchase, lease, or acquisition and the use of telecommunications services, software, circuits, and equipment provided as part of any other total telecommunications system to be used by the state or its agencies.

(9)

To adopt rules pursuant to ss. 120.536(1) and 120.54 relating to telecommunications and to administer the provisions of this part.

(10)

To apply for and accept federal funds for the purposes of this part as well as gifts and donations from individuals, foundations, and private organizations.

(11)

To monitor issues relating to telecommunications facilities and services before the Florida Public Service Commission and the Federal Communications Commission and, if necessary, prepare position papers, prepare testimony, appear as a witness, and retain witnesses on behalf of state agencies in proceedings before the commissions.

(12)

Unless delegated to the agencies by the department, to manage and control, but not intercept or interpret, telecommunications within the SUNCOM Network by:

(a)

Establishing technical standards to physically interface with the SUNCOM Network.

(b)

Specifying how telecommunications are transmitted within the SUNCOM Network.

(c)

Controlling the routing of telecommunications within the SUNCOM Network.

(d)

Establishing standards, policies, and procedures for access to and the security of the SUNCOM Network.

(e)

Ensuring orderly and reliable telecommunications services in accordance with the service level agreements executed with state agencies.

(13)

To plan, design, and conduct experiments for telecommunications services, equipment, and technologies, and to implement enhancements in the state telecommunications network if in the public interest and cost-effective. Funding for such experiments must be derived from SUNCOM Network service revenues and may not exceed 2 percent of the annual budget for the SUNCOM Network for any fiscal year or as provided in the General Appropriations Act. New services offered as a result of this subsection may not affect existing rates for facilities or services.

(14)

To enter into contracts or agreements, with or without competitive bidding or procurement, to make available, on a fair, reasonable, and nondiscriminatory basis, property and other structures under departmental control for the placement of new facilities by any wireless provider of mobile service as defined in 47 U.S.C. s. 153(27) or s. 332(d) and any telecommunications company as defined in s. 364.02 if it is practical and feasible to make such property or other structures available. The department may, without adopting a rule, charge a just, reasonable, and nondiscriminatory fee for the placement of the facilities, payable annually, based on the fair market value of space used by comparable telecommunications facilities in the state. The department and a wireless provider or telecommunications company may negotiate the reduction or elimination of a fee in consideration of services provided to the department by the wireless provider or telecommunications company. All such fees collected by the department shall be deposited directly into the Law Enforcement Radio Operating Trust Fund, and may be used by the department to construct, maintain, or support the system.

(15)

Establish policies that ensure that the department’s cost-recovery methodologies, billings, receivables, expenditures, budgeting, and accounting data are captured and reported timely, consistently, accurately, and transparently and are in compliance with all applicable federal and state laws and rules. The department shall annually submit to the Governor, the President of the Senate, and the Speaker of the House of Representatives a report that describes each service and its cost, the billing methodology for recovering the cost of the service, and, if applicable, the identity of those services that are subsidized.

History.

s. 22, ch. 69-106; s. 1, ch. 70-327; s. 36, ch. 83-334; s. 11, ch. 87-137; s. 220, ch. 92-279; s. 55, ch. 92-326; s. 16, ch. 95-143; s. 1, ch. 96-357; s. 9, ch. 96-390; s. 11, ch. 97-286; s. 65, ch. 98-279; s. 5, ch. 2000-164; s. 11, ch. 2001-261; s. 36, ch. 2002-1; s. 18, ch. 2007-105; s. 17, ch. 2009-80; s. 48, ch. 2010-5; s. 10, ch. 2010-148.

Note.

Former s. 287.25; s. 282.102.

282.703

SUNCOM Network; exemptions from the required use.

(1)

The SUNCOM Network is established within the department as the state enterprise telecommunications system for providing local and long-distance communications services to state agencies, political subdivisions of the state, municipalities, and nonprofit corporations pursuant to this part. The SUNCOM Network shall be developed to transmit all types of telecommunications signals, including, but not limited to, voice, data, video, image, and radio. State agencies shall cooperate and assist in the development and joint use of telecommunications systems and services.

(2)

The department shall design, engineer, implement, manage, and operate through state ownership, commercial leasing, contracted services, or some combination thereof, the facilities, equipment, and contracts providing SUNCOM Network services, and shall develop a system of equitable billings and charges for telecommunications services.

(3)

The department shall own, manage, and establish standards for the telecommunications addressing and numbering plans for the SUNCOM Network. This includes distributing or revoking numbers and addresses to authorized users of the network and delegating or revoking the delegation of management of subsidiary groups of numbers and addresses to authorized users of the network.

(4)

The department shall maintain a directory of information and services which provides the names, phone numbers, and e-mail addresses for employees, agencies, and network devices that are served, in whole or in part, by the SUNCOM Network. State agencies and political subdivisions of the state shall cooperate with the department by providing timely and accurate directory information in the manner established by the department.

(5)

All state agencies shall use the SUNCOM Network for agency telecommunications services as the services become available; however, an agency is not relieved of responsibility for maintaining telecommunications services necessary for effective management of its programs and functions. The department may provide such communications services to a state university if requested by the university.

(a)

If a SUNCOM Network service does not meet the telecommunications requirements of an agency, the agency must notify the department in writing and detail the requirements for that service. If the department is unable to meet an agency’s requirements by enhancing SUNCOM Network service, the department may grant the agency an exemption from the required use of specified SUNCOM Network services.

(b)

Unless an exemption has been granted by the department, effective October 1, 2010, all customers of a state primary data center, excluding state universities, must use the shared SUNCOM Network telecommunications services connecting the state primary data center to SUNCOM services for all telecommunications needs in accordance with department rules.

1.

Upon discovery of customer noncompliance with this paragraph, the department shall provide the affected customer with a schedule for transferring to the shared telecommunications services provided by the SUNCOM Network and an estimate of all associated costs. The state primary data centers and their customers shall cooperate with the department to accomplish the transfer.

2.

Customers may request an exemption from this paragraph in the same manner as authorized in paragraph (a).

(6)

This section may not be construed to require a state university to use SUNCOM Network communication services.

History.

s. 22, ch. 69-106; s. 13, ch. 87-137; s. 3, ch. 91-171; s. 222, ch. 92-279; s. 55, ch. 92-326; s. 10, ch. 96-390; s. 66, ch. 98-279; s. 6, ch. 2000-164; s. 12, ch. 2001-261; s. 935, ch. 2002-387; s. 19, ch. 2007-105; s. 18, ch. 2009-80; s. 6, ch. 2010-78; s. 11, ch. 2010-148.

Note.

Former s. 287.27; s. 282.103.

282.704

Use of state SUNCOM Network by municipalities.

Any municipality may request the department to provide any or all of the SUNCOM Network’s portfolio of communications services upon such terms and conditions as the department may establish. The requesting municipality shall pay its share of installation and recurring costs according to the published rates for SUNCOM Network services and as invoiced by the department. Such municipality shall also pay for any requested modifications to existing SUNCOM Network services, if any charges apply.

History.

s. 3, ch. 82-56; s. 1, ch. 83-70; s. 14, ch. 87-137; s. 11, ch. 96-390; s. 67, ch. 98-279; s. 7, ch. 2000-164; s. 13, ch. 2001-261; s. 19, ch. 2009-80.

Note.

Former s. 287.251; s. 282.104.

282.705

Use of state SUNCOM Network by nonprofit corporations.

(1)

The department shall provide a means whereby private nonprofit corporations under contract with state agencies or political subdivisions of the state may use the state SUNCOM Network, subject to the limitations in this section. In order to qualify to use the state SUNCOM Network, a nonprofit corporation shall:

(a)

Expend the majority of its total direct revenues for the provision of contractual services to the state, a municipality, or a political subdivision; and

(b)

Receive only a small portion of its total revenues from any source other than a state agency, a municipality, or a political subdivision during the time SUNCOM Network services are requested.

(2)

Each nonprofit corporation seeking authorization to use the state SUNCOM Network shall provide to the department, upon request, proof of compliance with subsection (1).

(3)

Nonprofit corporations established pursuant to general law and an association of municipal governments which is wholly owned by the municipalities are eligible to use the state SUNCOM Network, subject to the terms and conditions of the department.

(4)

Institutions qualified to participate in the William L. Boyd, IV, Florida Resident Access Grant Program pursuant to s. 1009.89 are eligible to use the state SUNCOM Network, subject to the terms and conditions of the department. Such entities are not required to satisfy the other criteria of this section.

(5)

Private, nonprofit elementary and secondary schools are eligible for rates and services on the same basis as public schools if such schools do not have an endowment in excess of $50 million.

History.

s. 1, ch. 80-107; s. 2, ch. 82-56; s. 3, ch. 83-70; s. 15, ch. 87-137; s. 223, ch. 92-279; s. 55, ch. 92-326; s. 197, ch. 95-148; s. 12, ch. 96-390; s. 19, ch. 97-296; s. 68, ch. 98-279; s. 36, ch. 99-399; s. 8, ch. 2000-164; s. 14, ch. 2001-261; s. 936, ch. 2002-387; s. 20, ch. 2009-80.

Note.

Former s. 287.272; s. 282.105.

282.706

Use of SUNCOM Network by libraries.

The department may provide SUNCOM Network services to any library in the state, including libraries in public schools, community colleges, state universities, and nonprofit private postsecondary educational institutions, and libraries owned and operated by municipalities and political subdivisions. This section may not be construed to require a state university library to use SUNCOM Network services.

History.

s. 2, ch. 96-357; s. 9, ch. 2000-164; s. 15, ch. 2001-261; s. 937, ch. 2002-387; s. 21, ch. 2009-80; s. 7, ch. 2010-78.

Note.

Former s. 282.106.

282.707

SUNCOM Network; criteria for usage.

(1)

The department and customers served by the department shall periodically review the qualifications of subscribers using the state SUNCOM Network and terminate services provided to a facility not qualified under this part or rules adopted hereunder. In the event of nonpayment of invoices by subscribers whose SUNCOM Network invoices are paid from sources other than legislative appropriations, such nonpayment represents good and sufficient reason to terminate service.

(2)

The department shall adopt rules for implementing and operating the state SUNCOM Network, which include procedures for withdrawing and restoring authorization to use the state SUNCOM Network. Such rules shall provide a minimum of 30 days’ notice to affected parties before terminating voice communications service.

(3)

This section does not limit or restrict the ability of the Florida Public Service Commission to set jurisdictional tariffs of telecommunications companies.

History.

s. 1, ch. 82-56; s. 2, ch. 83-70; s. 16, ch. 87-137; s. 13, ch. 96-390; s. 33, ch. 2000-152; s. 10, ch. 2000-164; s. 20, ch. 2007-105; s. 22, ch. 2009-80; s. 12, ch. 2010-148.

Note.

Former s. 287.255; s. 282.107.

282.708

Emergency assumption of control.

In the event of an emergency, the Governor may direct emergency management assumption of control over all or part of the state communications system.

History.

s. 22, ch. 69-106; s. 37, ch. 83-334; s. 23, ch. 2009-80.

Note.

Former s. 287.28; s. 282.109.

282.709

State agency law enforcement radio system and interoperability network.

(1)

The department may acquire and administer a statewide radio communications system to serve law enforcement units of state agencies, and to serve local law enforcement agencies through mutual aid channels.

(a)

The department shall, in conjunction with the Department of Law Enforcement and the Division of Emergency Management of the Department of Community Affairs, establish policies, procedures, and standards to be incorporated into a comprehensive management plan for the use and operation of the statewide radio communications system.

(b)

The department shall bear the overall responsibility for the design, engineering, acquisition, and implementation of the statewide radio communications system and for ensuring the proper operation and maintenance of all common system equipment.

(c)1.

The department may rent or lease space on any tower under its control and refuse to lease space on any tower at any site.

2.

The department may rent, lease, or sublease ground space as necessary to locate equipment to support antennae on the towers. The costs for the use of such space shall be established by the department for each site if it is determined to be practicable and feasible to make space available.

3.

The department may rent, lease, or sublease ground space on lands acquired by the department for the construction of privately owned or publicly owned towers. The department may, as a part of such rental, lease, or sublease agreement, require space on such towers for antennae as necessary for the construction and operation of the state agency law enforcement radio system or any other state need.

4.

All moneys collected by the department for rents, leases, and subleases under this subsection shall be deposited directly into the State Agency Law Enforcement Radio System Trust Fund established in subsection (3) and may be used by the department to construct, maintain, or support the system.

5.

The positions necessary for the department to accomplish its duties under this subsection shall be established in the General Appropriations Act and funded by the Law Enforcement Radio Operating Trust Fund or other revenue sources.

(d)

The department shall exercise its powers and duties under this part to plan, manage, and administer the mutual aid channels in the statewide radio communication system.

1.

In implementing such powers and duties, the department shall consult and act in conjunction with the Department of Law Enforcement and the Division of Emergency Management of the Department of Community Affairs, and shall manage and administer the mutual aid channels in a manner that reasonably addresses the needs and concerns of the involved law enforcement agencies and emergency response agencies and entities.

2.

The department may make the mutual aid channels available to federal agencies, state agencies, and agencies of the political subdivisions of the state for the purpose of public safety and domestic security.

(e)

The department may allow other state agencies to use the statewide radio communications system under terms and conditions established by the department.

(2)

The Joint Task Force on State Agency Law Enforcement Communications is created adjunct to the department to advise the department of member-agency needs relating to the planning, designing, and establishment of the statewide communication system.

(a)

The Joint Task Force on State Agency Law Enforcement Communications shall consist of eight members, as follows:

1.

A representative of the Division of Alcoholic Beverages and Tobacco of the Department of Business and Professional Regulation who shall be appointed by the secretary of the department.

2.

A representative of the Division of Florida Highway Patrol of the Department of Highway Safety and Motor Vehicles who shall be appointed by the executive director of the department.

3.

A representative of the Department of Law Enforcement who shall be appointed by the executive director of the department.

4.

A representative of the Fish and Wildlife Conservation Commission who shall be appointed by the executive director of the commission.

5.

A representative of the Division of Law Enforcement of the Department of Environmental Protection who shall be appointed by the secretary of the department.

6.

A representative of the Department of Corrections who shall be appointed by the secretary of the department.

7.

A representative of the Division of State Fire Marshal of the Department of Financial Services who shall be appointed by the State Fire Marshal.

8.

A representative of the Department of Transportation who shall be appointed by the secretary of the department.

(b)

Each appointed member of the joint task force shall serve at the pleasure of the appointing official. Any vacancy on the joint task force shall be filled in the same manner as the original appointment. A joint task force member may, upon notification to the chair before the beginning of any scheduled meeting, appoint an alternative to represent the member on the task force and vote on task force business in his or her absence.

(c)

The joint task force shall elect a chair from among its members to serve a 1-year term. A vacancy in the chair of the joint task force must be filled for the remainder of the unexpired term by an election of the joint task force members.

(d)

The joint task force shall meet as necessary, but at least quarterly, at the call of the chair and at the time and place designated by him or her.

(e)

The per diem and travel expenses incurred by a member of the joint task force in attending its meetings and in attending to its affairs shall be paid pursuant to s. 112.061, from funds budgeted to the state agency that the member represents.

(f)

The department shall provide technical support to the joint task force.

(3)

The State Agency Law Enforcement Radio System Trust Fund is established in the department and funded from surcharges collected under ss. 318.18, 320.0802, and 328.72. Upon appropriation, moneys in the trust fund may be used by the department to acquire by competitive procurement the equipment, software, and engineering, administrative, and maintenance services it needs to construct, operate, and maintain the statewide radio system. Moneys in the trust fund collected as a result of the surcharges set forth in ss. 318.18, 320.0802, and 328.72 shall be used to help fund the costs of the system. Upon completion of the system, moneys in the trust fund may also be used by the department for payment of the recurring maintenance costs of the system.

(4)

The department may create and administer an interoperability network to enable interoperability between various radio communications technologies and to serve federal agencies, state agencies, and agencies of political subdivisions of the state for the purpose of public safety and domestic security.

(a)

The department shall, in conjunction with the Department of Law Enforcement and the Division of Emergency Management of the Department of Community Affairs, exercise its powers and duties pursuant to this chapter to plan, manage, and administer the interoperability network. The office may:

1.

Enter into mutual aid agreements among federal agencies, state agencies, and political subdivisions of the state for the use of the interoperability network.

2.

Establish the cost of maintenance and operation of the interoperability network and charge subscribing federal and local law enforcement agencies for access and use of the network. The department may not charge state law enforcement agencies identified in paragraph (2)(a) to use the network.

3.

In consultation with the Department of Law Enforcement and the Division of Emergency Management of the Department of Community Affairs, amend and enhance the statewide radio communications system as necessary to implement the interoperability network.

(b)

The department, in consultation with the Joint Task Force on State Agency Law Enforcement Communications, and in conjunction with the Department of Law Enforcement and the Division of Emergency Management of the Department of Community Affairs, shall establish policies, procedures, and standards to incorporate into a comprehensive management plan for the use and operation of the interoperability network.

History.

s. 1, ch. 88-144; s. 1, ch. 92-72; s. 224, ch. 92-279; s. 55, ch. 92-326; s. 30, ch. 94-218; s. 111, ch. 94-356; s. 860, ch. 95-148; s. 5, ch. 95-283; s. 1, ch. 96-312; s. 5, ch. 96-357; s. 10, ch. 96-388; s. 14, ch. 96-390; s. 6, ch. 98-251; s. 69, ch. 98-279; s. 81, ch. 99-245; s. 3, ch. 99-289; s. 37, ch. 99-399; s. 11, ch. 2000-164; s. 16, ch. 2001-261; s. 2, ch. 2003-153; s. 308, ch. 2003-261; s. 24, ch. 2009-80.

Note.

Former s. 282.1095.

282.7101

Statewide system of regional law enforcement communications.

(1)

It is the intent and purpose of the Legislature that a statewide system of regional law enforcement communications be developed whereby maximum efficiency in the use of existing radio channels is achieved in order to deal more effectively with the apprehension of criminals and the prevention of crime. To this end, all law enforcement agencies within the state are directed to provide the department with any information the department requests for the purpose of implementing the provisions of subsection (2).

(2)

The department is hereby authorized and directed to develop and maintain a statewide system of regional law enforcement communications. In formulating such a system, the department shall divide the state into appropriate regions and shall develop a program that includes, but is not limited to:

(a)

The communications requirements for each county and municipality comprising the region.

(b)

An interagency communications provision that depicts the communication interfaces between municipal, county, and state law enforcement entities operating within the region.

(c)

A frequency allocation and use provision that includes, on an entity basis, each assigned and planned radio channel and the type of operation, simplex, duplex, or half-duplex, on each channel.

(3)

The department shall adopt any necessary rules and regulations for administering and coordinating the statewide system of regional law enforcement communications.

(4)

The secretary of the department or his or her designee is designated as the director of the statewide system of regional law enforcement communications and, for the purpose of carrying out the provisions of this section, may coordinate the activities of the system with other interested state agencies and local law enforcement agencies.

(5)

A law enforcement communications system may not be established or expanded without the prior approval of the department.

(6)

Within the limits of its capability, the Department of Law Enforcement is encouraged to lend assistance to the department in the development of the statewide system of regional law enforcement communications proposed by this section.

History.

ss. 1, 2, 3, 4, 5, 6, ch. 72-296; s. 1, ch. 77-174; s. 12, ch. 79-8; s. 225, ch. 92-279; s. 55, ch. 92-326; s. 11, ch. 96-388; s. 15, ch. 96-390; s. 7, ch. 98-251; s. 70, ch. 98-279; s. 42, ch. 99-399; s. 12, ch. 2000-164; s. 17, ch. 2001-261; s. 25, ch. 2009-80.

Note.

Former s. 287.29; s. 282.111.

282.711

Remote electronic access services.

The department may collect fees for providing remote electronic access pursuant to s. 119.07(2). The fees may be imposed on individual transactions or as a fixed subscription for a designated period of time. All fees collected under this section shall be deposited in the appropriate trust fund of the program or activity that made the remote electronic access available.

History.

s. 13, ch. 97-241; s. 14, ch. 2000-164; s. 19, ch. 2001-261; s. 37, ch. 2004-335; s. 26, ch. 2009-80.

Note.

Former s. 282.21.