The Vermont Statutes Online

Title 3: Executive

Chapter 056: Agency of Digital Services

• § 3301. Agency of Digital Services; created

  (a) The Agency of Digital Services is created to provide information technology services and solutions in State government. The cost of the oversight, monitoring, and control shall be assessed to the entity requesting the activity. The Agency shall have all the responsibilities assigned to it by law, including the following:

  (1) Provide services for all activities directly related to information technology and cybersecurity, including telecommunications services, information technology equipment, software, accessibility, networks in State government, and the sharing of data and information within State government.

  (2) Review and approve all information technology activities within State government.

  (3) Prepare and submit an annual report to the General Assembly for information technology, as described in section 3303 of this chapter.

  (4) Prepare and submit a strategic plan for information technology and cybersecurity to the General Assembly, as described in section 3303 of this chapter.

  (5) Obtain independent expert review of any new information technology projects, as required by section 3303 of this chapter.

  (6) Provide strategy, services, and solutions for information technology activities within State government.

  (7) Provide information technology project management services and business analyst services to the Executive Branch. When project managers are not available, the Agency shall procure those services and bill them back to the agencies using the services.

  (8) Provide standards for the management, organization, and tracking of information technology activities within State government.

  (9) Create information technology procurement policy and process for State government in collaboration with the Agency of Administration, and review all information technology and information technology requests for proposal in accordance with Agency of Administration policies.

  (10) Perform the responsibilities of the Secretary of Administration under 30 V.S.A. § 227b.

  (11) Inventory technology fixed assets within State government.

  (12) Manage the training and classification of information technology employees within State government in collaboration with the Agency of Administration.

  (13) Support the statewide development of broadband telecommunications infrastructure and services, in a manner consistent with the telecommunications plan prepared pursuant to 30 V.S.A. § 202d and community development objectives established by the Agency of Commerce and Community Development, by:

  (A) purchasing telecommunications services or facilities at rates competitive within the national marketplace;

  (B) sharing bandwidth with service providers or other users;

  (C) establishing equipment colocation arrangements with service providers; or

  (D) making other reasonable arrangements.

  (14) Develop information technology and cybersecurity policies for State government.

  (15) Provide technical support and services to the Legislative and Judicial branches, as needed.

  (b) As used in this section:

  (1) “Cybersecurity” means the protection of an information system or information stored on such information system against any act or attempt, direct or indirect, successful or unsuccessful, to gain unauthorized access, use, disclose, disrupt, modify, or destroy the information system or information stored on such information system.

  (2) “Information technology activities” means:

  (A) the creation, collection, processing, storage, management, transmission, or conversion of electronic data, documents, or records; and

  (B) the design, construction, purchase, installation, maintenance, or operation of systems, including hardware, software, and services that perform or are contracted under Administrative Bulletin 3.5 to perform these activities.

  (3) “State government” means the agencies of the Executive Branch of State government. (Added 2019, No. 49, § 5, eff. June 10, 2019.)

• § 3302. Appointment of Secretary; powers and duties

  (a) The Governor, with the advice and consent of the Senate, shall appoint the Secretary of Digital Services who shall be the Chief Information Officer of the State. The Secretary shall appoint a deputy secretary who shall serve at the pleasure of the Secretary.

  (b) The Secretary shall serve as the administrative head of the Agency of Digital Services, and shall have the following responsibilities:

  (1) coordinate and optimize the use of technology within State government;

  (2) approve, in consultation with the Agency of Administration, State government information technology contracts and procurement activity;

  (3) review and approve State government information technology and cybersecurity policies;

  (4) approve State government information technology recruitment and classification of employees; and

  (5) supervise all information technology employees and contractors in State government. (Added 2019, No. 49, § 5, eff. June 10, 2019.)

• § 3303. Reporting, records, and review requirements

  (a) Annual report and budget. The Secretary shall submit to the General Assembly, concurrent with the Governor’s annual budget request required under 32 V.S.A. § 306, an annual report for information technology and cybersecurity. The report shall reflect the priorities of the Agency and shall include:

  (1) performance metrics and trends, including baseline and annual measurements, for each division of the Agency;

  (2) a financial report of revenues and expenditures to date for the current fiscal year;

  (3) costs avoided or saved as a result of technology optimization for the previous fiscal year;

  (4) an outline summary of information, including scope, schedule, budget, and status for information technology projects with total costs of $500,000.00 or greater;

  (5) an annual update to the strategic plan prepared pursuant to subsection (c) of this section;

  (6) a summary of independent reviews as required by subsection (d) of this section;

  (7) the Agency budget submission;

  (8) an annual update to the inventory required by section 3305 of this title; and.

  (9) a report on the expenditures of the Technology Modernization Special Fund, a list of projects receiving funding from the Fund in the prior fiscal year, and a list of prioritized recommendations for projects to be funded from the Fund in the next fiscal year.

  (b) Records. The Agency shall maintain the following records for information technology projects with a total cost of $500,000.00 or greater:

  (1) A business case, including life-cycle costs and sources of funds for design, development, and implementation, as well as maintenance and operations. The business case shall include expected benefits, including cost savings and service delivery improvements.

  (2) Detailed project plans and status reports, including risk identification and risk mitigation plans.

  (c) Strategic plan. The Secretary shall prepare and submit a strategic plan for information technology and cybersecurity, concurrent with the Governor’s annual budget request required under 32 V.S.A. § 306. The strategic plan shall include:

  (1) the Agency’s vision, mission, objectives, strategies, and overarching action plans for information technology within State government; and

  (2) an update on the information technology goals for State government for the following fiscal year.

  (d) Independent expert review.

  (1) The Agency shall obtain independent expert review of any new information technology projects with a total cost of $1,000,000.00 or greater or when required by the Chief Information Officer.

  (2) The independent review shall include:

  (A) an acquisition cost assessment;

  (B) a technology architecture and standards review;

  (C) an implementation plan assessment;

  (D) a cost analysis and a model for benefit analysis;

  (E) an analysis of alternatives;

  (F) an impact analysis on net operating costs for the agency carrying out the activity; and

  (G) a security assessment.

  (3) The requirement to obtain independent expert review described in subdivision (1) of this subsection (d) may be waived by the Chief Information Officer if, in his or her judgment, such a review would be duplicative of one or more reviews that have been, or will be, conducted under a separate federal or State requirement. If waived, such waiver shall be in writing and in accordance with procedures established by the Chief Information Officer. (Added 2019, No. 49, § 5, eff. June 10, 2019; amended 2019, No. 131 (Adj. Sess.), § 5; 2021, No. 74, § E.105; 2021, No. 132 (Adj. Sess.), § 2, eff. July 1, 2022; 2021, No. 185 (Adj. Sess.), § E.105, eff. July 1, 2022.)

• § 3304. Information Technology Internal Service Fund

  (a) An Information Technology Internal Service Fund is created to support activities of the Agency of Digital Services.

  (b) An agency, department, or division or other State or nonstate entity that receives services of the Agency of Digital Services shall be charged for those services on a basis established by the Secretary of Digital Services with the approval of the Secretary of Administration. (Added 2019, No. 49, § 5, eff. June 10, 2019.)

• § 3305. Automated decision system; State procurement; inventory

  (a) Definitions. As used in this section:

  (1) “Algorithm” means a computerized procedure consisting of a set of steps used to accomplish a determined task.

  (2) “Automated decision system” means any algorithm, including one incorporating machine learning or other artificial intelligence techniques, that uses data-based analytics to make or support government decisions, judgments, or conclusions.

  (3) “Automated final decision system” means an automated decision system that makes final decisions, judgments, or conclusions without human intervention.

  (4) “Automated support decision system” means an automated decision system that provides information to inform the final decision, judgment, or conclusion of a human decision maker.

  (5) “State government” has the same meaning as in section 3301 of this chapter.

  (b) Inventory. The Agency of Digital Services shall conduct a review and make an inventory of all automated decision systems that are being developed, employed, or procured by State government. The inventory shall include the following for each automated decision system:

  (1) the automated decision system’s name and vendor;

  (2) a description of the automated decision system’s general capabilities, including:

  (A) reasonably foreseeable capabilities outside the scope of the agency’s proposed use; and

  (B) whether the automated decision system is used or may be used for independent decision-making powers and the impact of those decisions on Vermont residents;

  (3) the type or types of data inputs that the technology uses; how that data is generated, collected, and processed; and the type or types of data the automated decision system is reasonably likely to generate;

  (4) whether the automated decision system has been tested for bias by an independent third party, has a known bias, or is untested for bias;

  (5) a description of the purpose and proposed use of the automated decision system, including:

  (A) what decision or decisions it will be used to make or support;

  (B) whether it is an automated final decision system or automated support decision system; and

  (C) its intended benefits, including any data or research relevant to the outcome of those results;

  (6) how automated decision system data is securely stored and processed and whether an agency intends to share access to the automated decision system or the data from that automated decision system with any other entity, which entity, and why; and

  (7) a description of the IT fiscal impacts of the automated decision system, including:

  (A) initial acquisition costs and ongoing operating costs, such as maintenance, licensing, personnel, legal compliance, use auditing, data retention, and security costs;

  (B) any cost savings that would be achieved through the use of the technology; and

  (C) any current or potential sources of funding, including any subsidies or free products being offered by vendors or governmental entities. (Added 2021, No. 132 (Adj. Sess.), § 3, eff. July 1, 2022.)

• § 3306. Technology Modernization Special Fund

  (a) Creation. There is created the Technology Modernization Special Fund, to be administered by the Agency of Digital Services. Monies in the Fund shall be used to purchase, implement, and upgrade technology platforms, systems, and cybersecurity services used by State agencies and departments to carry out their statutory functions.

  (b) Funds. The Fund shall consist of:

  (1) any amounts transferred or appropriated to it by the General Assembly; and

  (2) any interest earned by the Fund.

  (c) Fund balance. Any balance remaining at the end of the fiscal year shall remain in the Fund.

  (d) Receipts. The Commissioner of Finance and Management may anticipate receipts to this Fund and issue warrants based thereon.

  (e) Priorities. The General Assembly shall prioritize projects to receive monies from the Fund based on recommendations from the Chief Information Officer submitted pursuant to subsection 3303(a) of this title. Expenditures shall only be made from the fund through appropriation and project authorization by the General Assembly. Plans for use shall be submitted as part of the budget adjustment or budget process. (Added 2021, No. 185 (Adj. Sess.), § E.105.1, eff. June 9, 2022.)