§ 3303. Reporting, records, and review requirements
(a) Annual report and budget. The Secretary shall submit to the House Committee on Energy and Digital Infrastructure
and the Senate Committee on Institutions, concurrent with the Governor’s annual budget
request required under 32 V.S.A. § 306, an annual report for information technology and cybersecurity. The report shall
reflect the priorities of the Agency and shall include:
(1) performance metrics and trends, including baseline and annual measurements, for each
division of the Agency;
(2) a financial report of revenues and expenditures to date for the current fiscal year;
(3) costs avoided or saved as a result of technology optimization for the previous fiscal
year;
(4) a summary of each active information technology project managed by the Agency’s Enterprise
Project Management Office, including each project’s:
(A) scope;
(B) budget;
(C) timeline; and
(D) status, which includes:
(i) project closure details;
(ii) project changes over time; and
(iii) other indicators of the project being on time and on budget;
(5) an annual update to the strategic plan prepared pursuant to subsection (c) of this
section;
(6) a summary of independent reviews as required by subsection (d) of this section, including
any uses of the waiver authority by the Chief Information Officer pursuant to subdivision
(d)(3) of this section;
(7) the Agency budget submission;
(8) an annual update to the inventory required by section 3305 of this title; and
(9) a report on the expenditures of the Technology Modernization Special Fund, a list
of projects receiving funding from the Fund in the prior fiscal year, and a list of
prioritized recommendations for projects to be funded from the Fund in the next fiscal
year.
(b) Records. The Agency shall maintain the following records for information technology projects
managed by the Agency’s Enterprise Project Management Office:
(1) A business case, including staffing costs, when available to and provided by the State
government business partner, life-cycle costs, and sources of funds for design, development,
and implementation, as well as maintenance and operations. The business case shall
include expected benefits, including cost savings and service delivery improvements.
(2) Detailed project plans and status reports, including risk identification and risk
mitigation plans.
(c) Strategic plan. The Secretary shall prepare and submit a strategic plan for information technology
and cybersecurity, concurrent with the Governor’s annual budget request required under
32 V.S.A. § 306. The strategic plan shall include:
(1) the Agency’s vision, mission, objectives, strategies, and overarching action plans
for information technology within State government; and
(2) an update on the information technology goals for State government for the following
fiscal year.
(d) Independent expert review.
(1) The Agency shall obtain independent expert review of any new information technology
projects with a total cost of $1,000,000.00 or greater or when required by the Chief
Information Officer.
(2) The independent review shall include:
(A) an acquisition cost assessment;
(B) a technology architecture and standards review;
(C) an implementation plan assessment;
(D) a cost analysis and a model for benefit analysis;
(E) an analysis of alternatives;
(F) an impact analysis on net operating costs for the agency carrying out the activity;
and
(G) a security assessment.
(3) The requirement to obtain independent expert review described in subdivision (1) of
this subsection may be waived by the Chief Information Officer if, in the Chief Information
Officer’s judgment, such a review would be duplicative of one or more reviews that
have been, or will be, conducted under a separate federal or State requirement. If
waived, such waiver shall be in writing and in accordance with procedures established
by the Chief Information Officer.
(e) Current projects inventory. The Agency shall maintain a project inventory on its publicly accessible website that
displays the status of all current information technology projects managed by the
Agency’s Enterprise Project Management Office. The inventory shall be updated at least
monthly and include the:
(1) State government business partner for each project;
(2) name of each project;
(3) start date of each project;
(4) estimated date of completion at the start of the implementation phase of each project
along with an indicator as to whether the project is on time;
(5) estimated project cost at the start of the implementation phase of each project along
with an indicator as to whether the project is on budget;
(6) current estimated date of completion of each project; and
(7) current estimated cost of each project. (Added 2019, No. 49, § 5, eff. June 10, 2019; amended 2019, No. 131 (Adj. Sess.), § 5; 2021, No. 74, § E.105; 2021, No. 132 (Adj. Sess.), § 2, eff. July 1, 2022; 2021, No. 185 (Adj. Sess.), § E.105, eff. July 1, 2022; 2025, No. 48, § 2, eff. July 1, 2025.)