The Vermont Statutes Online
The Statutes below include the actions of the 2024 session of the General Assembly.
The Vermont Statutes Online will be down for maintenance on Wednesday, October 22 while we load the actions of the 2025 General Assembly.
NOTE: The Vermont Statutes Online is an unofficial copy of the Vermont Statutes Annotated that is provided as a convenience.
Title 3 : Executive
Chapter 056 : Agency of Digital Services
(Cite as: 3 V.S.A. § 3303)-
§ 3303. Reporting, records, and review requirements
(a) Annual report and budget. The Secretary shall submit to the House Committee on Energy and Digital Infrastructure and the Senate Committee on Institutions, concurrent with the Governor’s annual budget request required under 32 V.S.A. § 306, an annual report for information technology and cybersecurity. The report shall reflect the priorities of the Agency and shall include:
(1) performance metrics and trends, including baseline and annual measurements, for each division of the Agency;
(2) a financial report of revenues and expenditures to date for the current fiscal year;
(3) costs avoided or saved as a result of technology optimization for the previous fiscal year;
(4) a summary of each active information technology project managed by the Agency’s Enterprise Project Management Office, including each project’s:
(A) scope;
(B) budget;
(C) timeline; and
(D) status, which includes:
(i) project closure details;
(ii) project changes over time; and
(iii) other indicators of the project being on time and on budget;
(5) an annual update to the strategic plan prepared pursuant to subsection (c) of this section;
(6) a summary of independent reviews as required by subsection (d) of this section, including any uses of the waiver authority by the Chief Information Officer pursuant to subdivision (d)(3) of this section;
(7) the Agency budget submission;
(8) an annual update to the inventory required by section 3305 of this title; and
(9) a report on the expenditures of the Technology Modernization Special Fund, a list of projects receiving funding from the Fund in the prior fiscal year, and a list of prioritized recommendations for projects to be funded from the Fund in the next fiscal year.
(b) Records. The Agency shall maintain the following records for information technology projects managed by the Agency’s Enterprise Project Management Office:
(1) A business case, including staffing costs, when available to and provided by the State government business partner, life-cycle costs, and sources of funds for design, development, and implementation, as well as maintenance and operations. The business case shall include expected benefits, including cost savings and service delivery improvements.
(2) Detailed project plans and status reports, including risk identification and risk mitigation plans.
(c) Strategic plan. The Secretary shall prepare and submit a strategic plan for information technology and cybersecurity, concurrent with the Governor’s annual budget request required under 32 V.S.A. § 306. The strategic plan shall include:
(1) the Agency’s vision, mission, objectives, strategies, and overarching action plans for information technology within State government; and
(2) an update on the information technology goals for State government for the following fiscal year.
(d) Independent expert review.
(1) The Agency shall obtain independent expert review of any new information technology projects with a total cost of $1,000,000.00 or greater or when required by the Chief Information Officer.
(2) The independent review shall include:
(A) an acquisition cost assessment;
(B) a technology architecture and standards review;
(C) an implementation plan assessment;
(D) a cost analysis and a model for benefit analysis;
(E) an analysis of alternatives;
(F) an impact analysis on net operating costs for the agency carrying out the activity; and
(G) a security assessment.
(3) The requirement to obtain independent expert review described in subdivision (1) of this subsection may be waived by the Chief Information Officer if, in the Chief Information Officer’s judgment, such a review would be duplicative of one or more reviews that have been, or will be, conducted under a separate federal or State requirement. If waived, such waiver shall be in writing and in accordance with procedures established by the Chief Information Officer.
(e) Current projects inventory. The Agency shall maintain a project inventory on its publicly accessible website that displays the status of all current information technology projects managed by the Agency’s Enterprise Project Management Office. The inventory shall be updated at least monthly and include the:
(1) State government business partner for each project;
(2) name of each project;
(3) start date of each project;
(4) estimated date of completion at the start of the implementation phase of each project along with an indicator as to whether the project is on time;
(5) estimated project cost at the start of the implementation phase of each project along with an indicator as to whether the project is on budget;
(6) current estimated date of completion of each project; and
(7) current estimated cost of each project. (Added 2019, No. 49, § 5, eff. June 10, 2019; amended 2019, No. 131 (Adj. Sess.), § 5; 2021, No. 74, § E.105; 2021, No. 132 (Adj. Sess.), § 2, eff. July 1, 2022; 2021, No. 185 (Adj. Sess.), § E.105, eff. July 1, 2022; 2025, No. 48, § 2, eff. July 1, 2025.)
