44TH LEGISLATURE - STATE OF NEW MEXICO - FIRST SESSION, 1999

RELATING TO INFORMATION SYSTEMS; CREATING THE INFORMATION SYSTEMS MANAGEMENT COMMISSION; PROVIDING POWERS AND DUTIES; REQUIRING ANNUAL PLANNING FOR STATE-FUNDED INFORMATION SYSTEMS.

BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF NEW MEXICO:

Section 1. SHORT TITLE.--This act may be cited as the "Information Systems Management Act".

Section 2. PURPOSE.--The purpose of the Information Systems Management Act is to coordinate the central and individual executive agency information systems in a manner that ensures that the most cost-effective and efficient information and communication systems and resources are being used by executive agencies. Coordination will be achieved through the development of a five-year strategic plan for information and communication management that is developed and updated annually by the information systems management commission. The plan shall include an inventory of current services, resources and systems.

Section 3. DEFINITIONS.--As used in the Information Systems Management Act:

A. "commission" means the information systems management commission;

B. "executive agency" means a state agency that is not part of the judicial or legislative branch of government, a state educational institution or local political subdivision; and

C. "information system" means computer and voice and data communication software and hardware, including imaging systems, terminals and communications networks and facilities, staff information systems services and professional service contracts for information systems services.

Section 4. COMMISSION CREATED--COMPOSITION--STAFF.--

A. The "information systems management commission" is created. The commission consists of the secretaries of finance and administration and general services or their designees and six members appointed by the governor as follows:

(1) two representatives from the major information and communication units of Los Alamos national laboratory and Sandia national laboratories;

(2) two cabinet secretaries or their designees, one of whom represents a large information systems user in the state mainframe environment and one of whom represents a medium or small information systems user in a non-mainframe environment, who shall serve on a rotating basis for terms not to exceed two years; and

(3) two public members with experience in information systems technology and management, but who are not employees of the state or any of its political subdivisions and who do not have any financial interest in state information systems or state contracts.

B. Laboratory representatives and public members shall serve five-year terms, and vacancies shall be filled by appointment by the governor for the unexpired term. Members who are not paid from state funds may be reimbursed for per diem and travel expenses as provided in the Per Diem and Mileage Act.

C. Executive agencies represented on the commission shall provide staff for their respective members of the commission.

D. The governor shall appoint, with the advice and consent of the senate, a "chief information officer", who shall serve as chairman of the commission and act as the director of the commission's permanent staff. In addition, the commission may employ the following permanent staff:

(1) a deputy director;

(2) three information and communication management analysts with responsibilities for a certain set of assigned agencies, agency plans and emerging technologies;

(3) two performance auditors to conduct performance audits of all executive agency information management and technology resources; and

(4) support staff.

Section 5. POWERS AND DUTIES.--

A. The commission shall develop and update annually a detailed five-year strategic plan on information systems management to be presented to the governor and the legislative finance committee. The plan shall include the development of policies, standards and procedures for the management of information and communication technology for all executive agencies. The annual updates of the plan shall reflect how the individual agency plans conform to and support the five-year strategic plan.

B. The first strategic plan developed under the provisions of the Information Systems Management Act shall provide the framework from which to develop, analyze and approve individual executive agency information systems management plans and resource allocations. The strategic plan shall define the strategic policy direction for executive agencies and the responsibilities of those agencies in the acquisition and use of information systems and technologies.

C. In carrying out its duties pursuant to Subsection A of this section, the commission shall:

(1) coordinate the preparation and facilitate the implementation of executive agency plans;

(2) review and approve such plans and document the approval to the governor and legislature;

(3) monitor information systems development and conduct performance audits of information systems and management and technological resources;

(4) advise the governor and legislature on information management and technology matters;

(5) develop a strategic information systems management annual plan review policy and process that requires each executive agency to develop an acceptable information systems management annual plan no later than September 1 of each year for review and approval by the commission no later than November 15 of each year to ensure appropriate input into the executive and legislative budget processes;

(6) review and evaluate the agency plans against a specific set of criteria set forth in Section 6 of the Information Systems Management Act;

(7) review and approve all rate structures for information systems services in the review and evaluation of the plan for the general services department; provided, however, that the approval authority shall provide the secretary of general services flexibility in rate designs for a variation of plus or minus five percent without commission approval;

(8) approve the acquisition of information services, resources and systems, including services relating to project or contract management, to ensure compliance with the Procurement Code and the five-year strategic plan;

(9) develop a schedule for ongoing monitoring of major system development projects with a written report that shall be sent to the head of the agency as specified in the schedule and to the legislative finance committee and shall specify compliance with information architecture and audit guidelines, provide recommendations for improved compliance and provide agency recommendations;

(10) review all budget requests for appropriations for information and communications systems for all executive agencies for each fiscal year, and for each request the commission shall designate a priority based on the five-year strategic plan, which priority listing shall be furnished to:

(a) the department of finance and administration;

(b) the legislative finance committee; and

(c) each submitting agency; and

(11) make written recommendations to the department of finance and administration and the legislative finance committee for information and communication systems-related budget adjustment requests.

Section 6. POWERS AND DUTIES OF COMMISSION AND EXECUTIVE AGENCIES PURSUANT TO DEVELOPMENT OF AGENCY PLANS.--

A. The commission shall ensure, through the development of specific policies, procedures and guidelines, that agency plans include strategic and operational assessments; provide a formal linkage between information systems management planning and department strategies and processes; use standard formats when appropriate; allow for stratification of projects to require less detail for smaller projects and an increasingly detailed level of analysis and justification as project size, cost and risk increase; and have an increased and enhanced emphasis on evaluation of the economics of all information and communication systems investments.

B. The commission shall specifically ensure the following:

(1) that the plan is the product of a continuous institutional process;

(2) that the primary responsibility for general supervision of information systems management resides within each department;

(3) that each executive agency demonstrates that its information technology planning process is closely linked to its agency strategic planning process and to its program planning activities;

(4) that rigorous management processes are applied to ensure that implementation of information systems and resources represents an investment for the state that yields specific, measurable services and financial objectives;

(5) that efficient and judicious incorporation of information system technology innovations supports executive agency operations to control expenses, increase productivity, improve service and improve controls; and

(6) that the requirement for prudent risk management practices preserves the integrity and security of information and information system facilities and ensures timely resumption of operations following a disaster.

C. The commission shall require each executive agency's plan to include the following:

(1) an executive agency overview;

(2) a summary of the agency's existing information and communications hardware and software resources and network connectivity;

(3) a strategic information systems plan, including cost and benefit analyses;

(4) a tactical information systems plan, including specific budget data;

(5) a method for revising and reporting on the plan;

(6) the requirement for a feasibility study to be included in the plan for all projects with a total cost equal to or greater than five hundred thousand dollars ($500,000) or for any ongoing project the scope of which will exceed five hundred thousand dollars ($500,000) as well as include a detailed assessment of project management methodology; and

(7) contingency planning and disaster recovery.

D. Each executive agency plan shall be evaluated against the following criteria:

(1) the agency has created a discernible direction for information systems as represented by improving the level of services to citizens, establishing pragmatic measurements, identifying cost and benefit estimates, demonstrating concern for quality products and performance, establishing feasible, relevant, attainable and measurable objectives;

(2) the plan demonstrates a consistent, interrelated action plan of the executive agency's mission and strategic objectives in conjunction and coordination with its information systems projects;

(3) the plan puts forth a demonstrated leadership or management factor as represented by awareness of training needs, recognition of and response to issues and challenges, successful completion of projects, consideration of alternative courses of action and development of strategies that are results oriented for executive agency programs;

(4) the plan identifies sound technical direction based on proven technology, with current technical resources leveraged to gain maximum value, and the plan comprehensively addresses potential limits of current and proposed technology;

(5) the plan focuses on effective and efficient use of available resources, including staff, funds, existing capital and time;

(6) the plan clearly isolates risks and recognizes and mitigates risks by providing for a realistic assessment of risks, careful evaluation of alternative action, flexibility to respond to changes and opportunities, application of new concepts and techniques and systematic evaluation of options in terms of results;

(7) the plan clearly demonstrates the value of projects to the agency, state government and the citizens of the state as well as other customers and associates in the form of costs, tangible benefits and intangible benefits;

(8) the plan specifically details communities of interest, internal and external, for potential duplication of effort and data sharing;

(9) conformance to planning processes as set forth by the commission; and

(10) the plan demonstrates conformance to the direction of the plans and policies of the overall strategic plan, including conformance for methods and procedures for disaster recovery, evidence of management commitment to project implementation success and mitigation of risks, a description of how the agency's information and communication systems and databases are designed, provision that information and communication bases are designed to work with communities of interest to facilitate the sharing of information across agencies and system conformance to overall information and communication management and technology strategies.

Section 7. STATE-FUNDED INFORMATION SYSTEMS--STRATEGIC PLANNING--REPORTS TO COMMISSION AND LEGISLATURE.--

A. An administering agency of a state-funded information system that is not part of the executive branch of state government shall develop and update annually a detailed five-year strategic plan on information management for that system. The strategic plan shall define the policy direction for the administering agency in the acquisition, use and management of the information system, including services, resources and services for the information system's users. Each year's update of the plan shall include:

(1) an inventory of the current information systems; and

(2) an evaluation of the necessity for integration and compatibility of the information system with other state-funded information systems, an evaluation of how well that integration and compatibility are being accomplished and a description of the barriers to integration and compatibility.

B. The strategic plan shall be filed with the commission and the legislative finance committee, along with recommendations for legislative action needed to ensure appropriate optimum integration and compatibility of state-funded information systems.

C. The legislative finance committee may request the assistance of experts to evaluate strategic plans and budget requests for state-funded information systems.

D. For the purposes of this section, "administering agency" means the organizational unit of a state-funded branch, institution or political subdivision of the state that is responsible for the development, maintenance and improvement of the branch's, institution's or political subdivision's information system and includes the judicial information system council, legislative council service, public school districts and post-secondary educational institutions.

Section 8. TERMINATION OF COMMISSION LIFE.--The information systems management commission is terminated on July 1, 2003 pursuant to the provisions of the Sunset Act. The commission shall continue to operate until July 1, 2004. Effective July 1, 2004, the Information Systems Management Act is repealed.

Section 9. EFFECTIVE DATE.--The effective date of the provisions of this act is July 1, 1999.