Prior to the passage of HB 3099 (2015), the DAS Director retained substantial authority over state IT operations and policy—as a DAS employee and direct report, the State CIO lacked independence and possessed only nominal authority over statewide IT policy. Consequently, there was a fundamental disconnect between statewide IT policy and service delivery. Following the discovery of statewide network vulnerabilities in March of 2015, the Governor restructured leadership over statewide IT policy and operations, temporarily assigning operational responsibility for ETS to the State CIO. The reassignment and delegation of joint authority over statewide IT policy and operations was made permanent under HB 3099, which designated the State CIO as an independent official, directly responsible to the Governor as the primary advisor on statewide IT policy and operations. 

Among other provisions, HB 3099 codified an incremental funding and development process for IT projects over $1 million (i.e., Stage Gate review) and provided the State CIO with independent procurement authority, oversight responsibilities and contract enforcement capabilities. The OSCIO delegation of procurement authority over enterprise IT and telecommunications project (from inception through project lifecycle) includes: 

(a)the ability to suspend or modify project implementation;
(b)cancel or modify a procurement, contract or price agreement; 
(c)modify the scope of an initiative prior to the award of a contract or price agreement; 
(d)enforce the terms and conditions of a contract or price agreement (e.g., “call for cure”); or 
(e)elect to be named as a party or third-party beneficiary to any contract or price agreement. 

By implication, this delegation of authority implies new responsibilities for the OSCIO—responsibilities that impact how the state procures hardware, software, telecommunication services and IT professional services. The OSCIO is working in coordination with the Department of Justice and DAS Procurement Services to define the roles and responsibilities of the respective parties relative to IT purchasing and procurement. 

In clarifying the role of the State CIO and ensuring alignment between statewide IT policy and operations, HB 3099 has provided a unique opportunity to reaffirm its commitment to enable state agencies and partner jurisdictions to better serve Oregonians—mitigating security vulnerabilities and threats, optimizing IT investments across the enterprise of state government, ensuring financial transparency and aligning service delivery with industry best practices. The proposed realignment of statewide IT policy and service delivery within the OSCIO, is intended to implement the promise of HB 3099, sustain security investments and build new capabilities for vendor management and oversight.