CHAPTER 5A. DEPARTMENT OF ADMINISTRATION.

ARTICLE 6. OFFICE OF TECHNOLOGY.

§5A-6-4d. Responsibilities of the Chief Information Officer to implement information technology modernization.

(a) For the purposes of this section, "cloud computing service" means a service that enables on demand self-service network access to a shared pool of configurable computer resources including, but not limited to, data storage, analytics, electronic commerce, streaming services, mobile services, electronic mail, document sharing, and document editing which can be rapidly provided and released with minimal management effort or service provider interaction.

(b) The Chief Information Officer shall develop a comprehensive strategy and implement standards for the procurement, adoption, and utilization of cloud computing services by the state and its agencies. In developing the strategy, the Chief Information Officer may consult with other relevant state or federal agencies and relevant private sector stakeholders.

(c) When implementing the comprehensive strategy described in subsection (b) of this section, the Chief Information Officer may:

(1) Consider activities that accelerate the development of standards addressing interoperability and portability of cloud computing services in collaboration with private sector stakeholders;

(2) Consider activities that advance the development of conformance testing to be performed by private sector stakeholders to support cloud computing standardization;

(3) Consider activities that support the development of appropriate security and architecture frameworks in consultation with private sector stakeholders; and

(4) Identify modern security control best practices to address security and privacy requirements, and to enable the use and adoption of cloud computing services, including practices defined in National Institute of Standards and Technology, Federal Risk and Authorization Management Program, and any equivalent state program adopted in West Virginia.

(d) Beginning on December 1, 2023, and on December 1 of each year after, the Chief Information Officer shall report annually the status of the state’s comprehensive strategy described in subsection (b) of this section to the Joint Committee on Government and Finance and to the Governor. To assist in the creation of the report, all relevant state agencies shall cooperate with the Chief Information Officer and provide any information required by the Chief Information Officer in an accurate and timely manner.

§5A-6-4d. Responsibilities of the Chief Information Officer to implement information technology modernization.