TITLE 1. ADMINISTRATION

PART 10. DEPARTMENT OF INFORMATION RESOURCES

CHAPTER 201. GENERAL ADMINISTRATION

1 TAC §201.6

The Texas Department of Information Resources (the Department) proposes amendments to 1 TAC Chapter 201, §201.6, concerning Contract Approval Authority and Responsibilities, to clarify the processes and policies of current practices.

In 1 TAC §201.6, the Department proposes clarifying the definition for significant statewide impact. The definition provides clearer criteria for which types of contract documents the Board will be required to approve and those that can be approved by DIR management without board approval.

The changes to the chapter do not apply to state agencies or institutions of higher education. The assessment of the impact of the adopted changes on institutions of higher education was prepared in consultation with the Information Technology Council for Higher Education (ITCHE) in compliance with §2054.121(c), Texas Government Code.

John Hoffman, Chief Technology Officer, has determined during the first five-year period following the amendment to 1 TAC Chapter 201 there will be no fiscal impact on state agencies, institutions of higher education and local governments.

Mr. Hoffman has further determined for each year of the first five years following the adoption of the amendments to 1 TAC Chapter 201 there are no anticipated additional economic costs to persons or small businesses required to comply with the amended rule. Final adoption of this rule will result in more efficient processes for government agencies to the benefit of the public.

Written comments on the proposed amendments may be submitted to Martin Zelinsky, General Counsel, 300 West 15th Street, Suite 1300, Austin, Texas 78701, or to martin.zelinsky@dir.texas.gov. Comments will be accepted for 30 days after publication in the Texas Register.

The amendments are proposed pursuant to §2054.052(a), Texas Government Code, which authorizes the department to adopt rules as necessary to implement its responsibilities under Chapter 2054, Texas Government Code; and 2255.01, Texas Government Code, which authorizes state agencies to develop rules;

No other code, article or statute is affected by this proposal.

§201.6.Contract Approval Authority and Responsibilities.

(a) Purpose. The purpose of this rule is to establish the approval authority and responsibilities for executing contracts required by the department.

(b) Applicability. This rule applies to all contracts entered into by the department.

(c) Definitions. As used in this section, the following terms shall have the following meanings, unless the context clearly indicates otherwise.

(1) Board--The governing board of the department.

(2) Contract--A written agreement between the department and a contractor for goods or services. As used in this section, "contract" includes the following: letters of agreement; interagency/interlocal agreements with other government entities; and other documents in which state funds or services allocated to the department are exchanged for the delivery of other goods or services.

(3) Major Outsourced Contract--A contract the department executes with entities other than this state or a political subdivision of this state that:

(A) is authorized under Government Code, Chapter 2054, Subchapter I or Subchapter L, or Chapter 2170; or

(B) exceeds the monetary threshold in subsection (d)(1)(A) of this section, other than those contracts described in subparagraph [subsection] (A) of this paragraph.

(4) Value--The department adopts by reference the determination of contract value set forth in the State of Texas Contract Management Guide. The determination of contract value shall include, in addition to compensation to a contractor from funds allocated to the department, an amount deposited into the State general revenue fund or other state fund in a revenue sharing contract arrangement with a contractor.

(d) Approval Authority.

(1) Board Approval. The executive director or his/her designee shall present certain contracts to the board for approval. After a contractor is selected, a majority of the board shall provide final approval of the contract with the selected contractor. The board shall consider for final approval:

(A) any contract or amendment with a value expected to exceed $1,000,000;

(B) any major outsourced contract;

(C) any amendment to a major outsourced contract if the amendment has significant statewide impact. Significant statewide impact is defined as affecting critical state contractual objectives, assumptions or constraints, rising to the level of substantive impact fiscally, programmatically or otherwise at a statewide level and not as an isolated incident. Examples of situations with significant statewide impact include, but are not limited to, contract renewal, contract termination, and vendor changes. Examples of situations that do not rise to the level of significant statewide impact include but are not limited to, revisions to existing services, addition of optional services, contract language clarifications, changes in definitions, service provider locations, key personnel, and addition of new customers;

(D) any other contract deemed appropriate for board approval as determined by the executive director.

(2) Agency Approval.

(A) The board delegates authority to the executive director or his/her designee to approve all contracts not listed in paragraph (1) of this subsection.

(B) The board delegates authority to the executive director to approve a purchase request or contract listed in paragraph (1) of this subsection for an emergency as such is defined in 34 TAC §20.32, or to avoid undue material additional cost to the state. The executive director shall report any purchase requests or contracts executed by the executive director pursuant to the authority in this subsection to the board chair prior to execution of any such purchase requests or contracts subject to this rule.

(e) Authority to Execute Contracts. The board delegates authority to the executive director to execute all contracts for the department. This authority may be delegated by the executive director to the deputy executive director or other designee.

(f) Contract Planning.

(1) The department will present to the Board for approval a contract plan for the next fiscal year that outlines the agency's anticipated contracting actions that exceed $100,000.

(2) As deemed necessary by the executive director or his/her designee, updates to the contract plan will be provided to the board for approval periodically throughout the fiscal year.

(g) Contract Monitoring

(1) Each contract identified as a major outsourced contract under subsection [subparagraph] (c)(3)(A) above shall be subject to enhanced contract and performance monitoring.

(2) Information about contracts subject to such monitoring shall be regularly presented to the board and the executive director of the department.

(3) The department will immediately notify the board of any serious issue or risk that is identified with a contract subject to such monitoring.

The agency certifies that legal counsel has reviewed the proposal and found it to be within the state agency's legal authority to adopt.

Filed with the Office of the Secretary of State on August 30, 2017.

TRD-201703426

Martin Zelinsky

General Counsel

Department of Information Resources

Earliest possible date of adoption: October 15, 2017

For further information, please call: (512) 936-7577


CHAPTER 203. MANAGEMENT OF ELECTRONIC TRANSACTIONS AND SIGNED RECORDS

The Texas Department of Information Resources (department) proposes amendments to 1 TAC Chapter 203, §§203.1, 203.23, and 203.43 and proposes the repeal to §203.26 and §203.46, related to the Management of Electronic Transactions and Signed Records to clarify the difference between electronic and digital signatures.

In 1 TAC §203.1, the Department proposes amendment to the definition of digital signature. This amendment clarifies the difference between a digital and electronic signature. The Department has received questions and requests for clarification between the definitions. The new definitions provide the clarity needed for state agencies and institutions of higher education. The Department proposes deletion of the definition of "Signature Dynamics."

In 1 TAC §203.23, the Department proposes amending the language regarding digital and electronic signatures. The Department clarified agencies are not required to use digital signatures.

In 1 TAC §203.26, the Department proposes repeal of the section regarding Signature Dynamics in its entirety.

In 1 TAC §203.43, the Department proposes amending the language regarding digital and electronic signatures. The Department clarified institutions of higher education are not required to use digital signatures. Department proposes adding language ""To the extent of any conflict of rules and procedures adopted under the Texas Education Code Section 51.9336 with that of rules adopted under 1 TAC 203, the former would prevail" in consultation with the Information Technology Council for Higher Education (ITCHE).

In 1 TAC §203.46, the Department proposes repeal of the section regarding Signature Dynamics in its entirety.

The changes to the chapter apply to state agencies and institutions of higher education. The assessment of the impact of the adopted changes on institutions of higher education was prepared in consultation with the Information Technology Council for Higher Education (ITCHE) in compliance with §2054.121(c), Texas Government Code.

John Hoffman, Chief Technology Officer, has determined that during the first five-year period following the amendments to 1 TAC Chapter 203 there will be no fiscal impact on state agencies, institutions of higher education and local governments.

Mr. Hoffman has further determined that for each year of the first five years following the adoption of the amendments to 1 TAC Chapter 203 there are no anticipated additional economic costs to persons or small businesses required to comply with the proposal.

Written comments on the proposal may be submitted to Martin Zelinsky, General Counsel, 300 West 15th Street, Suite 1300, Austin, Texas 78701, or to martin.zelinsky@dir.texas.gov. Comments will be accepted for 30 days after publication in the Texas Register.

SUBCHAPTER A. DEFINITIONS

1 TAC §203.1

The amendments are proposed under §2054.052(a), Texas Government Code, which authorizes the department to adopt rules as necessary to implement its responsibilities under Chapter 2054; §2054.060(a) and (b), Texas Government Code, which reference rules created by the department regarding digital signatures; and §322.017 et. seq., Texas Business and Commerce Code, which allows the department to specify the management of electronic records.

No other code, article or statute is affected by this proposal.

§203.1.Applicable Terms and Technologies for Management of Electronic Transactions and Signed Records.

The following words and terms, when used in this chapter, shall have the following meanings, unless the context clearly indicates otherwise.

(1) Asymmetric cryptosystem--A computer-based system that employs two different but mathematically related keys with the following characteristics:

(A) one key encrypts a given message;

(B) one key decrypts a given message; and

(C) the keys have the property that, knowing one key, it is computationally infeasible to discover the other key.

(2) Certificate--A message which:

(A) identifies the certification authority issuing it;

(B) names or identifies its subscriber;

(C) contains the subscriber's public key;

(D) identifies its operational period;

(E) is digitally signed by the certification authority issuing it; and

(F) conforms to ISO X.509 Version 3 standards.

(3) Certificate Manufacturer--A person that provides operational services for a Certification Authority or PKI Service Provider. The nature and scope of the obligations and functions of a Certificate Manufacturer depend on contractual arrangements between the Certification Authority or other PKI Service Provider and the Certificate Manufacturer.

(4) Certificate Policy--A document prepared by a Policy Authority that describes the parties, scope of business, functional operations, and obligations between and among PKI Service Providers and End Entities who engage in electronic transactions in a Public Key Infrastructure.

(5) Certification Authority--A person who issues a certificate.

(6) Certification practice statement--Documentation of the practices, procedures, and controls employed by a Certification Authority.

(7) Digital signature--An electronic identifier that currently provides higher levels of security and universal acceptance. Digital signatures are based on Public Key Infrastructure (PKI) technology, and guarantee signer identity and intent, data integrity, and the non-repudiation of signed records. The digital signature cannot be copied, tampered with or altered. [An electronic identifier intended by the person using it to have the same force and effect as the use of a manual signature, and that complies with the requirements of this chapter.]

(8) Digitally signed communication--A message that has been processed by a computer in such a manner that ties the message to the individual that signed the message.

(9) Electronic--Relating to technology having electrical, digital, magnetic, wireless, optical, electromagnetic, or similar capabilities.

(10) Electronic record--A record created, generated, sent, communicated, received, or stored by electronic means.

(11) Electronic signature--An electronic sound, symbol, or process attached to or logically associated with a record and executed or adopted by a person with the intent to sign the record. Digital signatures are a subset of electronic signatures.

(12) End Entities--Subscribers or Signers and Relying Parties.

(13) Escrow agent--A person who holds a copy of a private key at the request of the owner of the private key in a trustworthy manner.

(14) Expert--A person with demonstrable skill and knowledge based on training and experience who would qualify as an expert under Rule 702 of the Texas Rules of Evidence.

(15) Handwriting measurements--The metrics of the shapes, speeds and/or other distinguishing features of a signature as the person writes it by hand with a pen or stylus on a flat surface.

(16) Key pair--A private key and its corresponding public key in an asymmetric cryptosystem. The keys have the property that the public key can verify a digital signature that the private key creates.

(17) Local government--A county, municipality, special district, or other political subdivision of this state or another state, or a combination of two or more of those entities, but excluding an agency in the judicial branch of local government.

(18) Message--A digital representation of information.

(19) Person--An individual, state agency, institution of higher education, local government, corporation, partnership, association, organization, or any other legal entity.

(20) PKI--Public Key Infrastructure; A set of policies, processes, server platforms, software and workstations used for the purpose of administering certificates and public-private key pairs, including the ability to issue, maintain, and revoke public key certificates.

(21) PKI Service Provider--A Certification Authority, Certificate Manufacturer, Registrar, or any other person that performs services pertaining to the issuance or verification of certificates.

(22) Policy Authority--A person with final authority and responsibility for specifying a Certificate Policy.

(23) Private key--The secret part of an asymmetric key pair that is used to digitally sign or decrypt data.

(24) Proof of Identification--The document or documents or other evidence presented to a Certification Authority to establish the identity of a subscriber.

(25) Public key--The public part of an asymmetric key pair that is used to verify signatures or encrypt data.

(26) Public Key Cryptography--A type of cryptographic technology that employs an asymmetric cryptosystem.

(27) Record--Information that is inscribed on a tangible medium or that is stored in an electronic or other medium and is retrievable in perceivable form.

(28) Registrar--A person that gathers evidence necessary to confirm the accuracy of information to be included in a Subscriber's certificate.

(29) Relying Party--A state agency, including an institution of higher education, that has received an electronic message that has been signed with a digital signature and is in a position to rely on the message and signature.

(30) Role-based key--A key pair issued to a person to use when acting in a particular business or organizational capacity.

[(31) Signature Dynamics--Measuring the way an individual writes his or her signature by hand on a flat surface and binding the measurements to a message through the use of cryptographic techniques.]

(31) [(32)] Signer--The person who signs a digitally signed communication with the use of an acceptable technology to uniquely link the message with the person sending it.

(32) [(33)] Subscriber--A person who:

(A) is the subject listed in a certificate;

(B) accepts the certificate; and

(C) holds a private key which corresponds to a public key listed in that certificate.

(33) [(34)] Technology--The computer hardware and/or software-based method or process used to create digital signatures.

(34) [(35)] Transaction--An action or set of actions occurring between two or more persons relating to the conduct of business, commercial, or governmental affairs, where one of the persons is a state agency, including an institution of higher education.

(35) [(36)] Written electronic communication--A message that is sent by one person to another person.

The agency certifies that legal counsel has reviewed the proposal and found it to be within the state agency's legal authority to adopt.

Filed with the Office of the Secretary of State on August 31, 2017.

TRD-201703434

Martin Zelinsky

General Counsel

Department of Information Resources

Earliest possible date of adoption: October 15, 2017

For further information, please call: (512) 936-7577


SUBCHAPTER B. STATE AGENCY USE OF ELECTRONIC TRANSACTIONS AND SIGNED RECORDS

1 TAC §203.23

The amendments are proposed under §2054.052(a), Texas Government Code, which authorizes the department to adopt rules as necessary to implement its responsibilities under Chapter 2054; §2054.060(a) and (b), Texas Government Code, which reference rules created by the department regarding digital signatures; and §322.017 et. seq., Texas Business and Commerce Code, which allows the department to specify the management of electronic records.

No other code, article or statute is affected by this proposal.

§203.23.Digital Signatures.

(a) This section applies to all written electronic communications which are sent to a state agency over the Internet or other electronic network or by another means that is acceptable to the state agency, for which the identity of the sender or the contents of the message must be authenticated, and for which no prior agreement between the sender and the receiving state agency regarding message authentication existed as of the effective date of this section. This section does not apply to or supersede the use and expansion of existing systems:

(1) for the receipt of electronically filed documents pursuant to the Texas Business and Commerce Code or other applicable statutory law where the purpose of the written electronic communication is to comply with statutory filing requirements and the receiving state agency or local government is not a party to the underlying transaction which is the subject of the communication; or

(2) for the electronic approval of payment vouchers under rules adopted by the comptroller of public accounts pursuant to applicable law.

(b) Prior to accepting an electronic [a digital] signature, a state agency shall ensure that the level of security used to identify the signer of a message and to transmit the signature is sufficient for the transaction being conducted. A state agency that accepts digital signatures may not effectively discourage the use of electronic [digital] signatures by imposing unreasonable or burdensome requirements on persons wishing to use electronic [digital] signatures to authenticate written electronic communications sent to the state agency.

(c) A state agency that accepts electronic [digital] signatures shall not be required to accept a digital signature that has been created by means of a particular acceptable technology described in §203.24 of this chapter. [if the state agency:]

[(1) determines that the expense that would necessarily be incurred by the state agency in accepting such a digital signature is excessive and unreasonable; and]

[(2) provides reasonable notice to all interested persons of the fact that such digital signatures will not be accepted and of the basis for the determination that the cost of digital signature acceptance is excessive and unreasonable.]

(d) A state agency shall review and consider any applicable guidelines as described in §203.20 of this chapter and recommendations that have been adopted by the department in determining whether and for what purposes the state agency shall accept a digital signature. A copy of such guidelines and recommendations may be obtained directly from the department, or may be obtained electronically via the department's website.

(e) A state agency shall ensure that all written electronic communications received by the state agency and authenticated by means of a digital signature in accordance with this section, as well as any information resources necessary to permit access to the written electronic communications, are retained by the state agency as necessary to comply with applicable law pertaining to audit and records retention requirements.

The agency certifies that legal counsel has reviewed the proposal and found it to be within the state agency's legal authority to adopt.

Filed with the Office of the Secretary of State on August 31, 2017.

TRD-201703436

Martin Zelinsky

General Counsel

Department of Information Resources

Earliest possible date of adoption: October 15, 2017

For further information, please call: (512) 936-7577


1 TAC §203.26

The repeal is proposed under §2054.052(a), Texas Government Code, which authorizes the department to adopt rules as necessary to implement its responsibilities under Chapter 2054; §2054.060(a) and (b), Texas Government Code, which reference rules created by the department regarding digital signatures; and §322.017 et. seq., Texas Business and Commerce Code, which allows the department to specify the management of electronic records.

No other code, article or statute is affected by this repeal.

§203.26.Signature Dynamics.

The agency certifies that legal counsel has reviewed the proposal and found it to be within the state agency's legal authority to adopt.

Filed with the Office of the Secretary of State on August 31, 2017.

TRD-201703437

Martin Zelinsky

General Counsel

Department of Information Resources

Earliest possible date of adoption: October 15, 2017

For further information, please call: (512) 936-7577


SUBCHAPTER C. INSTITUTIONS OF HIGHER EDUCATION USE OF ELECTRONIC TRANSACTIONS AND SIGNED RECORDS

1 TAC §203.43

The amendments are proposed under §2054.052(a), Texas Government Code, which authorizes the department to adopt rules as necessary to implement its responsibilities under Chapter 2054; §2054.060(a) and (b), Texas Government Code, which reference rules created by the department regarding digital signatures; and §322.017 et. seq., Texas Business and Commerce Code, which allows the department to specify the management of electronic records.

No other code, article or statute is affected by this proposal.

§203.43.Digital Signatures.

(a) This section applies to all written electronic communications which are sent to an institution of higher education over the Internet or other electronic network or by another means that is acceptable to the institution of higher education, for which the identity of the sender or the contents of the message must be authenticated, and for which no prior agreement between the sender and the receiving institution of higher education regarding message authentication existed as of the effective date of this section. This section does not apply to or supersede the use and expansion of existing systems:

(1) for the receipt of electronically filed documents pursuant to the Texas Business and Commerce Code or other applicable statutory law where the purpose of the written electronic communication is to comply with statutory filing requirements and the receiving institution of higher education is not a party to the underlying transaction which is the subject of the communication; or

(2) for the electronic approval of payment vouchers under rules adopted by the comptroller of public accounts pursuant to applicable law.

(b) Prior to accepting an electronic [a digital] signature, an institution of higher education shall ensure that the level of security used to identify the signer of a message and to transmit the signature is sufficient for the transaction being conducted. An institution of higher education that accepts electronic [digital] signatures may not effectively discourage the use of electronic [digital] signatures by imposing unreasonable or burdensome requirements on persons wishing to use electronic [digital] signatures to authenticate written electronic communications sent to the institution of higher education.

(c) An institution of higher education that accepts electronic [digital] signatures shall not be required to accept a digital signature that has been created by means of a particular acceptable technology described in §203.44 of this chapter. [if the institution of higher education:]

[(1) determines that the expense that would necessarily be incurred by the institution of higher education in accepting such a digital signature is excessive and unreasonable; and]

[(2) provides reasonable notice to all interested persons of the fact that such digital signatures will not be accepted, and of the basis for the determination that the cost of digital signature acceptance is excessive and unreasonable.]

(d) An institution of higher education shall review and consider any applicable guidelines as described in §203.40 of this chapter and recommendations that have been adopted by the department in determining whether and for what purposes the institution of higher education shall accept a digital signature. A copy of such guidelines and recommendations may be obtained directly from the department, or may be obtained electronically via the department's website.

(e) An institution of higher education shall ensure that all written electronic communications received by it and authenticated by means of a digital signature in accordance with this section, as well as any information resources necessary to permit access to the written electronic communications, are retained by the institution of higher education as necessary to comply with applicable law pertaining to audit and records retention requirements.

(f) To the extent of any conflict of rules and procedures adopted under the Texas Education Code Section 51.9336 with that of rules adopted under 1 TAC 203, the former will prevail.

The agency certifies that legal counsel has reviewed the proposal and found it to be within the state agency's legal authority to adopt.

Filed with the Office of the Secretary of State on August 31, 2017.

TRD-201703438

Martin Zelinsky

General Counsel

Department of Information Resources

Earliest possible date of adoption: October 15, 2017

For further information, please call: (512) 936-7577


1 TAC §203.46

The repeal is proposed under §2054.052(a), Texas Government Code, which authorizes the department to adopt rules as necessary to implement its responsibilities under Chapter 2054; §2054.060(a) and (b), Texas Government Code, which reference rules created by the department regarding digital signatures; and §322.017 et. seq., Texas Business and Commerce Code, which allows the department to specify the management of electronic records.

No other code, article or statute is affected by this repeal.

§203.46.Signature Dynamics.

The agency certifies that legal counsel has reviewed the proposal and found it to be within the state agency's legal authority to adopt.

Filed with the Office of the Secretary of State on August 31, 2017.

TRD-201703439

Martin Zelinsky

General Counsel

Department of Information Resources

Earliest possible date of adoption: October 15, 2017

For further information, please call: (512) 936-7577


CHAPTER 212. PURCHASES OF COMMODITY ITEMS

SUBCHAPTER B. REQUIRED PURCHASES

1 TAC §212.11

The Texas Department of Information Resources (department) proposes amendment to 1 TAC Chapter 212, §212.11 concerning purchases of commodity items, to modify the thresholds and cap for purchases via DIR's cooperative contracts program.

The proposed amendment applies to state agencies. Neither the current rule nor the proposed amendment apply to institutions of higher education.

The department proposes to revise the current text of Chapter 212, §212.11 to conform the dollar limits for such purchases to the new limits enacted by the 85th Legislature, Regular Session (2017), in Senate Bill 533.

Kelly Parker, Director, Cooperative Contracts, has determined that for the first five-year period the amended rule is in effect, there will be no fiscal impact on state agencies and institutions of higher education to comply with the revisions to the rule. It is anticipated that amended rule will have a positive fiscal impact from increased availability of cooperative contracts for agency procurements, resulting in greater procurement efficiency for state agencies. There is no impact on local government as a result of enforcing or administering the amended rule as proposed as they are not subject to the limits enacted by the Legislature.

Written comments on the proposed amendments may be submitted to David Brown, Assistant General Counsel, 300 West 15th Street, Suite 1300, Austin, Texas 78701, or to david.brown@dir.texas.gov. Comments will be accepted for 30 days after publication in the Texas Register.

The amendment is proposed pursuant to §2157.068(f), Texas Government Code, which authorizes the department to adopt rules as necessary to implement its responsibilities under Chapter 2157, Texas Government Code.

§212.11.List of Commodity Items.

The department shall compile and maintain a list of commodity items available for purchase through the department. The department shall make the list available on the department's website.

(1) For a contract with a value of no more than $50,000, the state agency may directly award the contract to a vendor or reseller included in the category to which the contract relates without submission of a price request to other vendors in the same category;

(2) For a contract with a value of more than $50,000 but not more than $1 million [$150,000], the state agency must submit a request for pricing to at least three vendors or resellers included in the category to which the contract relates or all vendors in the category if the category has fewer than three vendors;

(3) For a contract with a value of more than $1 million [$150,000] but not more than $5 million [$1 million], the state agency must submit a request for pricing to at least six vendors or resellers included in the category to which the contract relates or all vendors in the category if the category has fewer than six vendors; and

(4) Prior to issuing a solicitation for a commodity item that is estimated to exceed $5 million, [$1 million] the state agency may request pricing from six vendors or resellers in the category in order to document qualification for the blanket exemption for purchases over $5 million [$1 million].

The agency certifies that legal counsel has reviewed the proposal and found it to be within the state agency's legal authority to adopt.

Filed with the Office of the Secretary of State on August 30, 2017.

TRD-201703429

Martin Zelinsky

General Counsel

Department of Information Resources

Earliest possible date of adoption: October 15, 2017

For further information, please call: (512) 936-7577


CHAPTER 216. PROJECT MANAGEMENT PRACTICES

SUBCHAPTER B. PROJECT MANAGEMENT PRACTICES FOR STATE AGENCIES

1 TAC §216.11

The Texas Department of Information Resources (the Department) proposes amendments to 1 TAC Chapter 216, §216.11, concerning Requirements, to clarify the processes and policies of current quality assurance team practices. The new rules are necessary as a result of the passage of House Bill 3275 (85R).

In 1 TAC §216.11, the Department proposes adding a subsection (b) requiring the Department to monitor and report on performance indicators for each major information resources project for state agencies to ensure compliance with Texas Government Code §2054.159.

The changes to the chapter only apply to state agencies and not institutions of higher education. The assessment of the impact of the adopted changes on institutions of higher education was prepared in consultation with the Information Technology Council for Higher Education (ITCHE) in compliance with §2054.121(c), Texas Government Code.

John Hoffman, Chief Technology Officer, has determined during the first five-year period following the amendment to 1 TAC Chapter 201 there will be no fiscal impact on state agencies, institutions of higher education and local governments.

Mr. Hoffman has further determined for each year of the first five years following the adoption of the amendments to 1 TAC Chapter 201 there are no anticipated additional economic costs to persons or small businesses required to comply with the amended rule. Mr. Hoffman has further determined that for the first five years the section is effect, the public benefit anticipated as a result of the amended rule will result in compliance with new statutory requirements.

Written comments on the proposed amendments may be submitted to Martin Zelinsky, General Counsel, 300 West 15th Street, Suite 1300, Austin, Texas 78701, or to martin.zelinsky@dir.texas.gov. Comments will be accepted for 30 days after publication in the Texas Register.

The amendments are proposed pursuant to §2054.052(a), Texas Government Code, which authorizes the department to adopt rules as necessary to implement its responsibilities under Chapter 2054, Texas Government Code; and §2255.01, Texas Government Code, which authorizes state agencies to develop rules.

No other code, article or statute is affected by this proposal.

§216.11.Requirements.

(a) Each state agency shall manage information resources projects based on project management practices that meet the following criteria:

(1) Include a standardized and repeatable method for delivery of information resources projects that solve business problems;

(2) Include a method for governing application of project management practices;

(3) Be documented and include a single reference source (e.g., handbook, guide, repository);

(4) Include a project classification method developed by DIR the agency, or another source that:

(A) Differentiates and categorizes projects according to level of complexity and risk (e.g., technology, size, budget, time to deliver); and

(B) Defines how to use the project classification method to establish, scale, and execute the appropriate level of processes;

(5) Include a method to periodically review, assess, monitor, measure, and improve the impact of organizational project management practices on the agency's ability to achieve its strategic objectives and deliver business value;

(6) Align with use of the Texas Project Delivery Framework for major information resources projects;

(7) Accommodate use of other practices and methods that align with application of project management practices; and

(8) Be reviewed and updated at least every two years to facilitate continuous process improvement.

(b) For major information resources projects:

(1) The quality assurance team shall monitor and report on performance indicators for each state agency project, including schedule, cost, scope, and quality for the entire project life cycle.

(2) The department shall develop the performance indicators required to monitor under paragraph (1) of this subsection in consideration of applicable information technology industry standards.

(3) Each state agency engaged in a major information resources project will regularly report, according to quality assurance team directed frequency, the performance indicator metrics defined in paragraph (2) of this subsection for each major information resources project.

(4) If a state agency major information resources project is determined not likely to achieve the performance objectives for the project, the quality assurance team shall place the project on a list for more intense monitoring by the quality assurance team.

(5) The quality assurance team shall closely monitor monthly reports for each major information resources project identified under paragraph (3) of this subsection and, based on the performance indicator metrics developed by the department, determine whether to recommend to the department the need to initiate corrective action for the project.

(6) The department shall create and maintain on the department's website a user-friendly data visualization tool that provides an analysis and visual representation of the performance indicators developed under paragraph (2) of this section for each state agency major information resources project.

The agency certifies that legal counsel has reviewed the proposal and found it to be within the state agency's legal authority to adopt.

Filed with the Office of the Secretary of State on August 30, 2017.

TRD-201703430

Martin Zelinksy

General Counsel

Department of Information Resources

Earliest possible date of adoption: October 15, 2017

For further information, please call: (512) 936-7577