KLS Keeping Law Simple Legislation in plain English

Straight-ahead summaries built from the official bill text. We keep the source links front and center and leave the decision up to you.

Back to Florida

SB1292 • 2026

Information Technology Procurement and Contracting

Information Technology Procurement and Contracting

Technology
Passed Legislature

This bill passed both chambers and reached final enrollment, even if later executive action is not shown here.

Sponsor
Martin
Last action
2026-03-13
Official status
Senate - Died in Governmental Oversight and Accountability
Effective date
2026-07-01

Plain English Breakdown

The bill did not pass the Governmental Oversight and Accountability committee in the Senate, so it is uncertain if it will become law.

Information Technology Procurement and Contracting

This bill establishes a Bureau of Enterprise Project Management and Oversight within the Florida Digital Service to manage certain IT contracts and sets rules for state agencies when buying major IT systems.

What This Bill Does

  • Creates the Bureau of Enterprise Project Management and Oversight inside the Florida Digital Service.
  • Requires the Florida Digital Service to manage certain IT contracts, report annually on these contracts, and create new rules.
  • Defines a 'major information technology system' as one costing $10 million or more that impacts end users or supports critical operations.
  • Sets requirements for state agencies when buying major IT systems, including providing specific information in solicitations and using certain processes and forms.

Who It Names or Affects

  • The Florida Digital Service
  • State agencies that buy or manage IT services

Terms To Know

Major information technology system
An IT system costing $10 million or more that impacts end users or supports critical operations.

Limits and Unknowns

  • The bill did not pass the Governmental Oversight and Accountability committee in the Senate.
  • It is unclear how many state agencies will be affected by these new rules.

Bill History

  1. 2026-03-13 Senate

    • Died in Governmental Oversight and Accountability

  2. 2026-01-13 Senate

    • Introduced

  3. 2026-01-12 Senate

    • Referred to Governmental Oversight and Accountability; Appropriations Committee on Agriculture, Environment, and General Government; Appropriations

  4. 2026-01-07 Senate

    • Filed

Official Summary Text

Information Technology Procurement and Contracting; Providing that the Bureau of Enterprise Project Management and Oversight is within the Florida Digital Service; requiring the Florida Digital Service to manage certain contracts, report certain information to specified parties annually, and adopt certain rules; creating the Bureau of Enterprise Project Management and Oversight within the Florida Digital Service; providing contract requirements for certain information technology commodities and services, etc.

Current Bill Text

Read the full stored bill text 
Florida Senate
-
2026

SB 1292

By
Senator Martin

33-01643-26 20261292__
1 A bill to be entitled
2 An act relating to information technology procurement
3 and contracting; amending s. 20.22, F.S.; providing
4 that the Bureau of Enterprise Project Management and
5 Oversight is within the Florida Digital Service;
6 amending s. 282.0041, F.S.; revising definitions and
7 defining terms; amending s. 282.0051, F.S.; revising
8 the duties and responsibilities of the Florida Digital
9 Service; requiring the Florida Digital Service to
10 manage certain contracts, report certain information
11 to specified parties annually, and adopt certain
12 rules; creating s. 282.00513, F.S.; creating the
13 Bureau of Enterprise Project Management and Oversight
14 within the Florida Digital Service; providing duties
15 and responsibilities of the bureau; requiring certain
16 parties to designate a chief of the bureau; creating
17 s. 282.00514, F.S.; requiring state agencies to
18 include specified information in certain solicitations
19 and contracts; requiring state agencies to follow
20 certain processes and use certain forms in certain
21 circumstances; requiring the Florida Digital Service
22 to provide consultation and work cooperatively with
23 specified entities in certain circumstances; requiring
24 certain state agencies to take certain actions
25 involving specified contracts; requiring state
26 agencies to provide information in a specified format;
27 amending s. 282.00515, F.S.; conforming provisions to
28 changes made by the act; amending s. 287.057, F.S.;
29 requiring the Department of Management Services to
30 maintain a specified repository for certain records;
31 creating s. 287.0583, F.S.; providing contract
32 requirements for certain information technology
33 commodities and services; amending s. 287.0591, F.S.;
34 revising requirements for information technology
35 competitive solicitations; providing an effective
36 date.
37
38 Be It Enacted by the Legislature of the State of Florida:
39
40 Section 1. Paragraph (b) of subsection (2) of section
41 20.22, Florida Statutes, is amended to read:
42 20.22 Department of Management Services.—There is created a
43 Department of Management Services.
44 (2) The following divisions, programs, and services within
45 the Department of Management Services are established:
46 (b) The Florida Digital Service
, which shall include the

47
Bureau of Enterprise Project Management and Oversight
.
48 Section 2. Present subsections (24) through (38) of section
49 282.0041, Florida Statutes, are redesignated as subsections (25)
50 through (39), respectively, a new subsection (24) is added to
51 that section, and present subsections (27) and (29) of that
52 section are amended, to read:
53 282.0041 Definitions.—As used in this chapter, the term:
54
(24)

“Major information technology system” means an

55
information technology system with a total cost of ownership of

56
$10 million or more which directly serves or impacts end users

57
in the delivery of constituent-facing services or which supports

58
mission-critical operations essential to a state agency’s

59
statutory duties or core business functions.

60
(28)
(27)
“Project oversight” means an independent review
61 and
assessment

analysis
of an information technology project
62
which

that
provides information on the project’s scope,
63 completion timeframes,
performance measurement,
and budget and
64
which

that
identifies and quantifies issues or risks affecting
65 the successful and timely completion of the project.
66
(30)
(29)
“Risk assessment” means the process of identifying
67
operational risks and
security risks, determining their
68 magnitude, and identifying areas needing safeguards.
69 Section 3. Section 282.0051, Florida Statutes, is amended
70 to read:
71 282.0051 Department of Management Services; Florida Digital
72 Service; powers, duties, and functions.—
73 (1) The Florida Digital Service
is

has been
created within
74 the department to propose innovative solutions that securely
75 modernize state government, including technology and information
76 services, to achieve value through digital transformation and
77 interoperability, and to fully support the cloud-first policy as
78 specified in s. 282.206. The
department, through the
Florida
79 Digital Service
,
shall
have the following powers, duties, and

80
functions
:
81 (a) Develop and publish information technology policy for
82 the management of the state’s information technology resources.
83 (b) Develop an enterprise architecture that:
84 1. Acknowledges the unique needs of the entities within the
85 enterprise in the development and publication of standards and
86 terminologies to facilitate digital interoperability;
87 2. Supports the cloud-first policy as specified in s.
88 282.206; and
89 3. Addresses how information technology infrastructure may
90 be modernized to achieve cloud-first objectives.
91 (c) Establish project management and oversight standards
92 with which state agencies
shall

must
comply when implementing
93 information technology projects. The
department, acting through

94
the
Florida Digital Service
,
shall
update the

provide training

95
opportunities to state agencies to assist in the adoption of the

96
project management and oversight
standards
at least once every 2

97
years, incorporating best practices from the public and private

98
sectors, as well as any lessons learned by state agencies. When

99
updating the standards, the Florida Digital Service shall

100
solicit input from all state agencies
. To support data-driven
101 decisionmaking, the standards must include, but are not limited
102 to:
103 1. Performance measurements and metrics that objectively
104
assess

reflect
the
progress and risks

status
of an information
105 technology project
through performance baselines and monitoring

106
mechanisms to determine whether the project is performing as

107
planned and delivering the intended outcomes

based on a defined

108
and documented project scope, cost, and schedule
.
109 2. Methodologies for calculating acceptable variances
110
between the planned and

in the projected versus
actual scope
of

111
a technology project which provide clear thresholds to guide

112
corrective actions. Such methodologies must account for project

113
complexity and scale
, schedule,
performance, quality, and the

or

114 cost of an information technology project.
115 3. Reporting requirements, including requirements designed
116 to alert all defined stakeholders
when

that
an information
117 technology project has exceeded acceptable variances
and when

118
specifying procedures for escalating critical issues to

119
appropriate individuals

defined and documented in a project

120
plan
.
121 4. Content, format, and frequency of project updates.
122 5. Technical standards to ensure an information technology
123 project complies with the enterprise architecture
, including

124
interoperability, security, scalability, and data management

125
requirements
.
126
6.

Mechanisms for engaging stakeholders throughout a

127
project’s life cycle.

128
(d)

Provide training opportunities to state agencies

129
regarding the project management and oversight standards.

130
(e)
(d)
Perform project oversight on all state agency
131 information technology projects that have total project costs of
132 $10 million or more and that are funded in the General
133 Appropriations Act or any other law. The
department, acting

134
through the
Florida Digital Service
,
shall report at least
135 quarterly to the
Executive Office of the
Governor, the President
136 of the Senate, and the Speaker of the House of Representatives
137 on any information technology project that the
Florida Digital

138
Service

department
identifies as high-risk due to the project
139 exceeding
the
acceptable
project
variance
thresholds provided in

140
the project management and oversight standards

ranges defined

141
and documented in a project plan
. The report must include
:

142
1.
A risk assessment, including fiscal risks, associated
143 with proceeding to the next stage of the project
.

144
2.

Recommendations
, and a recommendation
for corrective
145 actions required, including suspension or termination of the
146 project.
147
3.

A list of all projects with a performance deficiency,

148
reported pursuant to s. 287.057(26)(d)1., which has not been

149
corrected by the vendor as of the end of the reporting period.

150
(f)
(e)
Identify opportunities for standardization and
151 consolidation of information technology services that support
152 interoperability and the cloud-first policy, as specified in s.
153 282.206, and business functions and operations, including
154 administrative functions such as purchasing, accounting and
155 reporting, cash management, and personnel, and that are common
156 across state agencies. The
department, acting through the

157 Florida Digital Service
,
shall biennially on January
15

1
of
158 each
odd-numbered

even-numbered
year provide recommendations for
159 standardization and consolidation to the
Executive Office of the

160 Governor, the President of the Senate, and the Speaker of the
161 House of Representatives.
162
(g)
(f)
Establish best practices for the procurement of
163 information technology products and cloud-computing services in
164 order to reduce costs, increase the quality of data center
165 services, or improve government services.
166
(h)
(g)
Develop standards for information technology reports
167 and updates, including, but not limited to, operational work
168 plans, project spend plans, and project status reports, for use
169 by state agencies.
170
(i)
(h)
Upon request, assist state agencies in the
171 development of information technology-related legislative budget
172 requests.
173
(j)
(i)
Conduct annual assessments of state agencies to
174 determine compliance with all information technology standards
175 and guidelines developed and published by the department and
176 provide results of the assessments to
the Executive Office of

177 the Governor, the President of the Senate, and the Speaker of
178 the House of Representatives.
179
(j)

Conduct a market analysis not less frequently than

180
every 3 years beginning in 2021 to determine whether the

181
information technology resources within the enterprise are

182
utilized in the most cost-effective and cost-efficient manner,

183
while recognizing that the replacement of certain legacy

184
information technology systems within the enterprise may be cost

185
prohibitive or cost inefficient due to the remaining useful life

186
of those resources; whether the enterprise is complying with the

187
cloud-first policy specified in s. 282.206; and whether the

188
enterprise is utilizing best practices with respect to

189
information technology, information services, and the

190
acquisition of emerging technologies and information services.

191
Each market analysis shall be used to prepare a strategic plan

192
for continued and future information technology and information

193
services for the enterprise, including, but not limited to,

194
proposed acquisition of new services or technologies and

195
approaches to the implementation of any new services or

196
technologies. Copies of each market analysis and accompanying

197
strategic plan must be submitted to the Executive Office of the

198
Governor, the President of the Senate, and the Speaker of the

199
House of Representatives not later than December 31 of each year

200
that a market analysis is conducted.

201 (k) Recommend
other
information technology services that
202 should be designed, delivered, and managed as enterprise
203 information technology services. Recommendations must include
204 the identification of existing information technology resources
205 associated with the services, if existing services must be
206 transferred as a result of being delivered and managed as
207 enterprise information technology services.
The recommendations

208
must be submitted to the Governor, the President of the Senate,

209
and the Speaker of the House of Representatives no later than

210
January 15 of each odd-numbered year.

211 (l) In consultation with state agencies, propose a
212 methodology and approach for identifying and collecting both
213 current and planned information technology expenditure data at
214 the state agency level.
215 (m)1. Notwithstanding any other law, provide project
216 oversight on any information technology project of the
217 Department of Financial Services, the Department of Legal
218 Affairs, and the Department of Agriculture and Consumer Services
219 which has a total project cost of $20 million or more. Such
220 information technology projects must also comply with the
221 applicable information technology architecture, project
222 management and oversight, and reporting standards established by
223 the
department, acting through the
Florida Digital Service.
224 2. When performing the project oversight function specified
225 in subparagraph 1., report at least quarterly to the
Executive

226
Office of the
Governor, the President of the Senate, and the
227 Speaker of the House of Representatives on any information
228 technology project that the
department, acting through the

229 Florida Digital Service
,
identifies as high-risk due to the
230 project exceeding
the established
acceptable
project
variance
231
thresholds

ranges defined and documented in the project plan
.
232 The report
must

shall
include a risk assessment, including
233 fiscal risks, associated with proceeding to the next stage of
234 the project and a recommendation for corrective actions
235 required, including suspension or termination of the project.
236
(n)

If an information technology project implemented by a

237
state agency must be connected to or otherwise accommodated by

238
an information technology system administered by the Department

239
of Financial Services, the Department of Legal Affairs, or the

240
Department of Agriculture and Consumer Services, consult with

241
these departments regarding the risks and other effects of such

242
projects on their information technology systems and work

243
cooperatively with these departments regarding the connections,

244
interfaces, timing, or accommodations required to implement such

245
projects.

246
(n)
(o)
If adherence to standards or policies adopted by or
247 established pursuant to this section causes conflict with
248 federal regulations or requirements imposed on an entity within
249 the enterprise and results in adverse action against an entity
250 or federal funding, work with the entity to provide alternative
251 standards, policies, or requirements that do not conflict with
252 the federal regulation or requirement. The
department, acting

253
through the
Florida Digital Service
,
shall
annually
report
each

254
January 15
such alternative standards to the
Executive Office of

255
the
Governor, the President of the Senate, and the Speaker of
256 the House of Representatives.
257
(o)
(p)
1. Establish an information technology policy for all
258 information technology-related state contracts, including state
259 term contracts for information technology commodities,
260 consultant services, and staff augmentation services. The
261 information technology policy must include:
262 a. Identification of the information technology product and
263 service categories to be included in state term contracts.
264 b. Requirements to be included in solicitations for
state

265
term
contracts.
266 c. Evaluation criteria for the award of information
267 technology-related
state term
contracts.
268 d. The term of each information technology-related state
269 term contract.
270 e. The maximum number of vendors authorized on each state
271 term contract.
272 f. At a minimum, a requirement that any contract for
273 information technology commodities or services meet the National
274 Institute of Standards and Technology Cybersecurity Framework.
275 g. For an information technology project wherein project
276 oversight is required pursuant to paragraph
(e)

(d)
or paragraph
277 (m), a requirement that independent verification and validation
278 be employed throughout the project life cycle with the primary
279 objective of independent verification and validation being to
280 provide an objective assessment of products and processes
281 throughout the project life cycle. An entity providing
282 independent verification and validation may not have technical,
283 managerial, or financial interest in the project and may not
284 have responsibility for, or participate in, any other aspect of
285 the project.
286 2. Evaluate vendor responses for information technology
287 related state term contract solicitations and invitations to
288 negotiate.
289 3. Answer vendor questions on information technology
290 related state term contract solicitations.
291 4. Ensure that the information technology policy
292 established pursuant to subparagraph 1. is included in all
293 solicitations and contracts that are
administratively
executed
294 by the department.
295
(p)
(q)
Recommend potential methods for standardizing data
296 across state agencies which will promote interoperability and
297 reduce the collection of duplicative data.
298
(q)
(r)
Recommend open data technical standards and
299 terminologies for use by the enterprise.
300
(r)
(s)
Ensure that enterprise information technology
301 solutions are capable of utilizing an electronic credential and
302 comply with the enterprise architecture standards.
303
(s)

Review all state agency information technology

304
legislative budget requests to identify compliance issues

305
related to the enterprise architecture, project planning

306
standards, and cybersecurity.

307
(t)

Identify efficiency opportunities in the use of

308
information technology resources.

309
(u)

Submit recommendations for improvement or any statutory

310
changes necessary to implement the improvements to the Governor,

311
the President of the Senate, and the Speaker of the House of

312
Representatives no later than November 15 of each year.

313
(v)

Develop and publish, in collaboration with the

314
enterprise, a data dictionary for each agency that reflects the

315
nomenclature in the comprehensive indexed data catalog.

316
(w)

Each December 1, compile an enterprise report of major

317
information technology systems approaching end-of-life within 5

318
fiscal years after such December 1, and submit the report to the

319
Governor, the President of the Senate, and the Speaker of the

320
House of Representatives. For purposes of this paragraph, the

321
term “end-of-life” means the point at which an information

322
technology resource no longer receives vendor support, uses

323
obsolete technology, cannot be adequately maintained, or fails

324
to meet enterprise architecture standards. The report must:

325
1.

Describe each major information technology system,

326
including its primary functions, user base, and dependencies

327
with other systems.

328
2.

Provide the age, projected end-of-life date, technology

329
platform, and vendor support status of such system.

330
3.

Identify the risks to operations, service delivery, or

331
cybersecurity if such system reaches end-of-life without

332
replacement.

333
4.

Describe the plan for such system’s replacement,

334
modernization, or retirement.

335 (2)(a) The Secretary of Management Services shall designate
336 a state chief information officer, who shall administer the
337 Florida Digital Service. The state chief information officer,
338 prior to appointment, must have at least 5 years of experience
339 in the development of information system strategic planning and
340 development or information technology policy, and, preferably,
341 have leadership-level experience in the design, development, and
342 deployment of interoperable software and data solutions.
343 (b) The state chief information officer, in consultation
344 with the Secretary of Management Services, shall designate a
345 state chief data officer. The chief data officer must be a
346 proven and effective administrator who must have significant and
347 substantive experience in data management, data governance,
348 interoperability, and security.
349 (3) The
department, acting through the
Florida Digital
350 Service
and from funds appropriated to the Florida Digital

351
Service,
shall:
352
(a)
Create
, not later than December 1, 2022,
and maintain a
353 comprehensive indexed data catalog in collaboration with the
354 enterprise that lists the data elements housed within the
355 enterprise and the legacy system or application in which these
356 data elements are located. The data catalog must, at a minimum,
357 specifically identify all data that is restricted from public
358 disclosure based on federal or state laws and regulations and
359 require that all such information be protected in accordance
360 with s. 282.318.
361
(4)

The Florida Digital Service shall manage all

362
independent verification and validation contracts for state

363
agencies entered into or amended on or after July 1, 2026.

364
(b)

Develop and publish, not later than December 1, 2022,

365
in collaboration with the enterprise, a data dictionary for each

366
agency that reflects the nomenclature in the comprehensive

367
indexed data catalog.

368
(c)

Adopt, by rule, standards that support the creation and

369
deployment of an application programming interface to facilitate

370
integration throughout the enterprise.

371
(d)

Adopt, by rule, standards necessary to facilitate a

372
secure ecosystem of data interoperability that is compliant with

373
the enterprise architecture.

374
(e)

Adopt, by rule, standards that facilitate the

375
deployment of applications or solutions to the existing

376
enterprise system in a controlled and phased approach.

377
(f)

After submission of documented use cases developed in

378
conjunction with the affected agencies, assist the affected

379
agencies with the deployment, contingent upon a specific

380
appropriation therefor, of new interoperable applications and

381
solutions:

382
1.

For the Department of Health, the Agency for Health Care

383
Administration, the Agency for Persons with Disabilities, the

384
Department of Education, the Department of Elderly Affairs, and

385
the Department of Children and Families.

386
2.

To support military members, veterans, and their

387
families.

388
(5)
(4)
For information technology projects that have a
389 total project cost of $10 million or more
, the Florida Digital

390
Service shall
:
391 (a)
No later than January 1, 2027, establish a

392
presolicitation planning framework that includes standards,

393
procedures, forms, and guidance that
state agencies
shall
follow

394
before issuing a competitive solicitation

must
provide the

395
Florida Digital Service with written notice of any planned

396
procurement of an information technology project
.
397 (b)
The Florida Digital Service must
Participate in the
398 development of specifications and recommend modifications to any
399 planned procurement of an information technology project by
400 state agencies so that the procurement complies with the
401 enterprise architecture
and the presolicitation planning

402
framework
.
403
(c)

Certify that a state agency has complied with the

404
presolicitation planning framework and is ready to initiate the

405
planned procurement. The Florida Digital Service shall withhold

406
certification for any project that does not comply with the

407
established presolicitation planning framework.

408
(d)
(c)

The Florida Digital Service must
Participate in
409 post-award contract monitoring
, including risk oversight and

410
monitoring for issues or situations that should be elevated to

411
ensure timely resolution of the issue or situation
.
412
(6)
(5)
The
department, acting through the
Florida Digital
413 Service
,
may not retrieve or disclose any data without a shared
414 data agreement in place between the
Florida Digital Service

415
department
and the enterprise entity that has primary custodial
416 responsibility of, or data-sharing responsibility for, that
417 data.
The Florida Digital Service shall report to the Governor,

418
the President of the Senate, and the Speaker of the House of

419
Representatives each January 15 any failure to reach a shared

420
data agreement with a state agency that prevents the Florida

421
Digital Service from fulfilling its duties and responsibilities.

422
(7)
(6)
The
department, acting through the
Florida Digital
423 Service
,
shall adopt rules
:

424
(a)
To administer this section.
425
(b)

To support the creation and deployment of an

426
application programming interface to facilitate integration

427
throughout the enterprise.

428
(c)

Necessary to facilitate a secure ecosystem of data

429
interoperability which is compliant with the enterprise

430
architecture.

431
(d)

To facilitate the deployment of applications or

432
solutions to the existing enterprise system in a controlled and

433
phased approach.

434 Section 4. Section 282.00513, Florida Statutes, is created
435 to read:
436
282.00513

Bureau of Enterprise Project Management and

437
Oversight; duties.—

438
(1)

There is created a Bureau of Enterprise Project

439
Management and Oversight within the Florida Digital Service,

440
which shall:

441
(a)

Oversee the procurement of information technology

442
commodities and services by state agencies.

443
(b)

Oversee the performance of vendors under information

444
technology contracts for commodities or services entered into by

445
state agencies.

446
(c)

Develop a framework that provides processes,

447
activities, and deliverables state agencies must comply with

448
when planning an information technology project. The processes,

449
activities, and deliverables must include, but are not limited

450
to, all of the following:

451
1.

Business case development. The business case development

452
must include the information required by s. 287.0571(4), full

453
life cycle cost estimates, governance structure, system

454
interoperability goals, data management plans, scalability

455
approach, evaluation of cybersecurity and data privacy risks,

456
and technology-specific performance metrics and service levels.

457
2.

Market research, including the use of a request for

458
information as defined in s. 287.012.

459
3.

Planning and scheduling.

460
4.

Stakeholder engagement.

461
5.

Risk assessment.

462
6.

Procurement strategy.

463
7.

Project governance definition.

464
8.

System design and requirements.

465
9.

Change management.

466
10.

Monitoring and reporting.

467
11.

Postimplementation review and planning.

468
12.

Solicitation documentation.

469
(d)

Develop
on or before January 1, 2027
, forms for state

470
agencies to use to evaluate and report the performance of

471
information technology vendors in the delivery of information

472
technology commodities or services.

473
(e)

Develop trainings specific to information technology

474
which supplement and enhance the trainings offered by the

475
department and the Chief Financial Officer under s.

476
287.057(15)(b). The bureau shall evaluate such training every 2

477
years to assess its effectiveness and update the training

478
curriculum. The training must be designed to:

479
1.

Address the unique requirements and risk profiles of

480
state information technology projects, procurements, contract

481
management, and vendor management.

482
2.

Improve the technical understanding of the job

483
requirements, certifications, and skill sets required by state

484
agencies recruiting individuals for information technology

485
roles.

486
(2)

The state chief information officer, in consultation

487
with the Secretary of Management Services, shall designate a

488
chief of the Bureau of Enterprise Project Management and

489
Oversight. The chief must have demonstrable experience in the

490
governance of large-scale public sector information technology

491
initiatives and portfolios, negotiation and management of

492
information technology contracts, modular contracting and

493
delivery, and performance management.

494 Section 5. Section 282.00514, Florida Statutes, is created
495 to read:
496
282.00514

Duties of state agencies.—

497
(1)

State agencies shall include the information technology

498
policy adopted pursuant to s. 282.0051(1)(o) in all

499
solicitations and contracts for information technology

500
commodities or services.

501
(2)

State agencies shall follow the processes and use the

502
forms developed by the Bureau of Enterprise Project Management

503
and Oversight to evaluate and report the performance of

504
information technology vendors in the delivery of information

505
technology commodities or services.

506
(3)

If an information technology project implemented by a

507
state agency must be connected to or otherwise accommodated by

508
an information technology system administered by the Department

509
of Financial Services, the Department of Legal Affairs, or the

510
Department of Agriculture and Consumer Services, the Florida

511
Digital Service must consult with these departments regarding

512
the risks and other effects of such projects on their

513
information technology systems and work cooperatively with these

514
departments regarding the connections, interfaces, timing, or

515
accommodations required to implement such projects.

516
(4)

For information technology projects that have a total

517
project cost of $10 million or more, state agencies shall:

518
(a)

Provide the Florida Digital Service with written notice

519
of any planned procurement of an information technology project,

520
the proposed scope, the project specifications, and the project

521
business case at least 90 days before the planned publication

522
date of the competitive solicitation.

523
(b)

Receive certification by the Florida Digital Service

524
that the project planning complies with the presolicitation

525
planning framework established by the Florida Digital Service

526
before any competitive solicitation related to an information

527
technology project may be issued.

528
(c)

Provide the Florida Digital Service all information

529
necessary for the Florida Digital Service to fulfill its project

530
oversight responsibilities.

531
(5)

State agencies shall provide the information required

532
to complete the report in s. 282.0051(1)(w) in a format and

533
manner prescribed by the Florida Digital Service and shall

534
certify that the information provided is accurate and complete

535
to the best of their knowledge as of the submission date.

536 Section 6. Subsections (1) and (3) and paragraph (b) of
537 subsection (4) of section 282.00515, Florida Statutes, are
538 amended to read:
539 282.00515 Duties of Cabinet agencies.—
540 (1) The Department of Legal Affairs, the Department of
541 Financial Services, and the Department of Agriculture and
542 Consumer Services shall adopt the standards established in
s.

543
282.0051(1)(b), (c), and (q) and (7)(d)

s. 282.0051(1)(b), (c),

544
and (r) and (3)(e)
or adopt alternative standards based on best
545 practices and industry standards that allow for open data
546 interoperability.
547 (3) The Department of Legal Affairs, the Department of
548 Financial Services, and the Department of Agriculture and
549 Consumer Services may contract with the
Florida Digital Service

550
department
to provide or perform any of the services and
551 functions described in s. 282.0051.
552 (4)
553 (b) The
department, acting through the
Florida Digital
554 Service
,
may not retrieve or disclose any data without a shared
555 data agreement in place between the
Florida Digital Service

556
department
and the Department of Legal Affairs, the Department
557 of Financial Services, or the Department of Agriculture and
558 Consumer Services.
559 Section 7. Paragraph (e) is added to subsection (26) of
560 section 287.057, Florida Statutes, to read:
561 287.057 Procurement of commodities or contractual
562 services.—
563 (26)
564
(e)

The department shall maintain a centralized repository

565
of vendor performance records developed by the continuing

566
oversight teams for information technology services contracts.

567 Section 8. Section 287.0583, Florida Statutes, is created
568 to read:
569
287.0583

Contract requirements for information technology

570
commodities or services.—A contract for information technology

571
commodities or services involving the development,

572
customization, implementation, integration, support or

573
maintenance of software systems, applications, platforms, or

574
related services must ensure the following:

575
(1)

Any data created, processed, or maintained under the

576
contract is portable and can be extracted in a machine-readable

577
format upon request.

578
(2)

The vendor will provide, upon request, comprehensive

579
operational documentation sufficient to allow continued

580
operation and maintenance by the agency or a new vendor.

581
(3)

The vendor will provide, upon request, reasonable

582
assistance and support during a transition to the agency or to a

583
new vendor.

584
(4)

All anticipated software license fees, license renewal

585
fees, and operation and maintenance costs are documented in

586
detail. If exact figures are not feasible, the vendor must

587
provide a reasonable cost range.

588 Section 9. Section 287.0591, Florida Statutes, is amended
589 to read:
590 287.0591 Information technology
competitive solicitations

591
and state term contracts
; vendor
performance

disqualification
.—
592 (1)
(a)
Any competitive solicitation issued by the
593 department for a state term contract for information technology
594 commodities must include a term that does not exceed 48 months.
595
(b)
(2)
Any competitive solicitation issued by the
596 department for a state term contract for information technology
597 consultant services or information technology staff augmentation
598 contractual services must include a term that does not exceed 48
599 months.
600
(c)
(3)
The department may execute a state term contract for
601 information technology commodities, consultant services, or
602 staff augmentation contractual services that exceeds the 48
603 month requirement if the Secretary of Management Services and
604 the state chief information officer certify in writing to the
605
Executive Office of the
Governor that a longer contract term is
606 in the best interest of the state.
607
(2)
(4)

If the department issues a competitive solicitation

608
for information technology commodities, consultant services, or

609
staff augmentation contractual services,
The Florida Digital
610 Service
within the department
shall participate in
such

611
competitive
solicitations
for information technology

612
commodities, consultant services, or staff augmentation

613
contractual services issued by the department, which must

614
include reviewing the solicitation specifications to verify

615
compliance with enterprise architecture and cybersecurity

616
standards, evaluating vendor responses under established

617
criteria, answering vendor questions, and providing any other

618
technical expertise necessary
.
619
(3)(a)
(5)
If an agency issues a request for quote to
620 purchase information technology commodities, information
621 technology consultant services, or information technology staff
622 augmentation contractual services from the state term contract
623
that meets the CATEGORY TWO threshold amount
,
but is less than

624
the CATEGORY FOUR threshold amount:

625
1.
For any contract with 25 approved vendors or fewer, the
626 agency must issue a request for quote to all vendors approved to
627 provide such commodity or service.
628
2.
For any contract with more than 25 approved vendors, the
629 agency must issue a request for quote to at least 25 of the
630 vendors approved to provide such commodity or contractual
631 service.
632
(b)

The agency shall maintain a copy of the request for

633
quote, the identity of the vendor that was sent the request for

634
quote, and any vendor response to the request for quote for 2

635
years after the date of issuance of the purchase order.

636
(c)
Use of a request for quote does not constitute a
637 decision or intended decision that is subject to protest under
638 s. 120.57(3).
639
(4)(a)

An agency issuing a request for quote to purchase

640
information technology commodities, information technology

641
consultant services, or information technology staff

642
augmentation contractual services from the state term contract

643
which exceeds the CATEGORY FOUR threshold amount shall publish

644
on a searchable and publicly available system of record

645
maintained by the department:

646
1.

The request for quote for a minimum of 10 days before

647
executing a purchase order.

648
2.

The name of the vendor awarded the purchase order.

649
(b)

The agency shall maintain a copy of the request for

650
quote, the identity of the vendor that was sent the request for

651
quote, and any vendor responses to the request for quote for 2

652
years after the date of issuance of the purchase order.

653
(c)

Use of a request for quote does not constitute a

654
decision or intended decision that is subject to protest under

655
s. 120.57(3).

656
(5)

Agencies issuing a competitive solicitation to purchase

657
information technology services shall consult the repository of

658
vendor performance records developed under s. 287.057(26)(e),

659
and consider any relevant records when evaluating vendor

660
responses to the competitive solicitation.

661
(6)

To the extent practicable, an agency’s contract for the

662
procurement of a major information technology system must be

663
divided into increments that:

664
(a)

Address complex information technology objectives

665
incrementally to enhance the likelihood of attaining those

666
objectives.

667
(b)

Provide for delivery, implementation, and testing of

668
workable systems or solutions in discrete increments, each of

669
which comprises a system or solution that is not dependent on a

670
subsequent increment in order to perform its principal

671
functions.

672
(c)

Provide an opportunity for subsequent increments of the

673
acquisition to take advantage of any evolution in technology or

674
needs that occur during the implementation of earlier

675
increments.

676
(7)(a)
(6)

Beginning October 1, 2021, and
Each October 1
677
thereafter
, the department shall prequalify firms and
678 individuals to provide information technology staff augmentation
679 contractual services
and information technology commodities
on
680 state term contract.
681
(b)
In order to prequalify a firm or individual for
682 participation on the state term contract, the department
shall

683
must
consider, at a minimum, the capability, experience, and
684 past performance record of the firm or individual.
685
(c)
A firm or individual removed from the source of supply
686 pursuant to s. 287.042(1)(b) or placed on a disqualified vendor
687 list pursuant to s. 287.133 or s. 287.134 is immediately
688 disqualified from state term contract eligibility.
689
(d)
Once a firm or individual has been prequalified to
690 provide information technology staff augmentation contractual
691 services
or information technology commodities
on state term
692 contract, the firm or individual may respond to requests for
693 quotes from an agency to provide such services.
694 Section 10. This act shall take effect July 1, 2026.