Read the full stored bill text
As Amended by House Committee
Session of 2025
HOUSE BILL No. 2270
By Committee on Legislative Modernization
Requested by Representative Penn
2-5
AN ACT concerning information technology; relating to services provided
by the chief information technology officer; authorizing the chief
information security officer to receive audit reports; amending K.S.A.
46-1135, 75-4704, 75-4705, and 75-4709 and 75-4710 and K.S.A.
2024 2025 Supp. 75-7205 and repealing the existing sections.
Be it enacted by the Legislature of the State of Kansas:
Section 1. K.S.A. 46-1135 is hereby amended to read as follows: 46-
1135. (a) The legislative division of post audit shall conduct information
technology audits as directed by the legislative post audit committee. Audit
work performed under this section may include:
(1) Assessment of security practices of information technology
systems maintained or administered by any state agency or any entity
subject to audit under the provisions of K.S.A. 46-1114(c), and
amendments thereto; and
(2) continuous audits of ongoing information technology projects by
any state agency or any entity subject to audit under the provisions of
K.S.A. 46-1114(c), and amendments thereto, including systems
development and implementation.
(b) Written reports on the results of such auditing shall be furnished
to:
(1) The entity which is being audited;
(2) the chief information technology officer and chief information
security officer of the branch of government that the entity being audited is
part of;
(3) (A) the governor, if the entity being audited is an executive branch
entity;
(B) the legislative coordinating council, if the entity being audited is a
legislative entity; or
(C) the chief justice of the Kansas supreme court, if the entity being
audited is a judicial entity;
(4) the legislative post audit committee;
(5) the joint committee on information technology; and
(6) such other persons or agencies as may be required by law or by
the specifications of the audit or as otherwise directed by the legislative
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
HB 2270—Am. by HC 2
post audit committee.
(c) The provisions of K.S.A. 46-1106(e), and amendments thereto,
shall apply to any audit or audit work conducted pursuant to this section.
(d) This section shall be part of and supplemental to the legislative
post audit act.
Sec. 2. K.S.A. 75-4704 is hereby amended to read as follows: 75-
4704. Under the supervision of the executive chief information technology
officer, the office of information technology services shall provide data
processing and application hosting and cloud services for other executive
branch divisions, departments and agencies of the state, and shall make
charges for such services in accordance with the cost system established
under K.S.A. 75-4703, and amendments thereto. The furnishing of data
processing services and application hosting by the office of information
technology services shall be a transaction to be settled in accordance with
the provisions of K.S.A. 75-5516, and amendments thereto. All receipts for
sales of services shall be deposited in the information technology fund
created under K.S.A. 75-4715, and amendments thereto. The provisions of
K.S.A. 75-4215, and amendments thereto, shall apply to the information
technology fund to the extent not in conflict with this act.
Sec. 3. K.S.A. 75-4705 is hereby amended to read as follows: 75-
4705. (a) Central processing of data by computer and cloud computing, for
all executive branch divisions, departments and agencies of the state shall
be performed by the office of information technology services under the
supervision of the executive chief information technology officer. No other
division, department or agency of the state shall perform central
processing computer functions or control or possess any central processing
unit of a computer, except as otherwise provided in this section.
(b) With the approval of the executive chief information technology
officer, any executive branch division, department or agency of the state
may possess and operate central processing units of a computer if the same
are adjunct to the central processing computer unit or units of the office of
information technology services.
(c) Infrastructure as a service and platform as a service cloud
computing services within the executive branch shall be performed by or
contracted for through the office of information technology services.
Software as a service applications shall be registered and inventoried with
the office of information technology services.
(d) Any procurement of central processing units or distributed
computing equipment with a cost of $75,000 or more by an executive
branch division, department or agency shall be approved by the executive
branch chief information technology officer.
(e) Data to be centrally processed by the office of information
technology services shall be prepared for such processing by the division,
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
HB 2270—Am. by HC 3
department or agency of the state requesting the same to be processed in
accordance with rules and regulations adopted by the executive chief
information technology officer as provided in K.S.A. 75-4703, and
amendments thereto. Programs for processing the data of any division,
department or agency of the state shall be prepared by such division,
department or agency of the state in accordance with standards prescribed
by rules and regulations adopted by the executive chief information
technology officer as provided in K.S.A. 75-4703, and amendments
thereto. Notwithstanding the other provisions of this subsection, the office
of information technology services shall prepare data or programs, or
provide technical consultation, when a division, department or agency of
the state requests such service of the office of information technology
services and the executive chief information technology officer.
(d)(f) This section shall not apply to the universities under the
jurisdiction and control of the state board of regents.
Sec. 4. K.S.A. 75-4709 is hereby amended to read as follows: 75-
4709. (a) The executive chief information technology officer shall provide
for and coordinate all telecommunications services for all divisions,
departments and agencies of the state pursuant to policies established by
the information technology executive council. The executive chief
information technology officer shall have the authority to control the
acquisition, retention and use of all telecommunications services,
equipment or software for all divisions, departments and agencies of the
state, and to develop and review plans and specifications for
telecommunications services throughout the state. The executive chief
information technology officer may authorize a division, department or
agency to procure its own telecommunications services, equipment or
software if such procurement is compatible with the office of information
technology services telecommunication services. As used in this
subsection, telecommunications equipment does not include cellular
phones or satellite phones.
(b) (1) The executive chief information technology officer, when
feasible, may enter into agreements with any entity defined in this
subsection extending to such entity the use of state intercity
telecommunications facilities and services under the control of the
executive chief information technology officer.
(2) As used in this subsection, an "entity" means:
(1)(A) Any governmental unit, including any state agency, taxing
subdivision of the state or municipality; or
(2)(B) any hospital or nonprofit corporation which the executive chief
information technology officer determines to be performing any state
function on an ongoing basis through agreement or otherwise, or any
function which will assist a governmental unit in attaining an objective or
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
HB 2270—Am. by HC 4
goal, bearing a valid relationship to powers and functions of such unit.
(c) Every record made, maintained or kept by the secretary of
administration or the division of information systems and communications,
prior to the effective date of this act, shall be maintained or kept by the
executive chief information technology officer or the office of information
technology services, or any agency or instrumentality thereof, which
relates to the acquisition, retention or use of telecommunications services
provided to any division, department or agency of the state, state officer or
governmental unit and which pertains to individually identifiable
individuals using such telecommunication services shall constitute for
purposes of the open records act a record of the division, department or
agency of the state, state officer or governmental unit to which such
records relate. The official custodian of such records for the purposes of
the open records act shall be the official custodian of the records of such
division, department or agency of the state, state officer or governmental
unit.
Sec. 5. K.S.A. 75-4710 is hereby amended to read as follows: 75-
4710. As used in K.S.A. 75-4709, 75-4712, 75-4713 and 75-4714, and
amendments thereto, telecommunications services include, but shall not be
limited to, any transmission, emission or reception of signals of any kind
containing communications of any nature, by wire, radio, optical or other
electromagnetic means, and includes all facilities, equipment, supplies and
services for such transmission, emission or reception. Telecommunications
services shall include data transmission services and equipment but shall
not include data processing services provided or authorized by the office
of information technology services, or the acquisition, retention or use of
any data processing equipment authorized by the office of information
technology services. Telecommunications equipment includes networking
and telephony hardware and related telecommunications software or
telecommunications cloud solutions.
Sec. 6. 5. K.S.A. 2024 2025 Supp. 75-7205 is hereby amended to
read as follows: 75-7205. (a) There is hereby established within and as a
part of the office of information technology services the position of
executive chief information technology officer. The executive chief
information technology officer shall be in the unclassified service under
the Kansas civil service act, shall be appointed by the governor, and shall
receive compensation in an amount fixed by the governor. The executive
chief information technology officer shall maintain a presence in any
cabinet established by the governor and shall report to the governor.
(b) The executive chief information technology officer shall:
(1) Review and consult with each executive agency regarding
information technology plans, deviations from the state information
technology architecture, information technology project estimates and
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
HB 2270—Am. by HC 5
information technology project changes and overruns submitted by such
agency pursuant to K.S.A. 75-7209, and amendments thereto, to determine
whether the agency has complied with:
(A) The information technology resource policies and procedures and
project management methodologies adopted by the information technology
executive council;
(B) the information technology architecture adopted by the
information technology executive council;
(C) the standards for data management adopted by the information
technology executive council; and
(D) the strategic information technology management plan adopted
by the information technology executive council;
(2) report to the chief information technology architect all deviations
from the state information architecture that are reported to the executive
information technology officer by executive agencies;
(3) submit recommendations to the division of the budget as to the
technical and management merit of information technology projects and
information technology project changes and overruns submitted by
executive agencies that are reportable pursuant to K.S.A. 75-7209, and
amendments thereto;
(4) monitor executive agencies' compliance with:
(A) The information technology resource policies and procedures and
project management methodologies adopted by the information technology
executive council;
(B) the information technology architecture adopted by the
information technology executive council;
(C) the standards for data management adopted by the information
technology executive council; and
(D) the strategic information technology management plan adopted
by the information technology executive council;
(5) coordinate implementation of new information technology among
executive agencies and with the judicial and legislative chief information
technology officers;
(6) designate the ownership of information resource processes and the
lead agency for implementation of new technologies and networks shared
by multiple agencies within the executive branch of state government;
(7) perform such other functions and duties as provided by law or as
directed by the governor;
(8) consult with the appropriate legal counsel on topics related to
confidentiality of information, the open records act, K.S.A. 45-215 et seq.,
and amendments thereto, the open meetings act, K.S.A. 75-4317 et seq.,
and amendments thereto, and any other legal matter related to information
technology;
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
HB 2270—Am. by HC 6
(9) ensure that each executive agency has the necessary information
technology and cybersecurity staff imbedded within the agency to
accomplish the agency's duties;
(10) maintain all third-party data centers at locations within the
United States or with companies that are based in the United States; and
(11) create a database of all electronic devices within the branch and
ensure that each device is inventoried, cataloged and tagged within an
inventory device;
(12) prepare and lead the implementation of a strategic direction and
enterprise direction for information technology for the executive branch;
(13) establish standards and policies for the consistent and efficient
operation of information technology services throughout the executive
branch; and
(14) analyze the expenditures made by executive branch agencies on
information technology projects to identify opportunities and efficiencies.
(c) An employee of the office of information technology services
shall not disclose confidential information of an executive agency.
(d) The executive chief information technology officer may make a
request to the adjutant general to permit the Kansas national guard in a
state active duty capacity to perform vulnerability assessments or other
assessments of the branch for the purpose of enhancing security. During
such vulnerability assessments, members performing the assessment shall,
to the extent possible, ensure that no harm is done to the systems being
assessed. The executive chief information technology officer shall notify
the executive agency that owns the information systems being assessed
about such assessment and coordinate to mitigate the security risk.
Sec. 7. 6. K.S.A. 46-1135, 75-4704, 75-4705 , and 75-4709 and 75-
4710 and K.S.A. 2024 2025 Supp. 75-7205 are hereby repealed.
Sec. 8. 7. This act shall take effect and be in force from and after its
publication in the statute book.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30