Read the full stored bill text
House Substitute for SENATE BILL No. 51
AN ACT concerning information technology; relating to services provided by the chief
information technology officer; authorizing the chief information security officer to
receive audit reports; authorizing the office of information technology services to
provide certain services to political subdivisions and hospitals; amending K.S.A. 46-
1135, 75-4704, 75-4705, 75-4709 and 75-4714 and K.S.A. 2025 Supp. 75-7205 and
repealing the existing sections.
Be it enacted by the Legislature of the State of Kansas:
New Section 1. (a) The executive chief information technology
officer may enter into an agreement with an entity to extend to such
entity the use of state information technology or cybersecurity services
under the control of the executive chief information technology officer.
(b) As used in this section, "entity" means:
(1) Any governmental unit, including, but not limited to, any state
agency, taxing subdivision of the state or municipality; or
(2) any hospital or nonprofit corporation that the executive chief
information technology officer determines is performing any state
function on an ongoing basis through agreement or otherwise or any
function that will assist a governmental unit in attaining an objective or
goal.
Sec. 2. K.S.A. 46-1135 is hereby amended to read as follows: 46-
1135. (a) The legislative division of post audit shall conduct
information technology audits as directed by the legislative post audit
committee. Audit work performed under this section may include:
(1) Assessment of security practices of information technology
systems maintained or administered by any state agency or any entity
subject to audit under the provisions of K.S.A. 46-1114(c), and
amendments thereto; and
(2) continuous audits of ongoing information technology projects
by any state agency or any entity subject to audit under the provisions
of K.S.A. 46-1114(c), and amendments thereto, including systems
development and implementation.
(b) Written reports on the results of such auditing shall be
furnished to:
(1) The entity which is being audited;
(2) the chief information technology officer and chief information
security officer of the branch of government that the entity being
audited is a part of;
(3) (A) the governor, if the entity being audited is an executive
branch entity;
(B) the legislative coordinating council, if the entity being audited
is a legislative entity; or
(C) the chief justice of the Kansas supreme court, if the entity
being audited is a judicial entity;
(4) the legislative post audit committee;
(5) the joint committee on information technology; and
(6) such other persons or agencies as may be required by law or by
the specifications of the audit or as otherwise directed by the legislative
post audit committee.
(c) The provisions of K.S.A. 46-1106(e), and amendments thereto,
shall apply to any audit or audit work conducted pursuant to this
section.
(d) This section shall be a part of and supplemental to the
legislative post audit act.
Sec. 3. K.S.A. 75-4704 is hereby amended to read as follows: 75-
4704. Under the supervision of the executive chief information
technology officer, the office of information technology services shall
provide data processing and application hosting and cloud services for
other executive branch divisions, departments and agencies of the state,
and shall make charges for such services in accordance with the cost
system established under K.S.A. 75-4703, and amendments thereto.
House Substitute for SENATE BILL No. 51—page 2
The furnishing of data processing services and application hosting by
the office of information technology services shall be a transaction to
be settled in accordance with the provisions of K.S.A. 75-5516, and
amendments thereto. All receipts for sales of services shall be deposited
in the information technology fund created under K.S.A. 75-4715, and
amendments thereto. The provisions of K.S.A. 75-4215, and
amendments thereto, shall apply to the information technology fund to
the extent not in conflict with this act.
Sec. 4. K.S.A. 75-4705 is hereby amended to read as follows: 75-
4705. (a) Central processing of data by computer and cloud computing,
for all executive branch divisions, departments and agencies of the state
shall be performed by the office of information technology services
under the supervision of the executive chief information technology
officer. No other division, department or agency of the state shall
perform central processing computer functions or control or possess
any central processing unit of a computer, except as otherwise provided
in this section.
(b) With the approval of the executive chief information
technology officer, any executive branch division, department or
agency of the state may possess and operate central processing units of
a computer if the same are adjunct to the central processing computer
unit or units of the office of information technology services.
(c) Infrastructure as a service and platform as a service cloud
computing services within the executive branch shall be performed by
or contracted for through the office of information technology services.
Software as a service applications shall be registered and inventoried
with the office of information technology services.
(d) Any procurement of central processing units or distributed
computing equipment with a cost of $75,000 or more by an executive
branch division, department or agency shall be approved by the
executive branch chief information technology officer.
(e) Data to be centrally processed by the office of information
technology services shall be prepared for such processing by the
division, department or agency of the state requesting the same to be
processed in accordance with rules and regulations adopted by the
executive chief information technology officer as provided in K.S.A.
75-4703, and amendments thereto. Programs for processing the data of
any division, department or agency of the state shall be prepared by
such division, department or agency of the state in accordance with
standards prescribed by rules and regulations adopted by the executive
chief information technology officer as provided in K.S.A. 75-4703,
and amendments thereto. Notwithstanding the other provisions of this
subsection, the office of information technology services shall prepare
data or programs, or provide technical consultation, when a division,
department or agency of the state requests such service of the office of
information technology services and the executive chief information
technology officer.
(d)(f) This section shall not apply to the universities under the
jurisdiction and control of the state board of regents.
Sec. 5. K.S.A. 75-4709 is hereby amended to read as follows: 75-
4709. (a) The executive chief information technology officer shall
provide for and coordinate all telecommunications services for all
divisions, departments and agencies of the state pursuant to policies
established by the information technology executive council. The
executive chief information technology officer shall have the authority
to control the acquisition, retention and use of all telecommunications
services for all divisions, departments and agencies of the state, and to
develop and review plans and specifications for telecommunications
services throughout the state. The executive chief information
House Substitute for SENATE BILL No. 51—page 3
technology officer may authorize a division, department or agency to
procure its own telecommunications services if such procurement is
compatible with the office of information technology services
telecommunication services.
(b) (1) The executive chief information technology officer, when
feasible, may enter into agreements with any entity defined in this
subsection extending to such entity the use of state intercity
telecommunications facilities and services under the control of the
executive chief information technology officer.
(2) As used in this subsection, an "entity" means:
(1)(A) Any governmental unit, including any state agency, taxing
subdivision of the state or municipality; or
(2)(B) any hospital or nonprofit corporation which the executive
chief information technology officer determines to be performing any
state function on an ongoing basis through agreement or otherwise, or
any function which will assist a governmental unit in attaining an
objective or goal, bearing a valid relationship to powers and functions
of such unit.
(c) Every record made, maintained or kept by the secretary of
administration or the division of information systems and
communications, prior to the effective date of this act, shall be
maintained or kept by the executive chief information technology
officer or the office of information technology services, or any agency
or instrumentality thereof, which relates to the acquisition, retention or
use of telecommunications services provided to any division,
department or agency of the state, state officer or governmental unit
and which pertains to individually identifiable individuals using such
telecommunication services shall constitute for purposes of the open
records act a record of the division, department or agency of the state,
state officer or governmental unit to which such records relate. The
official custodian of such records for the purposes of the open records
act shall be the official custodian of the records of such division,
department or agency of the state, state officer or governmental unit.
Sec. 6. K.S.A. 75-4714 is hereby amended to read as follows: 75-
4714. Except as otherwise provided by law and subject to the
provisions of appropriations acts relating thereto,:
(a) All fees and charges imposed by the executive chief
information technology officer for telecommunications or information
technology services provided or contracted for by the executive chief
information technology officer shall be deposited in the state treasury
and credited to the information technology fund; and
(b) all fees and charges imposed by the executive chief
information technology officer for cybersecurity services provided or
contracted for by the executive chief information technology officer
shall be deposited in the state treasury and credited to the information
technology security fund.
Sec. 7. K.S.A. 2025 Supp. 75-7205 is hereby amended to read as
follows: 75-7205. (a) There is hereby established within and as a part of
the office of information technology services the position of executive
chief information technology officer. The executive chief information
technology officer shall be in the unclassified service under the Kansas
civil service act, shall be appointed by the governor, and shall receive
compensation in an amount fixed by the governor. The executive chief
information technology officer shall maintain a presence in any cabinet
established by the governor and shall report to the governor.
(b) The executive chief information technology officer shall:
(1) Review and consult with each executive agency regarding
information technology plans, deviations from the state information
technology architecture, information technology project estimates and
House Substitute for SENATE BILL No. 51—page 4
information technology project changes and overruns submitted by
such agency pursuant to K.S.A. 75-7209, and amendments thereto, to
determine whether the agency has complied with:
(A) The information technology resource policies and procedures
and project management methodologies adopted by the information
technology executive council;
(B) the information technology architecture adopted by the
information technology executive council;
(C) the standards for data management adopted by the information
technology executive council; and
(D) the strategic information technology management plan
adopted by the information technology executive council;
(2) report to the chief information technology architect all
deviations from the state information architecture that are reported to
the executive information technology officer by executive agencies;
(3) submit recommendations to the division of the budget as to the
technical and management merit of information technology projects
and information technology project changes and overruns submitted by
executive agencies that are reportable pursuant to K.S.A. 75-7209, and
amendments thereto;
(4) monitor executive agencies' compliance with:
(A) The information technology resource policies and procedures
and project management methodologies adopted by the information
technology executive council;
(B) the information technology architecture adopted by the
information technology executive council;
(C) the standards for data management adopted by the information
technology executive council; and
(D) the strategic information technology management plan
adopted by the information technology executive council;
(5) coordinate implementation of new information technology
among executive agencies and with the judicial and legislative chief
information technology officers;
(6) designate the ownership of information resource processes and
the lead agency for implementation of new technologies and networks
shared by multiple agencies within the executive branch of state
government;
(7) perform such other functions and duties as provided by law or
as directed by the governor;
(8) consult with the appropriate legal counsel on topics related to
confidentiality of information, the open records act, K.S.A. 45-215 et
seq., and amendments thereto, the open meetings act, K.S.A. 75-4317
et seq., and amendments thereto, and any other legal matter related to
information technology;
(9) ensure that each executive agency has the necessary
information technology and cybersecurity staff imbedded within the
agency to accomplish the agency's duties;
(10) maintain all third-party data centers at locations within the
United States or with companies that are based in the United States;
and
(11) create a database of all electronic devices within the branch
and ensure that each device is inventoried, cataloged and tagged within
an inventory device;
(12) prepare and lead the implementation of a strategic direction
and enterprise direction for information technology for the executive
branch;
(13) establish standards and policies for the consistent and
efficient operation of information technology services throughout the
executive branch; and
House Substitute for SENATE BILL No. 51—page 5
(14) analyze the expenditures made by executive branch agencies
on information technology projects to identify opportunities and
efficiencies.
(c) An employee of the office of information technology services
shall not disclose confidential information of an executive agency.
(d) The executive chief information technology officer may make
a request to the adjutant general to permit the Kansas national guard in
a state active duty capacity to perform vulnerability assessments or
other assessments of the branch for the purpose of enhancing security.
During such vulnerability assessments, members performing the
assessment shall, to the extent possible, ensure that no harm is done to
the systems being assessed. The executive chief information technology
officer shall notify the executive agency that owns the information
systems being assessed about such assessment and coordinate to
mitigate the security risk.
Sec. 8. K.S.A. 46-1135, 75-4704, 75-4705, 75-4709 and 75-4714
and K.S.A. 2025 Supp. 75-7205 are hereby repealed.
Sec. 9. This act shall take effect and be in force from and after its
publication in the statute book.
I hereby certify that the above BILL originated in the
SENATE, and passed that body
__________________________
SENATE concurred in
HOUSE amendments _______________________
_________________________
President of the Senate.
_________________________
Secretary of the Senate.
Passed the HOUSE
as amended _________________________
_________________________
Speaker of the House.
_________________________
Chief Clerk of the House.
APPROVED _____________________________
_________________________
Governor.