A bill that would direct Arizona’s agencies to start a major cloud migration is now gaining steam in the state Legislature.
State Sen. Don Shooter’s S.B. 1434 passed the House’s Committee of the Whole with a key amendment added Wednesday, and is now poised to earn a vote on the House floor after it passed the Senate back in March. The legislation instructs the state’s Department of Administration to take the lead in spurring agencies to move their IT operations to the cloud, and sets in place a new review process for large IT infrastructure contracts.
Specifically, the bill requires that the department adopt a policy instructing all state agencies and commissions to undergo a “two-year hardware, platform and software refresh evaluation cycle.” As part of that process, the state’s various agencies will be required to “evaluate and progressively migrate” their IT assets to either a commercial cloud or build a cloud model that meets the standards laid out by the National Institute of Standards and Technology.
If that migration involves any “off-premises environment” like a data center, then the legislation also requires that the facility meet a variety of security standards, such as the Health Insurance Portability and Accountability Act standards, the Family Educational Rights and Privacy Act guidelines, and the FBI’s Criminal Justice Information Services strictures.
The bill also lays out a host of data security standards for the cloud migration process, including a requirement that the process “conforms to data in transit and data at rest encryption standards.”
If the legislation passes, all state agencies will have to deliver a cloud migration plan to the Department of Administration starting Jan. 1, 2017. On the same date, agencies would also have to begin meeting twice a year with the department, the state’s chief information officer and the chairperson of the Legislature’s Joint Legislative Budget Committee to provide them updates on the progress of data migration or “any factors delaying or inhibiting the expansion of cloud computing usage.”
The bill also gives that committee oversight over IT infrastructure contracts valued at more than $2.5 million.
Though the bill now contains a series of complex cloud provisions, the legislation looks vastly different from when Shooter first introduced it in February. Shooter’s original bill would’ve encouraged the state to consolidate its IT services, specifically requiring any agency hoping to pursue a project with a price tag over $50,000 to explore opportunities to share the system with other agencies before proceeding.
However, Shooter himself amended the bill as the Senate’s Committee of the Whole considered it in March to reshape it to focus on cloud migration. Then, Rep. David Stevens added an amendment in the House Committee of the Whole to include the various data security standards in the bill, and lawmakers voted to accept those changes.
Now, the bill is awaiting an assignment for a vote on the House floor. Should it reach that stage, the legislative analytics company FiscalNote gives the legislation a 98 percent chance of passing.
Contact the reporter at firstname.lastname@example.org, and follow him on Twitter @AlexKomaSNG.