EXECUTIVE ORDER S-03-10


WHEREAS the national recession, falling tax revenues and serious budget shortfalls require that the State reduce spending and achieve greater efficiencies in all areas of government; and

WHEREAS state government must achieve every possible efficiency in its operations and in its delivery of services to Californians; and

WHEREAS state government spends more than $3 billion annually on information technology and telecommunications; and

WHEREAS the operation of information technology and telecommunications equipment accounts for two percent of global greenhouse gas emissions and that figure will increase to four percent by 2020 without concerted action; and

WHEREAS information technology equipment accounts for 40 percent of energy used within office environments; and

WHEREAS the Office of the State Chief Information Officer (OCIO) was created in statute to minimize overlap, redundancy, and cost in state operations by promoting the efficient and effective use of information technology and telecommunications; and

WHEREAS the Governor's Information Technology Reorganization Plan integrated statewide information technology functions, including the Department of Technology Services, the Office of Information Security, and the Department of General Services' Telecommunications Division, within the OCIO; and

WHEREAS the State of California is fully committed to leveraging a common technology platform and shared services in order to make state government more transparent, accessible and accountable, enhance the quality of services to residents and businesses, ensure the security and reliability of the state's information systems, protect the privacy of information and data, promote emerging technologies, and develop enterprise applications with standard interfaces; and

WHEREAS state agencies and departments under my direct executive authority must be accountable for reducing the fiscal and environmental impacts of information technology and telecommunications goods and services; and

WHEREAS leveraging shared services and consolidating information technology and telecommunications equipment, resources and investments have been proven to achieve greater efficiency, cost-effectiveness and environmental sustainability in information technology and telecommunications operations.

NOW, THEREFORE, I, ARNOLD SCHWARZENEGGER, Governor of the State of California, by virtue of the power and authority vested in me by the Constitution and statutes of the State of California, do hereby issue this Order to become effective immediately:

1. The State Chief Information Officer (State CIO) and the Office of the State CIO (OCIO), consistent with Government Code section 11545 et seq., shall have authority as provided by law over all information technology (IT) infrastructure and shared services, including, but not limited to, the following: data and telecommunications networks; data center services, including all equipment necessary to operate mission-critical and public-facing applications (e.g., servers, storage, switches, security devices, and mainframes); hosting of mission-critical and public-facing applications; and shared enterprise services (e.g., e-mail and directory).

2. Beginning in 2010, and annually thereafter, each agency under my direct executive authority shall submit, as instructed by the OCIO, a summary of its actual and projected information technology and telecommunications costs, including personnel, for the past year, current year, and budget year in a format prescribed by the OCIO in order to capture statewide IT expenditures.

3. Cabinet Agencies shall have an Agency Chief Information Officer (Agency CIO) appointed by the Agency Secretary, or the Agency Secretary's designee, subject to the approval of the State CIO. Agency CIOs shall be responsible for overseeing the IT portfolio and IT services within the Agency through the operational oversight of IT budgets of constituent departments, boards, bureaus and offices.

4. All other agencies (except for Cabinet Agencies), departments, boards, bureaus and offices under my direct executive authority shall appoint Chief Information Officers (CIOs). These CIOs shall be directly responsible for all IT and telecommunications activities within their agency, department, board, bureau or office, including, but not limited to: all IT, information security, and telecommunications personnel and contractors, systems, assets, projects, purchases, and contracts. CIOs shall ensure agency conformity with state IT and telecommunications policy and enterprise architecture.

5. Cabinet Agencies shall have an Agency Information Security Officer (Agency ISO) appointed or designated by the Agency Secretary, or the Agency Secretary's designee, subject to the approval by the State Chief Information Security Officer (State CISO). The Agency ISO shall report to the Agency CIO.

6. All other agencies (except for Cabinet Agencies), departments, boards, bureaus and offices under my direct executive authority shall appoint or designate a qualified Information Security Officer (ISO), who shall report to the CIO of his or her respective agency, department, board, bureau or office. The State CISO shall develop specific qualification criteria for ISOs. If an agency cannot support a qualified ISO, the Agency ISO shall serve in this capacity. The Agency ISO will coordinate with the State CISO for additional support as necessary.

7. For all agencies under my direct executive authority, ISOs shall investigate, resolve, and report all information security incidents to the Office of Information Security (OIS) within the OCIO. In addition ISOs shall: complete disaster recovery planning and agency-wide risk assessments; conduct and document information security awareness training for all agency employees on an annual basis; report security metrics using methodologies developed by the OIS; and participate in activities coordinated by the OIS in order to better understand and address security incidents and critical cyber security threats to the state.

8. Agency CIOs shall be responsible for developing the enterprise architecture for their respective Agencies, subject to the review and approval of the OCIO, to rationalize, standardize, and consolidate IT applications, assets, infrastructure, data, and procedures for all departments, boards, bureaus and offices within their Agencies. Agency CIOs shall ensure that all departments, boards, bureaus and offices within their Agencies are in compliance with state IT policy.

9. The CIOs of agencies under my direct executive authority shall develop and maintain enterprise architecture plans in compliance with the statewide enterprise architecture policies and standards as established by the OCIO. All information technology and telecommunications acquisitions shall be consistent with the defined enterprise architecture and any deviations shall require the approval of the OCIO.

10. Consistent with Executive Order S-20-04, which established the Green Building Initiative, the CIOs of all agencies under my direct executive authority shall develop plans to leverage cost-effective strategies to reduce the total amount of energy utilized by information technology and telecommunications equipment by 10 percent by July 1, 2010, by 20 percent by July 1, 2011, and by 30 percent by July 1, 2012. Progress toward these targets shall be reported to the OCIO on a quarterly basis beginning April 2010. The OCIO shall publicly report the progress of this effort on its website.

11. The CIOs of all agencies under my direct executive authority shall work with the OCIO to reduce the total amount of data center square footage currently utilized by state agencies by 25 percent by July 2010, and by 50 percent by July 2011. In addition, CIOs shall begin to transition the hosting of all mission critical and public-facing applications to a Tier III data center designated by the OCIO by no later than September 2010, and shall commence closing all existing server rooms that house non-network equipment by June 2013. Transition plans shall be in accordance with guidance provided by the OCIO. Effective immediately, all new mission critical and public-facing applications and major server refreshes shall be hosted in a Tier III data center as designated by the OCIO. Progress toward these targets shall be reported to the OCIO on a quarterly basis beginning April 2010. The OCIO shall publicly report the progress of this effort on its website.

12. The CIOs of all agencies under my direct executive authority shall begin migration from their existing network services to the California Government Network (CGN) by no later than July 2010. Progress toward this target shall be reported to the OCIO on a quarterly basis beginning April 2010. The OCIO shall publicly report the progress of this effort on its website.

13. The CIOs of all agencies under my direct executive authority shall transition to the state's shared e-mail security and encryption solution by no later June 2010, and shall work with the OCIO to migrate to the state's shared e-mail solution by no later than June 2011. Progress toward this target shall be reported to the OCIO on a quarterly basis beginning April 2010. The OCIO shall publicly report the progress of this effort on its website.

14. In order to ensure compliance with this executive order, the OCIO is authorized pursuant to Government Code section 11545 et seq. to reduce state agencies' delegated IT project development authority if agencies are not in substantial compliance. Upon notification by the OCIO of substantial non-compliance by an agency, the Department of General Services may reduce or eliminate the IT purchasing authority of such agencies in consultation with the OCIO.

15. The State CIO, beginning April 2010, and quarterly thereafter, shall issue a report to the Cabinet Secretary concerning: a) progress by agencies toward consolidation; b) the results of such consolidation in terms of fiscal and environmental benefit; and c) the status and quality of shared services.

IT IS FURTHER ORDERED that the agencies and departments under my direct executive authority shall cooperate in the implementation of this Order.

This Order is not intended to, and does not, create any rights or benefits, substantive or procedural, enforceable at law or in equity, against the State of California, its agencies, departments, officers, employees, or any other entity or person.

I FURTHER DIRECT that as soon as hereafter possible, this Order be filed in the Office of the Secretary of State and that widespread publicity and notice be given to this Order.