Skip to main content
Colorado General AssemblyToggle Main Menu
Agency NameToggle Agency Menu

J_JTC_2016A 06/03/2016 10:11:00 AM Committee Summary

Final

STAFF SUMMARY OF MEETING



COMMITTEE ON JOINT TECHNOLOGY COMMITTEE

Date: 06/03/2016
ATTENDANCE
Time: 10:11 AM to 12:51 PM
Newell
*
Singer
X
Place: HCR 0112
Tate
X
Thurlow
X
This Meeting was called to order by
Martinez Humenik
X
Representative Tyler
Tyler
X
This Report was prepared by
Matt Becker
X = Present, E = Excused, A = Absent, * = Present after roll call
Bills Addressed: Action Taken:
OIT Project Dashboards and Watchlist

Trends in State Cybersecurity Laws and Legislation

Presentation on Cybersecurity

Colorado Benefits Management System Update

Update on Senate Bill 16-191 and House Bill 16-1453
Witness Testimony and/or Committee Discussion Only

Witness Testimony and/or Committee Discussion Only

Witness Testimony and/or Committee Discussion Only

Witness Testimony and/or Committee Discussion Only

Witness Testimony and/or Committee Discussion Only





10:11 AM -- OIT Project Dashboards and Watchlist



The committee was called to order. A quorum was present. Representative Tyler discussed the meeting agenda. William Chumley, Chief Customer Officer, and David McCurdy, Chief Technology Officer, both representing the Governor's Office of Information Technology (OIT), discussed the overview dashboard and watchlist for information technology (IT) projects managed by OIT. Committee members received a copy of the dashboard and watchlist, prepared by OIT (Attachments A and B). Mr. McCurdy discussed the Enterprise Wireless project. Committee discussion ensued on the status of the project.



160603 AttachA.pdf160603 AttachA.pdf160603 AttachB.pdf160603 AttachB.pdf



10:18 AM



Mr. McCurdy and Mr. Chumley discussed the status and progress of the Network Infrastructure Refresh project. Mr. McCurdy responded to a committee question regarding the schedule for the project. Committee discussion ensued on the budget and scope of the project. Mr. McCurdy discussed the status of the Backup Colorado Phase II project. Discussion ensued on OIT's process for backup testing. Committee discussion ensued on how OIT and the committee will use the project dashboard information going forward.





10:28 AM



Mr. Chumley discussed the budget of the Electronic Health Records (EHR), Division of Youth Corrections (DYC) project and a recent Request for Information regarding less costly options going forward. He also discussed the status of the DYC Wireless project. The project is scheduled to be completed this month. Mr. McCurdy also discussed the schedule status of the Trails Modernization project. Committee discussion ensued on the vendor selected to complete the project. Mr. Chumley discussed the status and schedule of the CORE Phase II project. He also discussed issues with end-of-year and end-of-month reporting.



10:34 AM



Mr. McCurdy discussed the status of the Department of Human Services (DHS) Interoperability project and its use of a related technology known as an Enterprise Service Bus. He also discussed how similar technologies were used for the Unemployment Insurance system. Committee discussion ensued on how this technology will be used in future OIT projects.



10:37 AM



Mr. Chumley discussed the status and schedule of the Medical Marijuana System Replacement project. Mr. Chumley then discussed the Human Resource Information System (HRIS) project and a recent delay to the project schedule. He also discussed a timekeeping component that is part of the project, known as Kronos. Committee discussion ensued on the difference between Kronos and HRIS, the vendor selection process for HRIS, and a new Request for Proposal (RFP) to be issued in the coming months.



10:44 AM



Committee discussion ensued on the technical requirements of the first RFP related to HRIS, issues with the project budget, and how the project will move forward. Mr. Chumley discussed the total budget for the project and expenditures to date. Committee discussion ensued on the Kronos budget component and OIT's responsibilities with the Kronos contract. Mr. McCurdy further discussed the different phases of the Kronos portion of the project and the enterprise solution goal of the project.



10:54 AM



In response to a committee question about how OIT handles process re-engineering issues with state agencies, Mr. McCurdy discussed OIT's initiative to move towards more centralized IT systems for all state agencies in order to improve business processes. Committee discussion ensued on the resistance to changing business processes. Mr. Chumley then discussed the Department of Corrections EHR project. Committee discussion ensued on the vendor's experience with similar projects.



11:02 AM



Mr. Chumley then discussed the status of the Department of Agriculture's Ag License project and DHS' E Health Records project. Mr. McCurdy discussed the CHATS Modernization project and the recent vendor selection. Next, Mr. McCurdy discussed the status of the Colorado Department of Labor and Employment's Mainframe Modernization project and recent changes to its related computer programming language. Finally, Mr. Chumley then discussed the status of the DRIVES and Collection Management System projects. Mr. Chumley responded to committee questions regarding the budget and schedule of the DYC EHR project.







11:12 AM -- Trends in State Cybersecurity Laws and Legislation



Pam Greenberg, Senior Fellow, National Conference of State Legislatures (NCSL), came to the table to discuss trends in state cybersecurity laws and legislation. Committee members received a copy of her presentation (Attachment C). Ms. Greenberg discussed the mission of NCSL, recent laws enacted related to security breaches, data disposal laws, data security laws, and computer crime laws. Committee members also received a handout from NCSL on the provisions of security breach notification laws for all 50 states (Attachment D).



160603 AttachC.pdf160603 AttachC.pdf160603 AttachD.pdf160603 AttachD.pdf



11:25 AM



Committee discussion ensued on trends in computer crimes and phishing. In response to a committee question regarding the effectiveness of computer crime laws, Ms. Greenberg discussed the challenges associated with educating people about such laws. Ms. Greenberg also discussed recent cybersecurity initiatives by the National Institute of Standards and Technologies. Committee discussion ensued on how Colorado compares to other states on cybersecurity laws.



11:37 AM -- Presentation on Cybersecurity



Deborah Blyth, Chief Information Security Officer, OIT, came to the table to discuss Secure Colorado (see Attachment A). She discussed the strategic program priorities of Secure Colorado, including protecting information and systems, research and development, partnerships, and compliance. Committee discussion ensued on Secure Colorado's partnership with the private sector. Ms. Blyth also discussed recent program accomplishments, including risk management and risk reduction, compliance and IT audit support, and best practice and leading edge security.



11:51 AM



Ms. Blyth further discussed Secure Colorado's strategic plan and key partnerships, including the Cybersecurity Steering Committee and the Cybersecurity Task Force. Committee discussion ensued on collaboration between the federal and state governments in Colorado on cybersecurity initiatives.



11:58 AM



Ms. Blyth discussed Secure Colorado's focuses for FY 2017, including improved incident preparedness and intelligence, identity and access management, and its 20 critical security controls. Committee discussion ensued on recent audit issues that have been addressed by Secure Colorado, as well as Secure Colorado and OIT's role in the new National Cybersecurity Information Center (NCIC) currently being established in Colorado Springs.



12:12 PM



Ms. Blyth responded to committee questions regarding other recent Secure Colorado upgrades related to cybersecurity, the penetration rate of certain IT security tools, and the cost of cybersecurity tools for executive branch agencies.







12:17 PM -- Colorado Benefits Management System Update



Mr. McCurdy returned to the table to update the committee on the Colorado Benefits Management System (CBMS). Mr. McCurdy discussed a year-over-year comparison of CBMS (see Attachment A) from 2014 to 2015, including a decrease number in the lines of computer code, a decrease in legacy programs, an increase in batch programs, and an increase in client correspondence. He also discussed a comparison of the PEAK system from 2014 to 2015, as well as new universal applications related to PEAK. He also discussed customer service improvements related to CBMS, including a significant reduction in the number of help-desk tickets. Finally, he discussed recent project updates to CBMS and forthcoming projects, including an electronic document management system.



12:28 PM



In response to a committee question regarding the reduction in waiting time for the PEAK system, Mr. McCurdy discussed significant reductions in the time it takes to receive benefits in recent years. Committee discussion ensued on the forthcoming electronic document management system upgrade, the PEAK mobile application, how CBMS has changed and improved over the past several years, and how it can be improved further.



12:37 PM -- Update on Senate Bill 16-191 and House Bill 16-1453



Katie Ruedebusch, Legislative Council Staff, updated the committee on its responsibilities under SB 16-191 and also briefed the committee on House Bill 16-1453 concerning the NCIC being established in Colorado Springs. Jessika Shipley, Legislative Council Staff, discussed potential next committee meeting dates.



12:51 PM



The meeting adjourned.


Email addresses for the Colorado legislature have changed from the @state.co.us domain to the @coleg.gov domain on December 1, 2022. Details