The Military Department of the State of Oklahoma may purchase computer hardware or software or any services related to software development, software modifications, or any other services related to the operation and maintenance of computer hardware or software or both independently and without prior approval from the Office of Management and Enterprise Services Information Services Division.

Section 34.12. A. The Information Services Division of the Office of Management and Enterprise Services shall:

1. Coordinate information technology planning through analysis of the long-term information technology plans for each agency;

2. Develop a statewide information technology plan with annual modifications to include, but not be limited to, individual agency plans and information systems plans for the statewide electronic information technology function;

3. Establish and enforce minimum mandatory standards for:

The standards shall, upon adoption, be the minimum requirements applicable to all agencies. These standards shall be compatible with the standards established for the Oklahoma Government Telecommunications Network. Individual agency standards may be more specific than statewide requirements but shall in no case be less than the minimum mandatory standards. Where standards required of an individual agency of the state by agencies of the federal government are more strict than the state minimum standards, such federal requirements shall be applicable;

4. Develop and maintain applications for agencies not having the capacity to do so;

5. Operate a data service center to provide operations and hardware support for agencies requiring such services and for statewide systems;

6. Maintain a directory of the following which have a value of Five Hundred Dollars ($500.00) or more: application systems, systems software, hardware, internal and external information technology, communication or telecommunication equipment owned, leased, or rented for use in communication services for state government, including communication services provided as part of any other total system to be used by the state or any of its agencies, and studies and training courses in use by all agencies of the state; and facilitate the utilization of the resources by any agency having requirements which are found to be available within any agency of the state;

7. Assist agencies in the acquisition and utilization of information technology systems and hardware to effectuate the maximum benefit for the provision of services and accomplishment of the duties and responsibilities of agencies of the state;

8. Coordinate for the executive branch of state government agency information technology activities, encourage joint projects and common systems, linking of agency systems through the review of agency plans, review and approval of all statewide contracts for software, hardware and information technology consulting services and development of a statewide plan and its integration with the budget process to ensure that developments or acquisitions are consistent with statewide objectives and that proposed systems are justified and cost effective;

9. Develop performance reporting guidelines for information technology facilities and conduct an annual review to compare agency plans and budgets with results and expenditures;

10. Establish operations review procedures for information technology installations operated by agencies of the state for independent assessment of productivity, efficiency, cost effectiveness, and security;

11. Establish data center user charges for billing costs to agencies based on the use of all resources;

12. Provide system development and consultant support to state agencies on a contractual, cost reimbursement basis; and

13. In conjunction with the Oklahoma Office of Homeland Security, enforce the minimum information security and internal control standards established by the Information Services Division. An enforcement team consisting of the Chief Information Officer of the Information Services Division or a designee, a representative of the Oklahoma Office of Homeland Security, and a representative of the Oklahoma State Bureau of Investigation shall enforce the minimum information security and internal control standards. If the enforcement team determines that an agency is not in compliance with the minimum information security and internal control standards, the Chief Information Officer shall take immediate action to mitigate the noncompliance, including the removal of the agency from the infrastructure of the state until the agency becomes compliant, taking control of the information technology function of the agency until the agency is compliant, and transferring the administration and management of the information technology function of the agency to the Information Services Division or another state agency.

B. No agency of the executive branch of the state shall use state funds for or enter into any agreement for the acquisition of any category of computer hardware, software or any contract for information technology or telecommunication services and equipment, service costs, maintenance costs, or any other costs or fees associated with the acquisition of the services or equipment, without written authorization of the Chief Information Officer or a designee except the following:

1. A purchase less than or equal to Five Thousand Dollars ($5,000.00) if such product is purchased using a state purchase card and the product is listed on either the Approved Hardware or Approved Software list located on the Office of Management and Enterprise Services website; or

2. A purchase over Five Thousand Dollars ($5,000.00) and less than or equal to Twenty-five Thousand Dollars ($25,000.00) if such product is purchased using a state purchase card, the product is listed on an information technology or telecommunications statewide contract, and the product is listed on either the Approved Hardware or Approved Software list located on the Office of Management and Enterprise Services website; or

3. A purchase of computer hardware or software or any services related to software development, software modifications, or any other services related to the operation and maintenance of computer hardware and software or both independently that is made by the Military Department of the State of Oklahoma.

If written authorization is not obtained prior to incurring an expenditure or entering into any agreement as required in this subsection or as required in Section 35.4 of this title, the Office of Management and Enterprise Services may not process any claim associated with the expenditure and the provisions of any agreement shall not be enforceable. The provisions of this subsection shall not be applicable to any member of The Oklahoma State System of Higher Education, any public elementary or secondary schools of the state, any technology center school district as defined in Section 14–108 of Title 70 of the Oklahoma Statutes, or CompSource Oklahoma Mutual Insurance Company.

C. The Chief Information Officer and Information Services Division of the Office of Management and Enterprise Services and all agencies of the executive branch of the state shall not be required to disclose, directly or indirectly, any information of a state agency which is declared to be confidential or privileged by state or federal statute or the disclosure of which is restricted by agreement with the United States or one of its agencies, nor disclose information technology system details that may permit the access to confidential information or any information affecting personal security, personal identity, or physical security of state assets.