HB 2104 — An Act amending Title 71 (State Government) of the Pennsylvania Consolidated Statutes, in boards and offices, providing for information technology; establishing the Office of Information Technology and the Information Technology Fund; providing for administrative and procurement procedures and for the Joint Cybersecurity Oversight Committee; imposing duties on the Office of Information Technology; providing for administration of Pennsylvania Statewide Radio Network; and imposing penalties.
Congress · introduced 2025-12-17
Latest action: — Referred to COMMUNICATIONS AND TECHNOLOGY, Dec. 17, 2025
Sponsors
- Bryan Cutler (R, PA-100) — cosponsor · 2025-12-17
- Michael Stender (R, PA-108) — cosponsor · 2025-12-17
- Mark M. Gillen (R, PA-128) — cosponsor · 2025-12-17
Action timeline
- · house — Referred to COMMUNICATIONS AND TECHNOLOGY, Dec. 17, 2025
Text versions
No text versions on file yet — same ingest as the action timeline populates these. Each version has direct links to the XML / HTML / PDF at govinfo.gov.
Bill text
Printer's No. 2722 · 93,869 characters · source document
Read the full text
PRINTER'S NO. 2722
THE GENERAL ASSEMBLY OF PENNSYLVANIA
HOUSE BILL
No. 2104
Session of
2025
INTRODUCED BY GROVE AND CUTLER, DECEMBER 17, 2025
REFERRED TO COMMITTEE ON COMMUNICATIONS AND TECHNOLOGY,
DECEMBER 17, 2025
AN ACT
1 Amending Title 71 (State Government) of the Pennsylvania
2 Consolidated Statutes, in boards and offices, providing for
3 information technology; establishing the Office of
4 Information Technology and the Information Technology Fund;
5 providing for administrative and procurement procedures and
6 for the Joint Cybersecurity Oversight Committee; imposing
7 duties on the Office of Information Technology; providing for
8 administration of Pennsylvania Statewide Radio Network; and
9 imposing penalties.
10 The General Assembly of the Commonwealth of Pennsylvania
11 hereby enacts as follows:
12 Section 1. Part V of Title 71 of the Pennsylvania
13 Consolidated Statutes is amended by adding a chapter to read:
14 CHAPTER 43
15 INFORMATION TECHNOLOGY
16 Subchapter
17 A. General Provisions
18 B. Office of Information Technology
19 C. Business Operations
20 D. Procurement of Information Technology
21 E. Security
1 F. Enforcement and Penalties
2 G. Pennsylvania Statewide Radio Network
3 SUBCHAPTER A
4 GENERAL PROVISIONS
5 Sec.
6 4301. Scope of chapter.
7 4302. Findings and declarations.
8 4303. Definitions.
9 § 4301. Scope of chapter.
10 This chapter relates to administrative procedures and
11 procurement regarding information technology.
12 § 4302. Findings and declarations.
13 The General Assembly finds and declares the following:
14 (1) The Commonwealth has struggled to keep information
15 technology costs under control, including failing to include
16 as part of overall costs, time spent by Commonwealth staff
17 for development, implementation and use of information
18 technology.
19 (2) Many of the Commonwealth's information technology
20 contracts extend well beyond their anticipated date of
21 completion.
22 (3) The Commonwealth can begin to reduce information
23 technology costs by the consolidation of information
24 technology functions and resources within the executive
25 branch.
26 (4) Consolidation of information technology services
27 will not only reduce costs but create more efficient
28 information technology operations.
29 (5) By reforming the Commonwealth's outdated approach to
30 information technology, the Commonwealth can improve data and
20250HB2104PN2722 - 2 -
1 analytic capabilities and improve cybersecurity.
2 (6) The improvement of operations will enhance taxpayer
3 satisfaction and make it easier for residents to navigate.
4 (7) Consolidation of information technology services
5 must be designed to improve accountability and transparency
6 to taxpayers and enhance the Commonwealth's data and
7 analytics capabilities.
8 (8) The Commonwealth shall, as part of its information
9 technology and cybersecurity efforts:
10 (i) Reduce redundancy and align information
11 technology spending in a manner that reduces costs and
12 measurably improves Commonwealth agency mission
13 effectiveness.
14 (ii) Improve quality, transparency and
15 accountability in the procurement and use of information
16 technology.
17 (iii) Achieve five-year budget limits, within
18 limited variance, for all administrative agencies for
19 projects above a de minimis threshold.
20 (iv) Achieve measurable protection for Commonwealth
21 data, including identifying and mitigating risks for
22 personal identifiable information and other valuable,
23 nonpublic mission critical data.
24 § 4303. Definitions.
25 The following words and phrases when used in this chapter
26 shall have the meanings given to them in this section unless the
27 context clearly indicates otherwise:
28 "Architecture." The overall design of a computing system and
29 the logical and physical interrelationships between its
30 components.
20250HB2104PN2722 - 3 -
1 "Authorization to operate." A formal declaration by the head
2 of the State agency that:
3 (1) authorizes operation of a product and explicitly
4 accepts the risk to agency operations; and
5 (2) is signed after the system has met and passed all
6 requirements to become operational.
7 "Business case." A statement specifying the needs of the
8 State agency for information technology, services and related
9 resources, including expected improvements to programmatic or
10 business operations, and the requirements for State resources
11 and funding, together with an evaluation of those requirements
12 by the chief information officer assigned to the State agency
13 which takes into consideration:
14 (1) The State's current technology.
15 (2) The opportunities for technology sharing.
16 (3) Any other factors relevant to the analysis by the
17 director.
18 "Director." The administrative head of the office and chief
19 information officer of the Commonwealth.
20 "Distributed information technology assets." Hardware,
21 software and communications equipment not classified as
22 traditional mainframe-based items, including, but not limited
23 to, personal computers, local area networks, servers, mobile
24 computers, peripheral equipment and other related hardware and
25 software items.
26 "Electronic bidding." The electronic solicitation and
27 receipt of offers to contract.
28 "Fund." The Information Technology Fund established under
29 section 4316 (relating to Information Technology Fund).
30 "Independent agency." As follows:
20250HB2104PN2722 - 4 -
1 (1) A board, commission, authority or other agency of
2 the Commonwealth that is not subject to the policy
3 supervision and control of the Governor.
4 (2) The term does not include:
5 (i) A court or agency of the unified judicial
6 system.
7 (ii) The General Assembly or an agency of the
8 General Assembly.
9 "Independent department." Any of the following:
10 (1) The Department of the Auditor General.
11 (2) The Treasury Department.
12 (3) The Office of Attorney General.
13 (4) A board or commission of an entity under paragraph
14 (1), (2) or (3).
15 "Information technology." Hardware, software and
16 telecommunications equipment, including, but not limited to, the
17 following:
18 (1) Personal computers.
19 (2) Servers.
20 (3) Mainframes.
21 (4) Wired or wireless wide and local area networks.
22 (5) Broadband.
23 (6) Mobile or portable computers.
24 (7) Peripheral equipment.
25 (8) Telephones.
26 (9) Wireless communications.
27 (10) Handheld devices.
28 (11) Facsimile machines.
29 (12) Technology facilities, including, but not limited
30 to, data centers, dedicated training facilities or switching
20250HB2104PN2722 - 5 -
1 facilities.
2 (13) Electronic payment processing services.
3 (14) Other relevant hardware and software items or
4 personnel tasked with the planning, implementation or support
5 of technology, including hosting or vendor-managed service
6 solutions.
7 "Information technology budget." As follows:
8 (1) All information technology expenditures listed by
9 project and amount of expenditure for planning, development,
10 modernization, operations and maintenance.
11 (2) The term includes all software, hardware,
12 Commonwealth and vendor staff and service costs.
13 "Information technology security incident." A computer-based
14 activity, network-based activity or paper-based activity that
15 results directly or indirectly in misuse, damage, denial of
16 service, compromise of integrity or loss of confidentiality of a
17 network, computer, application or data.
18 "Office." The Office of Information Technology established
19 under Subchapter B (relating to Office of Information
20 Technology).
21 "Open data." Government data sets and documents that are
22 considered publicly available under the act of February 14, 2008
23 (P.L.6, No.3), known as the Right-to-Know Law, or other
24 Commonwealth transparency initiatives to use and republish
25 without restriction from copyright, patents or other
26 restrictions on control.
27 "Portal." A publicly accessible Internet website.
28 "Reverse auction." A real-time purchasing process in which
29 vendors compete to provide goods or services at the lowest
30 selling price in an open and interactive electronic environment.
20250HB2104PN2722 - 6 -
1 "Secretary." The Secretary of Administration of the
2 Commonwealth.
3 "State agency." Any of the following:
4 (1) The Governor's Office.
5 (2) A department, board, commission, authority or other
6 agency of the Commonwealth that is subject to the policy
7 supervision and control of the Governor.
8 (3) The office of Lieutenant Governor.
9 (4) An independent agency.
10 SUBCHAPTER B
11 OFFICE OF INFORMATION TECHNOLOGY
12 Sec.
13 4311. Establishment of office.
14 4312. Duties of office.
15 4313. Director.
16 4314. Transfer of additional duties and personnel.
17 4315. Planning and financing information technology resources.
18 4316. Information Technology Fund.
19 4317. Financial accountability and information technology.
20 4318. Commonwealth portal.
21 4319. Statewide information technology transparency portal.
22 4320. State agency requests for information technology and
23 services.
24 4321. Status of information technology projects and corrective
25 action plans.
26 § 4311. Establishment of office.
27 The Office of Information Technology is established within
28 the Governor's Office of Administration to oversee and achieve
29 information technology consolidation and other findings of this
30 chapter.
20250HB2104PN2722 - 7 -
1 § 4312. Duties of office.
2 (a) Duties generally.--The office shall:
3 (1) Consolidate information technology functions,
4 powers, duties, obligations, infrastructure and support
5 services vested in State agencies.
6 (2) Provide, operate and manage the information
7 technology services for each State agency under the
8 Governor's jurisdiction, including, but not limited to, the
9 following:
10 (i) The development of priorities and strategic
11 plans.
12 (ii) The management of information technology
13 investments, procurement and policy.
14 (iii) Compliance with the provisions of this chapter
15 through consultation and engagement with the secretary of
16 each agency.
17 (3) Procure all information technology and information
18 technology as a service for State agencies utilizing the
19 processes under 62 Pa.C.S. Ch. 5 (relating to source
20 selection and contract formation). The office shall integrate
21 technological review, cost analysis and procurement for all
22 information technology needs of State agencies to make
23 procurement and implementation of technology more responsive,
24 efficient and cost effective.
25 (4) Determine any changes to staffing or operations
26 regarding information technology.
27 (5) Provide documentation and training to achieve
28 development in the functional responsibilities that shall
29 include:
30 (i) Defining an information technology strategy
20250HB2104PN2722 - 8 -
1 plan.
2 (ii) Defining enterprise architecture.
3 (iii) Determining technological direction.
4 (iv) Defining information technology organization
5 and relationships.
6 (v) Managing information technology investment.
7 (vi) Communicating management aims and direction.
8 (vii) Managing information technology human
9 resources.
10 (viii) Managing quality.
11 (ix) Assessing risks.
12 (x) Managing projects.
13 (xi) Identifying automated solutions.
14 (xii) Acquiring and maintaining application
15 software.
16 (xiii) Acquiring and maintaining technology
17 infrastructure.
18 (xiv) Enabling operation and use.
19 (xv) Procuring information technology resources.
20 (xvi) Managing changes.
21 (xvii) Installing and accrediting solutions and
22 changes.
23 (xviii) Defining and managing service levels.
24 (xix) Managing third-party services.
25 (xx) Managing performance and capacity.
26 (xxi) Ensuring continuous service.
27 (xxii) Ensuring system security.
28 (xxiii) Identifying and allocating costs.
29 (xxiv) Educating and training users.
30 (xxv) Managing service desk and incidents.
20250HB2104PN2722 - 9 -
1 (xxvi) Managing the configuration.
2 (xxvii) Managing problems.
3 (xxviii) Managing data.
4 (xxix) Managing physical environment.
5 (xxx) Managing operations.
6 (xxxi) Monitoring and evaluating information
7 technology performance.
8 (xxxii) Monitoring and evaluating internal controls.
9 (xxxiii) Ensuring compliance with external
10 requirements.
11 (xxxiv) Providing improved information technology
12 governance.
13 (b) Specific duties.--As part of the general duties under
14 subsection (a), the office shall:
15 (1) Develop and administer a comprehensive long-range
16 plan to ensure the proper management of the information
17 technology resources of the Commonwealth.
18 (2) Set technical standards for information technology
19 and review and approve information technology projects and
20 budgets.
21 (3) Establish information technology security standards.
22 (4) Provide for the procurement of information
23 technology resources.
24 (5) Develop a schedule for the replacement or
25 modification of information technology systems.
26 (6) Prescribe the manner in which information technology
27 assets, systems and personnel shall be provided and
28 distributed among State agencies.
29 (7) Prescribe the manner of inspecting or testing
30 information technology assets, systems or personnel to
20250HB2104PN2722 - 10 -
1 determine compliance with information technology plans,
2 specifications and requirements.
3 (8) Develop an annual information technology strategic
4 plan that aligns information technology expenditures with
5 each State agency's strategic initiatives and ongoing mission
6 needs, including priorities resource use and expenditures,
7 performance review measures, procurement and other governance
8 and planning measures.
9 (9) Provide guidance, review and approve the information
10 technology plans for each State agency.
11 (10) Obtain guidance and consult with the Office of the
12 Budget on budgetary matters regarding information technology
13 spending and procurement plans.
14 (11) Obtain advice on matters involving overall
15 technology and data governance from academia, private sector
16 and other leading government institutions.
17 (12) Establish and maintain an information technology
18 portfolio management process to prepare and manage the
19 information technology budget, including overall monitoring
20 of information technology program objectives and alignment
21 with administrative priorities, budgets and expenditures.
22 (13) Identify common information technology business
23 functions within each State agency.
24 (14) Make recommendations for consolidation, integration
25 and investment.
26 (15) Facilitate the use of common technology, as
27 appropriate.
28 (16) Ensure the proper use of project management
29 methodologies and principles on information technology
30 projects, including measures to review project delivery and
20250HB2104PN2722 - 11 -
1 quality.
2 (17) Ensure compliance by each State agency with
3 required business process reviews.
4 (18) Audit the information technology assets of each
5 State agency no later than 547 days after the effective date
6 of this paragraph.
7 (19) Serve as a liaison between State agencies and
8 contracted information technology vendors.
9 (20) Align the appropriate technology and procurement
10 methods with the service strategy.
11 (21) Establish and maintain an information technology
12 architecture that ensures a modern operating environment for
13 agencies and aligns all information technology investments to
14 the information technology strategic plan. This architecture
15 shall include the following, as appropriate:
16 (i) The development of standards, policies,
17 processes and strategic technology roadmaps.
18 (ii) The performance of technical reviews and
19 capability assessments of services, technologies and
20 State agency systems.
21 (iii) The evaluation of requests for information
22 technology policy exceptions.
23 (iv) The ability to incorporate emerging
24 technologies in a cost-effective and timely manner.
25 (22) Develop and implement efforts to standardize data
26 elements and determine data ownership assignments.
27 (23) Establish and operate centers of expertise for
28 specific information technologies and services to serve two
29 or more State agencies on a cost-sharing basis, if the
30 director, after consultation with the Office of the Budget,
20250HB2104PN2722 - 12 -
1 decides it is advisable from the standpoint of the
2 information technology strategic plan, efficiency and economy
3 to establish these centers and services.
4 (24) Require a State agency served to transfer to the
5 office ownership, custody or control of information
6 processing equipment, supplies and positions required to
7 implement the information technology strategic plan.
8 (25) Develop and promote training programs to
9 efficiently implement, use and manage information technology
10 resources throughout State government.
11 (26) Develop and maintain a comprehensive information
12 technology inventory.
13 (27) Monitor compliance with information technology
14 policy and standards through investment, budgeting and
15 architectural review processes.
16 (28) Maintain and strengthen the Commonwealth's
17 cybersecurity posture through security governance.
18 (29) Develop security solutions, services and programs
19 to protect data and infrastructure.
20 (30) Identify and remediate security risks and maintain
21 citizen trust in securing computerized personal information.
22 (31) Implement programs, processes and solutions to
23 maintain cybersecurity situational awareness and effectively
24 respond to cybersecurity attacks and information technology
25 security incidents.
26 (32) Create a process identifying risks to the success
27 of information technology programs and projects, developing
28 mitigations, incorporating mitigating actions in budgeting
29 and investment and review processes.
30 (33) Conduct evaluations and compliance audits of State
20250HB2104PN2722 - 13 -
1 agency security infrastructure.
2 (34) Develop and produce cost, risk and quality
3 initiatives that consolidate State agency information
4 technology services, including, but not limited to,
5 infrastructure, personnel, investments, operations and
6 support services necessary to achieve the findings of this
7 chapter.
8 (35) Establish and facilitate a process for the
9 identification, evaluation and optimization of information
10 technology shared services.
11 (36) Establish a process for the following:
12 (i) Developing and implementing telecommunications
13 policies, services and infrastructure.
14 (ii) Reviewing and authorizing State agency requests
15 for enhanced services.
16 (37) Identify opportunities for convergence and
17 leveraging existing assets to reduce or eliminate duplicative
18 telecommunication networks.
19 (38) Establish, maintain and continuously optimize cost
20 and performance of an information technology service
21 management process library and services catalog to govern the
22 services provided to each State agency.
23 (39) Establish a formal operational testing environment
24 to enable the rapid evaluation and introduction of new
25 information technology services and the retiring of existing
26 information technology services.
27 (40) Establish metrics to monitor the health of the
28 services provided and make appropriate corrections as
29 necessary.
30 (41) Establish information technology data management
20250HB2104PN2722 - 14 -
1 and development policy frameworks throughout each State
2 agency that include policies, processes and standards that
3 adhere to commonly accepted principles for, among other
4 things, data governance, data development and the quality,
5 sourcing, use, accessibility, content, ownership and
6 licensing of open data.
7 (42) Create and maintain a comprehensive open data
8 portal for public accessibility.
9 (43) Provide guidance regarding the procurement of
10 supplies and services related to the subject matter of this
11 chapter.
12 (44) Facilitate communication with the public by
13 publishing open data plans and policies and by soliciting or
14 allowing for public input on the subject matter of this
15 chapter.
16 (45) Ensure the internal examination of Commonwealth
17 data sets for business, confidentiality, privacy and security
18 issues and the reasonable mitigation of those issues, prior
19 to the data's release for open data purposes.
20 (46) Develop and facilitate the engagement with private
21 and other public stakeholders, including, but not limited to,
22 arranging for and expediting data-sharing agreements and
23 encouraging and facilitating cooperation and substantive and
24 administrative efficiencies.
25 (47) Develop and facilitate data sharing and data
26 analytics to minimize redundancy and align information
27 technology spending in a manner that reduces costs and
28 measurably improves Commonwealth agency mission
29 effectiveness.
30 (48) Oversee the information technology contracts of
20250HB2104PN2722 - 15 -
1 each State agency. The following shall apply:
2 (i) The office shall obtain, review and maintain, on
3 an ongoing basis, records of the appropriations,
4 allotments, expenditures and revenues of each State
5 agency for information technology.
6 (ii) The office shall identify opportunities for
7 consolidation of redundant expenditures that could be
8 more cost effectively provided through multiagency shared
9 services.
10 (iii) The office shall conduct annual reviews of
11 agency programs and contract cost estimates to ensure
12 accuracy and quality in budgetary estimates.
13 (c) Discretionary duties.--The office may provide
14 information technology services on a cost-sharing basis to the
15 following:
16 (1) An independent department as requested by the head
17 of the independent department.
18 (2) The General Assembly and its agencies as requested
19 by the President pro tempore of the Senate and the Speaker of
20 the House of Representatives.
21 (3) The judicial branch as requested by the Chief
22 Justice of Pennsylvania.
23 § 4313. Director.
24 (a) Appointment and salary.--The secretary shall appoint the
25 director and set the starting salary of the director.
26 (b) Qualifications.--The director must be qualified by
27 experience for the office and have at least five years of
28 experience dealing with public sector information systems in a
29 State government agency or an equivalent entity. The
30 qualifications shall include, but are not limited to, verifying
20250HB2104PN2722 - 16 -
1 that an individual has the proper industry certifications
2 necessary to perform the duties under this chapter.
3 (c) Duties.--In addition to other duties specified under
4 this chapter, the director shall:
5 (1) Manage the operations of the office in a manner
6 conducive to achieving the findings of this chapter.
7 (2) Review and approve reports by each State agency
8 concerning information technology assets, systems, personnel
9 and projects and prescribe the form of the reports.
10 (3) Hire personnel as necessary to perform the functions
11 of the office.
12 (4) Provide written determination to the Secretary of
13 the Budget of findings, remediation plan and restructuring
14 actions for programs designated as the color red in
15 accordance with section 4319 (relating to Statewide
16 information technology transparency portal).
17 (5) Notify the Treasury Department in order to suspend
18 funding for a program that has been designated as the color
19 red in accordance with section 4321 (relating to status of
20 information technology projects and corrective action plans).
21 (d) Oversight.--The director shall oversee the manner and
22 means by which information technology business and disaster
23 recovery plans for State agencies are created, reviewed and
24 updated.
25 (e) Disaster recovery plan.--
26 (1) The director shall ensure that each State agency
27 establish a disaster recovery planning team and work with the
28 office to develop a disaster recovery plan and administer and
29 implement the plan.
30 (2) In developing a disaster recovery plan, all of the
20250HB2104PN2722 - 17 -
1 following shall be completed:
2 (i) Consideration of the organizational, managerial
3 and technical environments in which the plan must be
4 implemented.
5 (ii) An assessment of the types and likely
6 parameters of disasters most likely to occur and the
7 resultant impacts on the State agency's ability to
8 perform its mission.
9 (iii) The listing of the protective measures to be
10 implemented in anticipation of a natural or manmade
11 disaster.
12 (iv) A determination whether the plan is adequate to
13 address information technology security incidents.
14 (3) Each State agency shall submit its disaster recovery
15 plan to the director on an annual basis and as otherwise
16 requested by the director.
17 § 4314. Transfer of additional duties and personnel.
18 Upon the effective date of this section, information
19 technology functions, powers, duties, obligations and services
20 shall be transferred to and organized to the maximum extent
21 practicable into centers that provide shared services to State
22 agencies. The following shall apply:
23 (1) The chief information officer of each State agency
24 or shared service center shall:
25 (i) Report directly to the director.
26 (ii) Work within the chief information officer's
27 respective State agency or shared service center on
28 behalf of the office as an employee of the office.
29 (2) An employee of a State agency who handles or
30 otherwise has responsibility for the State agency's
20250HB2104PN2722 - 18 -
1 information technology services shall be transferred to the
2 office and operate in the physical location of the State
3 agency or the shared services center supporting that agency,
4 but the employee shall report matters to the office and be
5 supervised by the chief information officer of the State
6 agency or head of the shared services center.
7 (3) The chief information officer of each agency or
8 shared service center shall be responsible for identifying
9 and implementing actions and milestones as required to
10 fulfill the remediation plan determined by the director under
11 section 4313(c)(4) (relating to director).
12 (4) Each State agency shall provide personnel if
13 necessary to participate in project management,
14 implementation, testing, shared services and other activities
15 for an information technology project.
16 § 4315. Planning and financing information technology
17 resources.
18 (a) Development of policies.--The director shall issue
19 necessary policies for State agency information technology
20 planning and financing consistent with the findings under
21 section 4302 (relating to findings and declarations).
22 (b) Development of plan.--
23 (1) The director shall analyze the needs for information
24 and information technology systems and develop a plan to
25 ascertain the needs, costs and time frame required for State
26 agencies to efficiently use information technology systems,
27 resources, security and data management to achieve the
28 purposes of this chapter. The following shall apply:
29 (i) The plan may include current applications and
30 infrastructure, migration from current environments and
20250HB2104PN2722 - 19 -
1 other information necessary for fiscal or technology
2 planning.
3 (ii) The plan shall include a budget for all
4 information technology expenditures.
5 (2) In consultation with the Secretary of the Budget,
6 the office shall develop and implement a plan to manage all
7 information technology funding, including Commonwealth and
8 other receipts, as soon as practicable. As part of the
9 development and implementation, the following shall apply:
10 (i) Funding for information technology resources,
11 projects and contracts shall be allocated to each
12 Commonwealth agency by the office based on approved
13 business case submissions.
14 (ii) Information technology budget codes and fund
15 codes shall be created as required.
16 (3) The director shall develop strategic plans for
17 information technology as necessary.
18 (c) Consultation and cooperation.--
19 (1) In determining whether a strategic plan is necessary
20 for a State agency, the director shall consider the State
21 agency's operational needs, functions and performance
22 capabilities.
23 (2) The director shall consult with and assist State
24 agencies in the preparation of plans under this subsection.
25 (3) Each State agency shall actively participate in
26 preparing, testing and implementing an information technology
27 plan as determined by the director. A State agency shall
28 provide all financial information to the director necessary
29 to determine full costs and expenditures for information
30 technology assets, including resources provided by the State
20250HB2104PN2722 - 20 -
1 agency or through contracts or grants.
2 (4) Each State agency shall prepare and submit plans as
3 required by the director.
4 (5) A plan by a State agency shall be submitted to the
5 director no later than October 1 of each even-numbered year.
6 (d) Biennial plan.--
7 (1) The director shall develop a biennial State
8 Information Technology Plan, which shall be transmitted to
9 the General Assembly in conjunction with the Governor's
10 budget submission that year.
11 (2) The biennial plan shall include:
12 (i) An inventory of current information technology
13 assets and major projects.
14 (ii) An inventory of significant unmet needs for
15 information technology resources over a five-year time
16 period, along with a ranking of the unmet needs in
17 priority order according to their urgency.
18 (iii) A statement of the financial requirements,
19 together with a recommended funding schedule for major
20 projects in progress or anticipated for approval during
21 the upcoming fiscal biennium.
22 (iv) An analysis of opportunities for Statewide
23 initiatives that would yield significant efficiencies or
24 improve effectiveness in State programs.
25 (3) As used in this subsection, the term "major project"
26 includes a project costing more than $500,000 to implement.
27 § 4316. Information Technology Fund.
28 (a) Establishment.--An account is established in the General
29 Fund to be known as the Information Technology Fund.
30 (b) Receipt of money.--The fund shall receive money for the
20250HB2104PN2722 - 21 -
1 operations of the office and to fulfill the duties of the office
2 under this chapter by the following methods:
3 (1) The transfer of encumbered funds from each State
4 agency which were designated for information technology
5 purposes prior to the effective date of this paragraph.
6 (2) Transfers as authorized by the General Assembly that
7 are not already provided for under this section.
8 (3) The transfer of a portion of a State agency's funds
9 regarding general government operations for information
10 technology employees.
11 (c) Use of fund money.--
12 (1) Subject to paragraph (2), the director shall approve
13 the disbursement of money from the fund, which shall be used
14 for the following purposes and other legitimate purposes:
15 (i) Project management.
16 (ii) Security.
17 (iii) Email operations for State agencies under the
18 policy supervision and jurisdiction of the Governor.
19 (iv) State portal operations.
20 (v) State agencies' annual information technology
21 budget.
22 (vi) Operations of the office, including salaries
23 and expenses of all State agency information technology
24 personnel.
25 (2) Expenditures for the operations of the office made
26 from the fund that involve money appropriated from the
27 General Fund shall be approved by the director.
28 § 4317. Financial accountability and information technology.
29 (a) Development of processes.--Subject to subsection (b),
30 the office, along with the Secretary of the Budget and the State
20250HB2104PN2722 - 22 -
1 Treasurer, shall develop processes for budgeting and accounting
2 of expenditures for information technology operations, including
3 all Commonwealth personnel, services, projects, infrastructure
4 and assets across all State agencies.
5 (b) Included information.--The budgeting and accounting
6 processes under subsection (a) shall include, but not be limited
7 to, information regarding the following:
8 (1) Hardware.
9 (2) Software.
10 (3) Personnel.
11 (4) Training.
12 (5) Contractual services, including cloud service
13 providers.
14 (6) Other items relevant to information technology.
15 (c) Significant resources.--State agency requests for
16 significant resources shall provide the information required in
17 section 4320 (relating to State agency requests for information
18 technology and services).
19 (d) Reports generally.--Subject to subsections (e) and (f),
20 by February 1 of each year, the director shall report to the
21 General Assembly the following information:
22 (1) Services currently provided and associated
23 transaction volumes or other relevant indicators of
24 utilization by user type.
25 (2) New services added during the previous year.
26 (3) The total appropriation for each service.
27 (4) The total amount remitted to the vendor for each
28 service.
29 (5) Any other use of State data by the vendor and the
30 total amount of revenue collected per use and in total.
20250HB2104PN2722 - 23 -
1 (6) User satisfaction with each service.
2 (7) Any other issues associated with the provision of
3 each service.
4 (e) Financial information.--The director shall, at a
5 minimum, include in the report under subsection (d) the
6 following financial information:
7 (1) Current budgetary balances for the fund and each
8 information technology project.
9 (2) Line-item details on expenditures.
10 (3) Anticipated expenditures for the next four years.
11 (4) Cybersecurity expenditures for the previous and next
12 four years by each agency.
13 (5) The financial activities of the fund, including fund
14 expenditures, during the immediately prior fiscal year.
15 (f) Issuance.--In addition to the General Assembly, a report
16 under subsection (c) shall be submitted to the following:
17 (1) The Secretary of the Budget.
18 (2) The Independent Fiscal Office.
19 § 4318. Commonwealth portal.
20 The office shall establish a single point of service
21 accessible electronically by means in use by residents of this
22 Commonwealth. The following shall apply:
23 (1) Each State agency shall functionally link its
24 Internet or electronic services to a centralized web portal
25 system established under this chapter.
26 (2) The office shall ensure the portal facilitates
27 Commonwealth residents' ease in conducting online
28 transactions with and obtaining information from State
29 government.
30 (3) The portal shall be designed to facilitate and
20250HB2104PN2722 - 24 -
1 improve public interactions along with communications between
2 State agencies.
3 § 4319. Statewide information technology transparency portal.
4 (a) Implementation.--Within one year of the effective date
5 of this subsection, the office shall develop, operate and update
6 regularly a web-based portal detailing the status of each of the
7 Commonwealth's information technology projects, to increase the
8 transparency and convenience for the public in obtaining
9 information regarding State information technology activity as
10 contained in section 4317 (relating to financial accountability
11 and information technology).
12 (b) Contents.--The portal shall include the following:
13 (1) A brief summary of each information technology
14 project.
15 (2) The approved budget of each project.
16 (3) The total and percent of the project's approved
17 budget that has been expended by the agency based on the end
18 balance from the prior business day along with a color
19 designation as follows:
20 (i) If an information technology project is under
21 the project's approved budget, the project shall be
22 designated as the color green.
23 (ii) If an information technology project is over
24 the project's approved budget, the project shall be
25 designated as the color red.
26 (4) The completion date in the original contract along
27 with the total percent of work for the project that has been
28 completed, along with a color designation as follows:
29 (i) If an information technology project has not
30 exceeded the completion date in the original contract,
20250HB2104PN2722 - 25 -
1 the project shall be designated as the color green.
2 (ii) If an information technology project has
3 exceeded the completion date in the original contract,
4 the project shall be designated as the color red.
5 (5) A summary of the scope of work along with a color
6 designation as follows:
7 (i) If an information technology project is meeting
8 the scope of work in the original contract, the project
9 shall be designated as the color green.
10 (ii) If an information technology project is not
11 meeting the scope of work in the original contract, the
12 project shall be designated as the color red.
13 (6) A summary of the performance requirements of the
14 contract, along with a color designation as follows:
15 (i) If an information technology project is meeting
16 the performance requirements in the original contract,
17 the project shall be designated as the color green.
18 (ii) If an information technology project is not
19 meeting the performance measures in the original
20 contract, the project shall be designated as the color
21 red.
22 (c) Posting.--Posting of draft and final policy documents
23 shall be made within 90 days of the effective date of this
24 subsection.
25 (1) The office shall make available all proposed and
26 existing information technology related policies and laws by
27 an intranet accessible to all State employees.
28 (2) The policy intranet documents shall be made
29 available via the web-based portal when deployed.
30 § 4320. State agency requests for information technology and
20250HB2104PN2722 - 26 -
1 services.
2 A State agency shall submit a business case to the office,
3 requesting significant resources as defined by the director, for
4 the purpose of acquiring, operating or maintaining information
5 technology or services for the State agency. The office shall
6 supply sufficient staff support for agency business case
7 development. The following shall apply regarding the business
8 case:
9 (1) A review and evaluation shall be made of the
10 business case that is prepared by the chief information
11 officer assigned to the State agency that includes an
12 assessment of risk and ensures that the cost and schedule
13 estimates incorporate the risk assessment.
14 (2) In cases of an acquisition, there shall be an
15 explanation of the method by which the acquisition is to be
16 financed.
17 (3) A statement shall be made by the chief information
18 officer assigned to the State agency that specifies viable
19 alternatives, if any, for meeting the State agency needs in
20 an economical and efficient manner. The statement shall
21 include an analysis of alternatives that identifies the best
22 approach for achieving mission improvement or program results
23 within available funding and that takes into consideration
24 the following:
25 (i) Organization, process and technology options.
26 (ii) At least three alternatives, including the
27 status quo, a shared service or external service option
28 and any other alternatives consistent with the
29 architecture and strategy developed by the office.
30 (4) An assessment of and plan for ensuring cybersecurity
20250HB2104PN2722 - 27 -
1 and privacy issues shall be incorporated and funded in the
2 request for resources.
3 § 4321. Status of information technology projects and
4 corrective action plans.
5 (a) Designation.--With respect to a business case under
6 section 4320 (relating to State agency requests for information
7 technology and services), the office shall designate as red, as
8 specified under section 4319 (relating to Statewide information
9 technology transparency portal), and identify a remediation
10 plan, including contract and program restructuring, for programs
11 experiencing cost or schedule overruns or performance shortfall
12 exceeding the business case as funded. The following shall
13 apply:
14 (1) The remediation plan and restructuring actions shall
15 address root causes of the program and contract cost,
16 performance or schedule overruns.
17 (2) The office shall ensure the business case is updated
18 to establish a new baseline of cost, schedule and performance
19 objectives that reflect the remediation plan and
20 restructuring action.
21 (3) Upon determining that an information technology
22 project has been designated red, the office shall notify the
23 Governor's Office, the Auditor General and the General
24 Assembly.
25 (4) The remediation plan and restructuring action shall
26 be finalized within 60 days from notification.
27 (b) Transmittal.--The finalized corrective action plan shall
28 be sent to the General Assembly and the Auditor General.
29 (c) Additional requirements.--The director shall notify the
30 State Treasurer to suspend future expenditure of funds for any
20250HB2104PN2722 - 28 -
1 technology project that is designated as red under this section
2 and that fails to adopt a remediation plan within the time
3 outlined under this section. The following shall apply:
4 (1) If a State agency adopts within the time allowed
5 under this section a remediation plan, but the project's
6 designation remains red following implementation of the plan,
7 the director shall require the agency to adopt a new
8 remediation plan or may, at the director's discretion,
9 suspend or terminate the project.
10 (2) To implement this section, the director and each
11 State agency shall include as part of contract provisions
12 necessary to suspend payment for the failure of a contractor
13 or vendor to complete the requirements of the contract on
14 time or on budget.
15 SUBCHAPTER C
16 BUSINESS OPERATIONS
17 Sec.
18 4331. Reporting requirements regarding procurement.
19 4332. Communications services.
20 4333. Project approval standards.
21 4334. Project management standards.
22 4335. Dispute resolution.
23 4336. Purchase of certain equipment prohibited.
24 4337. Refurbished computer equipment purchasing program.
25 4338. Data on reliability and other matters.
26 § 4331. Reporting requirements regarding procurement.
27 (a) Bids.--A vendor submitting a bid or proposal shall
28 disclose in a statement, provided contemporaneously with the bid
29 or proposal, where services will be performed under the contract
30 sought, including any subcontracts, and whether any services
20250HB2104PN2722 - 29 -
1 under that contract, including any subcontracts, are anticipated
2 to be performed outside the United States.
3 (b) Retention and reports.--The director shall:
4 (1) Retain the statements required by this section
5 regardless of the State agency that awards the contract.
6 (2) Report annually to the secretary on the number of
7 contracts.
8 (c) Records of purchases.--Each State agency that makes a
9 purchase of information technology through the office shall
10 report directly to the director, who shall keep annual records
11 of information technology purchases.
12 (d) Effect of section.--Nothing in this section is intended
13 to contravene any existing treaty, law, agreement or regulation
14 of the United States.
15 § 4332. Communications services.
16 Except as otherwise provided under Subchapter G (relating to
17 Pennsylvania Statewide Radio Network), the director shall
18 exercise authority for telecommunications and other
19 communications included in information technology relating to
20 the internal management and operations of a State agency. In
21 discharging this responsibility, the director shall:
22 (1) Ensure that no data of a confidential nature shall
23 be entered into or processed through an information
24 technology system or network established under this chapter
25 until appropriate safeguards and other security measures are
26 approved by the director and installed and fully operational.
27 (2) Provide for the establishment, management and
28 operation, through State ownership, by contract or through
29 commercial leasing, of the following systems and services as
30 they affect the internal management and operation of State
20250HB2104PN2722 - 30 -
1 agencies:
2 (i) Central telephone systems and telephone
3 networks, including Voice over Internet Protocol and
4 commercial mobile radio systems.
5 (ii) Satellite services.
6 (iii) Closed-circuit television systems.
7 (iv) Two-way radio systems.
8 (v) Microwave systems.
9 (vi) Related systems based on telecommunication
10 technologies.
11 (vii) Broadband.
12 (3) Coordinate the development of cost-sharing systems
13 for respective State agencies for their proportionate parts
14 of the cost of maintenance and operation of the systems and
15 services listed in this section.
16 (4) Assist in the development of coordinated
17 telecommunications services or systems within and among all
18 State agencies and recommend, where appropriate, cooperative
19 utilization of telecommunication facilities by aggregating
20 users.
21 (5) Perform traffic analysis and engineering for all
22 telecommunications services and systems listed in this
23 section.
24 (6) Establish telecommunications specifications and
25 designs so as to promote and support compatibility of the
26 systems within State agencies.
27 (7) Provide every three years an inventory of
28 telecommunications costs, facilities, systems and personnel
29 within State agencies.
30 (8) Promote, coordinate and assist in the design and
20250HB2104PN2722 - 31 -
1 engineering of emergency telecommunications systems,
2 including, but not limited to, the 911 emergency telephone
3 number program, emergency medical services and other
4 emergency telecommunications services.
5 (9) Perform frequency coordination and management for
6 State agencies and municipalities, in accordance with the
7 rules and regulations of the Federal Communications
8 Commission or any successor Federal agency.
9 (10) Advise all State agencies on telecommunications
10 management planning and related matters and provide
11 opportunities for training to users within State agencies in
12 telecommunications technology and systems.
13 (11) Assist and coordinate the development of policies
14 and long-range plans, consistent with the protection of
15 residents' rights to privacy and access to information, for
16 the acquisition and use of telecommunications systems. All
17 policies and plans shall be based on current information
18 about the Commonwealth's telecommunications activities in
19 relation to the full range of emerging technologies.
20 § 4333. Project approval standards.
21 (a) Review and approval.--The director shall review all
22 proposed information technology projects for each State agency
23 and make a determination of approval or disapproval within 15
24 business days of receipt. Project approval may be granted upon
25 the director's determination that:
26 (1) the project conforms to project management
27 procedures and policies and to procurement rules and
28 policies; and
29 (2) sufficient funds are available for implementation.
30 (b) Implementation.--Unless expressly exempt within this
20250HB2104PN2722 - 32 -
1 chapter, a State agency may not proceed with an information
2 technology project until the director approves the project.
3 (c) Disapproval.--If a project is not approved, the director
4 shall specify in writing the grounds for the disapproval after
5 making the determination. The director shall provide notice of
6 the disapproval, along with the grounds for the disapproval, to
7 all of the following:
8 (1) The State agency.
9 (2) The Secretary of the Budget.
10 (3) The State Treasurer.
11 (4) The Auditor General.
12 (5) The General Assembly.
13 (d) Suspension.--
14 (1) The director may suspend an information technology
15 project if the project:
16 (i) fails to meet the applicable quality assurance
17 standards;
18 (ii) has exceeded its projected costs; or
19 (iii) has failed to meet its projected completion
20 date.
21 (2) If the director suspends a project for a reason
22 under paragraph (1), the director shall specify in writing
23 the grounds for suspending the project no later than five
24 business days after making the determination. The director
25 shall provide notice of the suspension, along with the
26 grounds for suspension, to all of the following:
27 (i) The State agency.
28 (ii) The Secretary of the Budget.
29 (iii) The State Treasurer.
30 (iv) The Auditor General.
20250HB2104PN2722 - 33 -
1 (v) The General Assembly.
2 (vi) A vendor or organization contracted by the
3 respective State agency for work on the suspended
4 project.
5 (3) After a project has been suspended, the State
6 Treasurer may not allow the transfer of money from the State
7 agency to support additional work under the project unless
8 the director approves an amended version of the plan for the
9 project.
10 (4) If a State agency attempts to continue to implement
11 a project that is no longer approved by the director and
12 expend additional money for the project, the State Treasurer
13 shall prevent the transfer of funds and remit the intended
14 expenditures into the fund. After remitting the unauthorized
15 expenditure, the State Treasurer shall immediately notify the
16 following:
17 (i) The director.
18 (ii) The Governor.
19 (iii) The Secretary of the Budget.
20 (iv) The General Assembly.
21 § 4334. Project management standards.
22 (a) Personnel.--Each State agency shall provide personnel if
23 necessary to participate in project management, implementation,
24 testing and other activities for an information technology
25 project.
26 (b) Policies.--The director shall develop office policies
27 for implementing an approved project, whether the project is
28 undertaken in single or multiple phases or components.
29 (c) Project management assistant.--
30 (1) The director may designate a project management
20250HB2104PN2722 - 34 -
1 assistant to implement an information technology project of a
2 State agency.
3 (2) A project management assistant for a State agency
4 shall:
5 (i) Advise the State agency regarding
… [truncated — open the source document for the complete text]Connected on the graph
Outbound (1)
| date | type | to | amount | role | source |
|---|---|---|---|---|---|
| — | referred_to_committee | Pennsylvania House Communications And Technology Committee | — | pa-leg |
The full graph
Every typed relationship touching this entity — 1 edge across 1 category. Grouped by what the connection is; the heaviest few are shown, with a link to the full list.
Committees
→ Referred to committee 1 edge
Who matters
Members ranked by combined influence on this bill: role (sponsor 5 / cosponsor 1), capped speech count from the Congressional Record, and recorded-vote engagement.
| # | Member | Role | Speeches | Voted | Score |
|---|---|---|---|---|---|
| 1 | Bryan Cutler (R, state_lower PA-100) | cosponsor | 0 | — | 1 |
| 2 | Mark M. Gillen (R, state_lower PA-128) | cosponsor | 0 | — | 1 |
| 3 | Michael Stender (R, state_lower PA-108) | cosponsor | 0 | — | 1 |
Predicted vote
Aggregated from: actual roll-call votes (when present) → sponsor → cosponsor → party median (predicts YES when ≥25% of the caucus sponsored/cosponsored). Each row labels its confidence tier so you can see why a position was predicted.
0 predicted yes (0%) · 543 predicted no (100%) · 0 unknown (0%)
By party: · R: 0 yes / 277 no · D: 0 yes / 263 no · I: 0 yes / 3 no
Activity
Every typed-graph event involving this entity, newest first. Each row is one edge in the influence graph; click the date to jump to its provenance.
- 2026-05-20 · was referred to Pennsylvania House Communications And Technology Committee · pa-leg