143B-1320. Definitions; scope; exemptions.

(a) Definitions. - The following definitions apply in this Article:

(1) CGIA. - Center for Geographic Information and Analysis.

(2) CJIN. - Criminal Justice Information Network.

(3) Community of practice. - A collaboration of organizations with similar requirements, responsibilities, or interests.

(4) Cooperative purchasing agreement. - An agreement between a vendor and one or more states or state agencies providing that the parties may collaboratively or collectively purchase information technology goods and services in order to increase economies of scale and reduce costs.

(5) Department. - The Department of Information Technology.

(6) Distributed information technology assets. - Hardware, software, and communications equipment not classified as traditional mainframe-based items, including personal computers, local area networks, servers, mobile computers, peripheral equipment, and other related hardware and software items.

(7) Enterprise solution. - An information technology solution that can be used by multiple agencies.

(8) Exempt agencies. - An entity designated as exempt in subsection (b) of this section.

(9) GDAC. - Government Data Analytics Center.

(10) GICC. - North Carolina Geographic Information Coordinating Council.

(11) Information technology or IT. - Set of tools, processes, and methodologies, including, but not limited to, coding and programming; data communications, data conversion, and data analysis; architecture; planning; storage and retrieval; systems analysis and design; systems control; mobile applications; and equipment and services employed to collect, process, and present information to support the operation of an organization. The term also includes office automation, multimedia, telecommunications, and any personnel and support personnel required for planning and operations.

(12) Information technology security incident. - A computer-, network-, or paper-based activity that results directly or indirectly in misuse, damage, denial of service, compromise of integrity, or loss of confidentiality of a network, computer, application, or data.

(13) Local government entity. - A local political subdivision of the State, including a city, a county, a local school administrative unit as defined in G.S. 115C-5, or a community college.

(14) Participating agency. - Any agency that has transferred its information technology personnel, operations, projects, assets, and funding to the Department of Information Technology. The State CIO shall be responsible for providing all required information technology support to participating agencies.

(15) Security incident. A warning or indication of a threat to or breach of information or computer security. The term also includes threats that have already occurred.

(16) Separate agency. - Any agency that has maintained responsibility for its information technology personnel, operations, projects, assets, and funding. The agency head shall work with the State CIO to ensure that the agency has all required information technology support.

(17) State agency or agency. - Any agency, department, institution, commission, committee, board, division, bureau, office, unit, officer, or official of the State. The term does not include the legislative or judicial branches of government or The University of North Carolina.

(18) State Chief Information Officer or State CIO. - The head of the Department, who is a Governor's cabinet level officer.

(19) State CIO approved data center. - A data center designated by the State CIO for State agency use that meets operational standards established by the Department.

(b) Exemptions. - Except as otherwise specifically provided by law, the provisions of this Chapter do not apply to the following entities: the General Assembly, the Judicial Department, and The University of North Carolina and its constituent institutions. These entities may elect to participate in the information technology programs, services, or contracts offered by the Department, including information technology procurement, in accordance with the statutes, policies, and rules of the Department. The election must be made in writing, as follows:

(1) For the General Assembly, by the Legislative Services Commission.

(2) For the Judicial Department, by the Chief Justice.

(3) For The University of North Carolina, by the Board of Governors.

(4) For the constituent institutions of The University of North Carolina, by the respective boards of trustees.

(c) Deviations. - Any State agency may apply in writing to the State Chief Information Officer for approval to deviate from the provisions of this Chapter. If granted by the State Chief Information Officer, any deviation shall be consistent with available appropriations and shall be subject to such terms and conditions as may be specified by the State CIO.

(d) Review. - Notwithstanding subsection (b) of this section, any State agency shall review and evaluate any deviation authorized and shall, in consultation with the Department of Information Technology, adopt a plan to phase out any deviations that the State CIO determines to be unnecessary in carrying out functions and responsibilities unique to the agency having a deviation. The plan adopted by the agency shall include a strategy to coordinate its general information processing functions with the Department of Information Technology in the manner prescribed by this act and provide for its compliance with policies, procedures, and guidelines adopted by the Department of Information Technology. Any agency receiving a deviation shall submit its plan to the Office of State Budget and Management as directed by the State Chief Information Officer.