(a) Each DCS Customer shall provide to the department
the name, title, contact information, including emergency contact,
of the designated employee(s) authorized to initiate, change, modify,
or amend services. At a minimum it shall include:
(1) Executive level technology officer such as a Chief
Information Officer or Information Resources Manager; and
(2) Customer Representative.
(b) Each DCS Customer is responsible for ensuring that
its use of DCS services is in compliance with applicable law, policy,
and procedures.
(c) For software products not initially procured by
or through the DCS program on behalf of DCS Customer, the DCS Customer
shall coordinate with the DCS program to ensure complete documentation
of entitlement is on file. The DCS Customer is responsible for providing
proof of entitlement; without which, the DCS Customer is solely responsible
for software license compliance.
(d) Each state agency customer that receives funding
through the state appropriations shall coordinate with the department
and the Legislative Budget Board to establish anticipated DCS program
needs for each subsequent biennium. In coordination with the department,
the state agency shall consider:
(1) Type and volume of future service; and
(2) Planned IT projects.
(e) To ensure savings to the state, each designated
state agency shall make all reasonable efforts to affect server consolidation
into the state data center. At a minimum, a designated state agency
shall do the following:
(1) Coordinate with service provider to establish a
consolidation plan in which server move groups and schedules for the
consolidation of move groups are established;
(2) Coordinate with the department and the Legislative
Budget Board to ensure its biennium budget includes the resources
necessary to accomplish server consolidation per the established consolidation
plan;
(3) Make all reasonable efforts, including the remediation
of impacted applications, to ensure the consolidation plan is accomplished
as scheduled.
(f) Audit notification.
(1) DCS Customers shall promptly notify the department
whenever the customer becomes aware that an audit or compliance review
is planned by external, internal, software vendor, or federal oversight
auditors that will require audit assistance from the DCS program Service
Providers. In any event, where audit assistance is required, the DCS
Customer shall notify the department of planned audit or compliance
review no less than five business days prior to anticipated start
of audit or compliance review.
(2) In performing audits, DCS Customers shall endeavor
to avoid unnecessary disruption of the DCS program operations and
duplication of other audits. Therefore, DCS Customers shall leverage
SOC or comparable audits provided for under the DCS contract, to the
extent possible.
(3) The state auditor, the department's internal auditors,
a state agency's internal auditors, and if applicable, the Office
of Inspector General of the agency, or federal auditors, may conduct
audits or investigations of any entity receiving funds from the state
directly under a contract or indirectly under a subcontract for Statewide
Technology Center services.
(4) A DCS Customer may request copies of audit reports
submitted to the department as required by the DCS contract and governed
by the Auditing Standards Board of the American Institute of Certified
Public Accountants (AICPA) or successor group. The requesting DCS
Customer should submit the request to the DCS Audit Coordinator at
the department. Due to the confidential nature of information in the
report, the requesting DCS Customer shall only distribute the report
to its staff that have a legitimate business need for access to the
report and may not distribute the report to external auditors or entities.
External auditors that require access to a report in connection with
an audit of a DCS Customer must contact the DCS Audit Coordinator
and sign a non-disclosure agreement prior to receiving a copy of the
report.
(g) Technology planning.
(1) Each DCS Customer will participate in an annual
DCS technology planning process based on instructions provided in
the technology planning process as documented in the Service Management
Manual. This planning will relate to the services the DCS Customer
receives or expects to receive through the program.
(2) All DCS Customer shall follow the technology standards
for hardware and software configurations as specified in the annual
technology plan and Service Management Manual. DCS Customers seeking
exception to specified technology standards shall comply with the
relevant Service Management Manual.
(h) Governance process.
(1) All DCS Customers will participate in the governance
process designed to facilitate individual customer input into enterprise
decisions that affect all customers. Each customer is assigned to
a group of similar customers, called a "partner group", and that group
will be given one membership position on each governance committee.
Members of the partner group are expected to represent the interests
of all partner group members in governance decisions.
(2) Enterprise-level decisions and resolution of escalated
DCS Customer-specific issues shall be addressed through standing governance
committees, organized by subject area and comprised of representatives
from the department, DCS Customers, and service providers. Participation
on committees is selected from each designated partner group.
(i) Confidential data.
(1) DCS Customer shall provide its specific confidentiality
requirements as determined by the nature of the data stored in the
DCS program. Generally, the specific confidentiality requirements
shall be appended to the interagency or interlocal contract. The Service
Management Manual shall provide additional documentation on the specific
procedures, including the process DCS Customers shall follow to identify
confidential information.
(2) In general, a DCS Customer shall include in the
interagency or interlocal agreement:
(A) General notification as to the type of confidential
data and the laws that guide in the handling of such data; and
(B) Subsequent changes to laws that apply to previously
identified confidential data.
(j) Security.
(1) DCS Customers shall comply with the Security Incident
Management and Response process available in the Service Management
Manual.
(2) DCS Customers shall be in compliance with 1 Texas
Administrative Code Chapter 202.
|
Source Note: The provisions of this §215.12 adopted to be effective March 17, 2015, 40 TexReg 1368; amended to be effective September 17, 2018, 43 TexReg 5947; amended to be effective August 1, 2021, 46 TexReg 4681 |