C.R.S. Section 24-37.5-102
Definitions


As used in this article 37.5, unless the context otherwise requires:

(1)

“Advisory board” means the government data advisory board created in section 24-37.5-702.

(2)

“Availability” means the timely and reliable access to and use of information created, generated, collected, or maintained by a public agency.

(3)

“Chief information officer” means the chief information officer appointed pursuant to section 24-37.5-103.

(4)

“Confidentiality” means the preservation of authorized restrictions on information access and disclosure, including the means for protecting personal privacy and proprietary information.

(5)

“Data” means facts that can be collected, analyzed, or used in an effort to gain knowledge or make decisions, and that are represented as texts, numbers, graphics, images, sounds, and videos.

(6)

“Data management” means development and execution of architectures, policies, practices, and procedures that properly manage the creation, collection, protection, sharing, analysis, transmission, storage, and destruction of data.

(7)

“Department of higher education” means the Colorado commission on higher education, collegeinvest, the Colorado student loan program, the Colorado college access network, the private occupational school division, and the state historical society.

(8)

“Disaster recovery” means the provisioning of the office’s provided services for operational recovery, readiness, response, and transition of information technology applications, systems, or resources.

(9)

“Enterprise” means:

(a)

Information technology services that can be applied across state government; and

(b)

Support for information technology that can be applied across state government, including:

(I)

Technical support;

(II)

Software;

(III)

Hardware;

(IV)

People; and

(V)

Standards.

(10)

“Information security” means the protection of communication and information resources from unauthorized access, use, disclosure, disruption, modification, or destruction in order to:

(a)

Protect against theft or misappropriation of information, as well as improper access, modification, degradation, or destruction of information;

(b)

Preserve authorized restrictions on information access and disclosure;

(c)

Ensure timely and reliable access to and use of information; and

(d)

Maintain the confidentiality, integrity, and availability of information.

(11)

“Information security plan” means the plan developed by a public agency pursuant to section 24-37.5-404.

(12)

“Information technology” means technology, infrastructure, equipment, systems, software, controlling, displaying, switching, interchanging, transmitting, and receiving data or information, including audio, video, graphics, and text. “Information technology” shall be construed broadly to incorporate future technologies that change or supplant those in effect as of September 7, 2021.

(13)

“Infrastructure” means data and telecommunications networks, data center services, website hosting and portal services, and shared enterprise services such as email and directory services; except that “infrastructure” does not include the provision of website information architecture and content.

(14)

“Institution of higher education” means a state-supported institution of higher education.

(15)

“Integrity” means the prevention of improper information modification or destruction and ensuring information nonrepudiation and authenticity.

(16)

“Interdepartmental data protocol” means file sharing and governance policies, processes, and procedures that permit the merging of data for the purposes of policy analysis and determination of program effectiveness.

(17)

“Joint technology committee” means the joint technology committee created in section 2-3-1702.

(18)

“Local government” means the government of any county, city and county, home rule or statutory city, town, special district, or school district.

(19)

“Major information technology project” means a project that considers risk, impact on employees and citizens, and budget, and that includes at least one of the following: A complex set of challenges, a specific level of business criticality, a complex group or high number of stakeholders or system end users, a significant financial investment, or security or operational risk. A “major information technology project” includes, without limitation, implementing a new information technology system or maintaining or replacing an existing information technology system.

(20)

“Nongovernmental organization” means any scientific, research, professional, business, or public-interest organization that is neither affiliated with nor under the direction of the United States government or any state or local government.

(21)

“Office” means the office of information technology created pursuant to section 24-37.5-103.

(22)

“Personal identifying information” means any information that alone, or in combination with other information, can be used to identify an individual, including, but not limited to, social security number, driver’s license number or other identification number, biometric data, personal health information as defined by the federal “Health Insurance Portability and Accountability Act of 1996”, as amended, Pub.L. 104-191, and other information that is considered personal information or personally identifiable information as defined in law.

(23)

“Political subdivision” means a municipality, county, city and county, town, or school district in this state.

(24)

“Project management” means the application of knowledge, skills, tools, and techniques to support completing outcomes identified in the work.

(25)

“Project manager” means a person who is trained in the management of information technology projects and is responsible for organizing and leading the project team that accomplishes all of the project deliverables.

(26)

“Public agency” means every state office, whether executive or judicial, and all of its respective offices, departments, divisions, commissions, boards, bureaus, and institutions. “Public agency” does not include institutions of higher education or the general assembly.

(27)

“Security incident” means an accidental or deliberate event that results in or constitutes an imminent threat of the unauthorized access, loss, disclosure, modification, disruption, or destruction of communication and information resources.

(28)

“State agency” means all of the departments, divisions, commissions, boards, bureaus, and institutions in the executive branch of the state government. “State agency” does not include the legislative or judicial department, the department of education, the department of law, the department of state, the department of the treasury, or state-supported institutions of higher education.

(29)

“State information technology personnel” means any personnel whose employment is necessary to carry out the purposes of this article 37.5 by the chief information officer and to administer, perform, and enforce the powers, duties, and functions of the office.

Source: Section 24-37.5-102 — Definitions, https://leg.­colorado.­gov/sites/default/files/images/olls/crs2023-title-24.­pdf (accessed Oct. 20, 2023).

24‑37.5‑101
Legislative declaration - findings
24‑37.5‑102
Definitions
24‑37.5‑103
Office of information technology - creation - information technology revolving fund - geographic information system coordination
24‑37.5‑105
Office - roles - responsibilities - state search interface - rules - legislative declaration - definitions
24‑37.5‑105.2
State agencies - information technology - responsibilities
24‑37.5‑105.4
Delegation of authority
24‑37.5‑106
Chief information officer - duties and responsibilities
24‑37.5‑116
Communications and stakeholder management plan
24‑37.5‑117
Use of technology to interact with citizens - working group - strategic plan
24‑37.5‑118
Change of references - director to revisor of statutes
24‑37.5‑119
Broadband service - report - broadband deployment board - broadband administrative fund - creation - rules - legislative declaration - definitions - repeal
24‑37.5‑120
Technology risk prevention and response fund - creation - definitions
24‑37.5‑121
Digital access to government services - strategic plan - reporting - legislative declaration - definitions
24‑37.5‑122
Study of personally identifiable information - authority of chief information officer - report to joint technology committee - definitions - repeal
24‑37.5‑123
Colorado operations resource engine upgrade and continuous improvement project - reporting
24‑37.5‑401
Legislative declaration
24‑37.5‑403
Chief information security officer - duties and responsibilities
24‑37.5‑404
Public agencies - information security plans
24‑37.5‑404.5
Institutions of higher education - information security plans
24‑37.5‑404.7
General assembly - information security plans
24‑37.5‑405
Security incidents - authority of chief information security officer
24‑37.5‑701
Legislative declaration - intent
24‑37.5‑702
Government data advisory board - created - duties - definition
24‑37.5‑703
Interdepartmental data protocol - contents
24‑37.5‑704
Data-sharing - authorization
24‑37.5‑801
Information technology asset inventory - refresh cycle schedule - report
24‑37.5‑802
Information technology budget requests - working group - report
24‑37.5‑901
Legislative declaration
24‑37.5‑902
Definitions
24‑37.5‑903
Colorado broadband office - creation - responsibilities - gifts, grants, or donations
24‑37.5‑904
Digital inclusion grant program - income-eligible household reimbursement program - creation - award criteria - digital inclusion grant program fund - definition - reporting - repeal
Green check means up to date. Up to date

Current through Fall 2024

§ 24-37.5-102’s source at colorado​.gov