C.R.S. Section 24-37.5-120
Technology risk prevention and response fund

  • creation
  • definitions

(1)

As used in this section, unless the context otherwise requires:

(a)

Intentionally left blank —Ed.

(I)

“Information technology emergency” means a situation in which an immediate threat to the public health, welfare, or safety exists, where the situation creates an immediate need for information technology equipment or services, and the lack of information technology or services would threaten:

(A)

The health or safety of any person or property;

(B)

The immediate functioning of one or more of the state’s essential services; or

(C)

The security, confidentiality, or integrity of the state’s information technology.

(II)

An information technology emergency does not exist as a result of budget cycles, fiscal year-end requirements, or potential loss of funding.

(b)

“Technology risk prevention and response fund” or “fund” means the technology risk prevention and response fund created in subsection (2) of this section.

(2)

The technology risk prevention and response fund is hereby created in the state treasury. The fund consists of money that the general assembly may appropriate or transfer to the fund, money contributed to the fund by the office pursuant to subsection (4)(d) of this section, and money transferred to the fund pursuant to subsection (6) of this section.

(3)

The state treasurer shall credit all interest and income derived from the deposit and investment of money in the fund to the fund. Any unexpended and unencumbered money remaining in the fund at the end of a fiscal year remains in the fund and does not revert to the general fund.

(4)

Intentionally left blank —Ed.

(a)

Up to fifty percent of the total balance of the fund at the beginning of each fiscal year is continuously appropriated to the office. The total fund balance shall not exceed fifty million dollars.

(b)

The office may expend money from the fund to cover one-time costs associated with information technology expenditures as specified in subsection (4)(c) of this section and to provide the office and state agencies a financial mechanism to address costs associated with emergency or at-risk information technology.

(c)

The office shall use the money in the fund for one-time costs associated with:

(I)

An information technology emergency;

(II)

Ensuring compliance with the office’s information technology standards and policies; or

(III)

Preventing risk from information technology that is:

(A)

Anticipating failure;

(B)

Nearing or no longer maintained or supported by manufacturers or vendors;

(C)

Out of security compliance or creating security risk;

(D)

Part of an outstanding state audit recommendation; or

(E)

Keeping the state from recognizing efficiencies or advances in information technology or information technology financing.

(d)

The office may contribute money to the fund from the operations and maintenance fees associated with the billing practices of the office.

(5)

No later than November 1, 2022, the office shall provide a written report to the joint budget committee and the joint technology committee outlining the expenditures of money from the fund. Notwithstanding section 24-1-136 (11)(a)(I), no later than the twentieth day of every third month thereafter, the office shall submit a written report to the joint budget committee and joint technology committee of all expenditures of funds since the last report. The written report must include, but need not be limited to, the following:

(a)

A list of each expenditure made from the fund, including the purpose and amount of the expenditure, the date on which the expenditure was made, the state agency or agencies that benefited from the expenditure, and how the expenditure met the criteria set forth in subsection (4) of this section; and

(b)

Financial statements that analyze the demand for funding and the annual fund balance as of the start of each fiscal year.

(6)

Intentionally left blank —Ed.

(a)

Notwithstanding any provision of law to the contrary, for the 2022-23 state fiscal year and for each state fiscal year thereafter, any money appropriated from the general fund to the office or a state agency for the procurement of information technology resources or projects that is unexpended or unencumbered at the end of the fiscal year as a result of savings achieved in connection with such procurement, shall not revert to the general fund.

(b)

On July 1, 2023, and on July 1 of each year thereafter, the state treasurer shall transfer from the general fund to the technology risk prevention and response fund an amount equal to the amount of unexpended and unencumbered money described in subsection (6)(a) of this section.

Source: Section 24-37.5-120 — Technology risk prevention and response fund - creation - definitions, https://leg.­colorado.­gov/sites/default/files/images/olls/crs2023-title-24.­pdf (accessed Oct. 20, 2023).

24‑37.5‑101
Legislative declaration - findings 24‑37.5‑102
Definitions 24‑37.5‑103
Office of information technology - creation - information technology revolving fund - geographic information system coordination 24‑37.5‑105
Office - roles - responsibilities - state search interface - rules - legislative declaration - definitions 24‑37.5‑105.2
State agencies - information technology - responsibilities 24‑37.5‑105.4
Delegation of authority 24‑37.5‑106
Chief information officer - duties and responsibilities 24‑37.5‑116
Communications and stakeholder management plan 24‑37.5‑117
Use of technology to interact with citizens - working group - strategic plan 24‑37.5‑118
Change of references - director to revisor of statutes 24‑37.5‑119
Broadband service - report - broadband deployment board - broadband administrative fund - creation - rules - legislative declaration - definitions - repeal 24‑37.5‑120
Technology risk prevention and response fund - creation - definitions 24‑37.5‑121
Digital access to government services - strategic plan - reporting - legislative declaration - definitions 24‑37.5‑122
Study of personally identifiable information - authority of chief information officer - report to joint technology committee - definitions - repeal 24‑37.5‑123
Colorado operations resource engine upgrade and continuous improvement project - reporting 24‑37.5‑401
Legislative declaration 24‑37.5‑403
Chief information security officer - duties and responsibilities 24‑37.5‑404
Public agencies - information security plans 24‑37.5‑404.5
Institutions of higher education - information security plans 24‑37.5‑404.7
General assembly - information security plans 24‑37.5‑405
Security incidents - authority of chief information security officer 24‑37.5‑701
Legislative declaration - intent 24‑37.5‑702
Government data advisory board - created - duties - definition 24‑37.5‑703
Interdepartmental data protocol - contents 24‑37.5‑704
Data-sharing - authorization 24‑37.5‑801
Information technology asset inventory - refresh cycle schedule - report 24‑37.5‑802
Information technology budget requests - working group - report 24‑37.5‑901
Legislative declaration 24‑37.5‑902
Definitions 24‑37.5‑903
Colorado broadband office - creation - responsibilities - gifts, grants, or donations 24‑37.5‑904
Digital inclusion grant program - income-eligible household reimbursement program - creation - award criteria - digital inclusion grant program fund - definition - reporting - repeal
Green check means up to date. Up to date

Current through Fall 2024

§ 24-37.5-120’s source at colorado​.gov