Technology risk prevention and response fund
(1)As used in this section, unless the context otherwise requires:
(a)Intentionally left blank —Ed.
(I)“Information technology emergency” means a situation in which an immediate threat to the public health, welfare, or safety exists, where the situation creates an immediate need for information technology equipment or services, and the lack of information technology or services would threaten:
(A)The health or safety of any person or property;
(B)The immediate functioning of one or more of the state’s essential services; or
(C)The security, confidentiality, or integrity of the state’s information technology.
(II)An information technology emergency does not exist as a result of budget cycles, fiscal year-end requirements, or potential loss of funding.
(b)“Technology risk prevention and response fund” or “fund” means the technology risk prevention and response fund created in subsection (2) of this section.
(2)The technology risk prevention and response fund is hereby created in the state treasury. The fund consists of money that the general assembly may appropriate or transfer to the fund, money contributed to the fund by the office pursuant to subsection (4)(d) of this section, and money transferred to the fund pursuant to subsection (6) of this section.
(3)The state treasurer shall credit all interest and income derived from the deposit and investment of money in the fund to the fund. Any unexpended and unencumbered money remaining in the fund at the end of a fiscal year remains in the fund and does not revert to the general fund.
(4)Intentionally left blank —Ed.
(a)Up to fifty percent of the total balance of the fund at the beginning of each fiscal year is continuously appropriated to the office. The total fund balance shall not exceed fifty million dollars.
(b)The office may expend money from the fund to cover one-time costs associated with information technology expenditures as specified in subsection (4)(c) of this section and to provide the office and state agencies a financial mechanism to address costs associated with emergency or at-risk information technology.
(c)The office shall use the money in the fund for one-time costs associated with:
(I)An information technology emergency;
(II)Ensuring compliance with the office’s information technology standards and policies; or
(III)Preventing risk from information technology that is:
(B)Nearing or no longer maintained or supported by manufacturers or vendors;
(C)Out of security compliance or creating security risk;
(D)Part of an outstanding state audit recommendation; or
(E)Keeping the state from recognizing efficiencies or advances in information technology or information technology financing.
(d)The office may contribute money to the fund from the operations and maintenance fees associated with the billing practices of the office.
(5)No later than November 1, 2022, the office shall provide a written report to the joint budget committee and the joint technology committee outlining the expenditures of money from the fund. Notwithstanding section 24-1-136 (11)(a)(I), no later than the twentieth day of every third month thereafter, the office shall submit a written report to the joint budget committee and joint technology committee of all expenditures of funds since the last report. The written report must include, but need not be limited to, the following:
(a)A list of each expenditure made from the fund, including the purpose and amount of the expenditure, the date on which the expenditure was made, the state agency or agencies that benefited from the expenditure, and how the expenditure met the criteria set forth in subsection (4) of this section; and
(b)Financial statements that analyze the demand for funding and the annual fund balance as of the start of each fiscal year.
(6)Intentionally left blank —Ed.
(a)Notwithstanding any provision of law to the contrary, for the 2022-23 state fiscal year and for each state fiscal year thereafter, any money appropriated from the general fund to the office or a state agency for the procurement of information technology resources or projects that is unexpended or unencumbered at the end of the fiscal year as a result of savings achieved in connection with such procurement, shall not revert to the general fund.
(b)On July 1, 2023, and on July 1 of each year thereafter, the state treasurer shall transfer from the general fund to the technology risk prevention and response fund an amount equal to the amount of unexpended and unencumbered money described in subsection (6)(a) of this section.
Section 24-37.5-120 — Technology risk prevention and response fund - creation - definitions,
https://leg.colorado.gov/sites/default/files/images/olls/crs2023-title-24.pdf (accessed Oct. 20, 2023).