§ 143B‑1322.  State CIO duties; Departmental personnel and administration.

(a) State CIO. – The State Chief Information Officer (State CIO) is the head of the Department, a member of the Governor's cabinet, and may also be referred to as the Secretary of the Department of Information Technology. The State CIO is appointed by and serves at the pleasure of the Governor. The State CIO shall be qualified by education and experience for the office. The salary of the State CIO shall be set by the Governor. The State CIO shall receive longevity pay on the same basis as is provided to employees of the State who are subject to the North Carolina Human Resources Act.

(b) Departmental Personnel. – The State CIO may appoint one or more deputy State CIOs, each of whom shall be under the direct supervision of the State CIO. The salaries of the deputy State CIOs shall be set by the State CIO. The State CIO and the Deputy State CIOs are exempt from the North Carolina Human Resources Act. Subject to the approval of the Governor and limitations of the G.S. 126‑5, the State CIO may appoint or designate additional managerial and policy making positions, including, but not limited to, the Department's chief financial officer and general counsel, each of whom shall be exempt from the North Carolina Human Resources Act.

(c) Administration. – The Department shall be managed under the administration of the State CIO. The State CIO shall have the following powers and duty to do all of the following:

(1) Ensure that executive branch agencies receive all required information technology support in an efficient and timely manner.

(2) Ensure that such information technology support is provided to local government entities and others, as appropriate.

(3) Approve the selection of the respective agency chief information officers.

(4) As required, plan and coordinate information technology efforts with State agencies, nonprofits, and private organizations.

(5) Ensure the security of State information technology systems and networks, as well as associated data, developing standardized systems and processes.

(6) Prepare and present the Department's budget in accordance with Chapter 143C of the General Statutes, the State Budget Act.

(7) Establish rates for all goods and services provided by the Department within required schedules.

(8) Identify and work to consolidate duplicate information technology capabilities.

(9) Identify and develop plans to increase State data center efficiencies, consolidating assets in State‑managed data centers.

(10) Plan for and manage State network development and operations.

(11) Centrally classify, categorize, manage, and protect the State's data.

(12) Obtain, review, and maintain, on an ongoing basis, records of the appropriations, allotments, expenditures, and revenues of each State agency for information technology.

(13) Be responsible for developing and administering a comprehensive long‑range plan to ensure the proper management of the State's information technology resources.

(14) Set technical standards for information technology, review and approve information technology projects and budgets, establish information technology security standards, provide for the procurement of information technology resources, and develop a schedule for the replacement or modification of information technology systems.

(15) Require reports by State departments, institutions, or agencies of information technology assets, systems, personnel, and projects; prescribe the form of such reports; and verify the information when the State CIO determines verification is necessary.

(16) Prescribe the manner in which information technology assets, systems, and personnel shall be provided and distributed among agencies.

(17) Establish and maintain a program to provide career management for information technology professionals.

(18) Prescribe the manner of inspecting or testing information technology assets, systems, or personnel to determine compliance with information technology plans, specifications, and requirements.

(19) Supervise and support the operations of the CGIA, GICC, GDAC, and 911 Board.

(20) Oversee and coordinate an Education Community of Practice.

(21) Repealed by Session Laws 2016‑94, s. 7.14(d), effective July 1, 2016.

(22) Coordinate with the Department of Public Safety to manage statewide response to cybersecurity incidents, significant cybersecurity incidents, and ransomware attacks as defined by G.S. 143B‑1320.

(d) Budgetary Matters. – The Department's budget shall incorporate information technology costs and anticipated expenditures of State agencies identified as participating agencies, together with all divisions, boards, commissions, or other State entities for which the principal departments have budgetary authority.

(e) State Ethics Act. – All employees of the Department shall be subject to the applicable provisions of the State Government Ethics Act under Chapter 138A of the General Statutes. (2015‑241, s. 7A.2(b); 2015‑268, s. 2.2; 2016‑94, s. 7.14(d); 2016‑96, s. 1; 2017‑6, s. 3; 2018‑146, ss. 3.1(a), (b), 6.1; 2019‑200, s. 6(a); 2021‑180, ss. 19A.7A(f), 38.13(d).)