GENERAL ASSEMBLY OF NORTH CAROLINA

SESSION 2019

 

SESSION LAW 2019-200

HOUSE BILL 217

 

 

AN ACT to make miscellaneous and technical changes to the statutes relating to the department of information technology; amend various statutes relating to state agency cybersecurity; amend various statutes relating to the emergency telephone service and the 911 board; repeal the requirement that cable service providers must provide cable service without charge to a public building located within 125 feet of the provider's cable system; create the information technology strategy board; REQUIRE training and certification of police telecommunicators; and Clarify the authority of the State Chief Information Officer to make personnel decisions relating to employees of the Department of Information Technology.

 

The General Assembly of North Carolina enacts:

 

SECTION 1.  G.S. 143B‑1350 reads as rewritten:

"§ 143B‑1350.  Procurement of information technology.

…

(c)        The Department shall, subject to the provisions of this Part, do all of the following with respect to State information technology procurement:

…

(3)        Establish standardized, consistent processes, specifications, and standards that shall apply to all information technology to be purchased, licensed, or leased by State agencies and relating to information technology personal services contract requirements for State agencies, including, but not limited to, requiring convenience contracts to be rebid prior to termination without extensions.agencies.

…

(5)        Establish procedures to permit State agencies and local government entities to use multiple award schedule contracts and other cooperative purchasing agreements.

…

(f1)      Multiple‑Award Schedule Contracts. – The procurement of information technology may be conducted using multiple award schedule contracts. Contracts awarded under this subsection shall be periodically updated as directed by the State CIO to include the addition or deletion of particular vendors, goods, services, or pricing.

…."

SECTION 2.  G.S. 143B‑1362 reads as rewritten:

"§ 143B‑1362.  Personal services contracts subject to Article.

(a)        Requirement. – Notwithstanding any other provision of law, information technology personal services contracts for executive branch agencies shall be subject to the same requirements and procedures as information technology service contracts, except as provided in this section.

(b)        Certain Approvals Required. – Notwithstanding any provision of law to the contrary, no information technology personal services contract, nor any contract that provides personnel to perform information technology functions regardless of the cost of the contract, may be established or renewed without written approval from the Department of Information Technology and the Office of State Budget and Management. Technology. To facilitate compliance with this requirement, the Department of Information Technology shall develop and document the following:

(1)        Standards for determining whether it is more appropriate for an agency to hire an employee or use the services of a vendor.

(2)        A a process to monitor all State agency information technology personal services contracts, as well as any other State contracts providing personnel to perform information technology functions.

(3)        A functions and a process for obtaining approval of contractor positions.

(c)        Creation of State Positions in Certain Cases. – The Department of Information Technology shall review current information technology personal services contracts on an ongoing basis and determine if each contractor is performing a function that could more appropriately be performed by a State employee. Where the determination is made that a State employee should be performing the function, the Department of Information Technology shall work with the impacted agency and the Office of State Human Resources to identify or create the position.

(d)       Compliance Audits Required. – The Department of Information Technology shall conduct periodic audits of State agencies that are subject to this Article to determine the degree to which those agencies are complying with the rules and procedures that govern information technology personal services contracts.

(e)        Reporting Required. – The Department of Information Technology shall report biennially to the Joint Legislative Oversight Committee on Information Technology and the Fiscal Research Division on all of the following:

(1)        Its progress toward standardizing information technology personal services contracts.

(2)        The the number of information technology service contractors in each State agency, the cost for each, and the comparable cost, including benefits, of a State employee serving in that capacity rather than a contractor.

(3)        The results of the compliance audits conducted pursuant to subsection (d) of this section.

(f)        Information Technology Personal Services Contract Defined. – For purposes of this section, the term "personal services contract" means a contract for services provided by a professional individual as an independent contractor on a temporary or occasional basis.

(g)        Rules Required. – The Department of Information Technology shall adopt rules consistent with this section."

SECTION 3.  G.S. 143‑787(d) reads as rewritten:

"(d)      The Office of the State Chief Information Officer shall ensure that the Section is provided with all necessary access to the Government Data Analytics Center and all other information technology services."

SECTION 4.  G.S. 143B‑1420(a) reads as rewritten:

"(a)      Council Established. – The North Carolina Geographic Information Coordinating Council ("Council") is established to develop policies regarding the utilization of geographic information, GIS systems, and other related technologies. The Council shall be responsible for the following:

(1)        Strategic planning.

(2)        Resolution of policy and technology issues.

(3)        Coordination, direction, and oversight of State, local, and private GIS efforts.

(4)        Advising the Governor, the General Assembly, and the State Chief Information Officer as to needed directions, responsibilities, and funding regarding geographic information.

The purpose of this statewide geographic information coordination effort shall be to further cooperation among State, federal, and local government agencies; academic institutions; and the private sector to improve the quality, access, cost‑effectiveness, and utility of North Carolina's geographic information and to promote geographic information as a strategic resource in the State. The Council shall be located in the Office of the Governor Department of Information Technology for organizational, budgetary, and administrative purposes."

SECTION 5.  G.S. 143B‑1353 reads as rewritten:

"§ 143B‑1353.  Financial interest of officers in sources of supply; acceptance of bribes.bribes; gifts and favors regulated.

(a)        Neither the State CIO, any deputy State CIO, or any other policy‑making or managerially exempt personnel shall be financially interested, or have any personal beneficial interest, either directly or indirectly, in the purchase of, or contract for, any information technology, nor in any firm, corporation, partnership, or association furnishing any information technology to the State government or any of its departments, institutions, or agencies, nor shall any of these persons or any other Department employee accept or receive, directly or indirectly, from any person, firm, or corporation to whom any contract may be awarded, by rebate, gifts, or otherwise, any money or anything of value whatsoever, or any promise, obligation, or contract for future reward or compensation. agencies. Violation of this section is a Class F felony, and any person found guilty of a violation of this section shall, upon conviction, be removed from State office or employment.

(b)        The provisions of G.S. 133‑32 shall apply to all Department employees."

SECTION 6.(a)  G.S. 143B‑1322(c) is amended by adding a new subdivision to read:

"(22)    Coordinate with the Department of Public Safety to manage statewide response to cybersecurity incidents and significant cybersecurity incidents as defined by G.S. 143B‑1320."

SECTION 6.(b)  G.S. 166A‑19.12 is amended by adding a new subdivision to read:

"(23)    Coordination with the State Chief Information Officer and the Adjutant General to manage statewide response to cybersecurity incidents and significant cybersecurity incidents as defined by G.S. 143B‑1320. This includes, but is not limited to:

a.         Development and promulgation of necessary policies, plans, and procedures for cybersecurity and critical infrastructure protection; and

b.         Annual review, update, and testing of cybersecurity incident response plans and procedures."

SECTION 6.(c)  G.S. 143B‑1321 is amended by adding a new subsection to read:

"(c)      Such information technology information protected from public disclosure under G.S. 132‑6.1(c), including, but not limited to, security features of critical infrastructure, information technology systems, telecommunications networks, or electronic security systems, including hardware or software security, passwords, or security standards, procedures, processes, configurations, software, and codes, shall be kept confidential."

SECTION 6.(d)  G.S. 143B‑1320 reads as rewritten:

"§ 143B‑1320.  Definitions; scope; exemptions.

(a)        Definitions. – The following definitions apply in this Article:

…

(12)      Information technology security Cybersecurity incident. – A computer‑, network‑, or paper‑based activity that results directly or indirectly in misuse, damage, denial of service, compromise of integrity, or loss of confidentiality of a network, computer, application, or data.An occurrence that:

a.         Actually or imminently jeopardizes, without lawful authority, the integrity, confidentiality, or availability of information or an information system; or

b.         Constitutes a violation or imminent threat of violation of law, security policies, privacy policies, security procedures, or acceptable use policies.

…

(15)      Security incident. A warning or indication of a threat to or breach of information or computer security. The term also includes threats that have already occurred. Significant cybersecurity incident. – A cybersecurity incident that is likely to result in demonstrable harm to the State's security interests, economy, critical infrastructure, or to the public confidence, civil liberties, or public health and safety of the residents of North Carolina. A significant cybersecurity incident is determined by the following factors:

a.         Incidents that meet thresholds identified by the Department jointly with the Department of Public Safety that involve information:

1.         That is not releasable to the public and that is restricted or highly restricted according to Statewide Data Classification and Handling Policy; or

2.         That involves the exfiltration, modification, deletion, or unauthorized access, or lack of availability to information or systems within certain parameters to include (i) a specific threshold of number of records or users affected as defined in G.S. 75‑65 or (ii) any additional data types with required security controls.

b.         Incidents that involve information that is not recoverable or cannot be recovered within defined time lines required to meet operational commitments defined jointly by the State agency and the Department or can be recovered only through additional measures and has a high or medium functional impact to the mission of an agency.

…."

SECTION 6.(e)  G.S. 143B‑1379 reads as rewritten:

"§ 143B‑1379.  State agency cooperation; liaisons.cooperation and training; liaisons; county and municipal government reporting.

(a)        The head of each principal department and Council of State agency shall cooperate with the State CIO in the discharge of the State CIO's duties by providing the following information to the Department:

(1)        The full details of the State agency's information technology and operational requirements and of all the agency's information technology security significant cybersecurity incidents within 24 hours of confirmation.

(2)        Comprehensive information concerning the information technology security employed to protect the agency's information technology.data, including documentation and reporting of remedial or corrective action plans to address any deficiencies in the information security policies, procedures, and practices of the State agency.

(3)        A forecast of the parameters of the agency's projected future information technology security cybersecurity and privacy needs and capabilities.

(4)        Designating an agency liaison in the information technology area to coordinate with the State CIO. The liaison shall be subject to a criminal background report from the State Repository of Criminal Histories, which shall be provided by the State Bureau of Investigation upon its receiving fingerprints from the liaison. Military personnel with a valid secret security clearance or a favorable Tier 3 security clearance investigation are exempt from this requirement. If the liaison has been a resident of this State for less than five years, the background report shall include a review of criminal information from both the State and National Repositories of Criminal Histories. The criminal background report shall be provided to the State CIO and the head of the agency. In addition, all personnel in the Office of the State Auditor who are responsible for information technology security reviews shall be subject to a criminal background report from the State Repository of Criminal Histories, which shall be provided by the State Bureau of Investigation upon receiving fingerprints from the personnel designated by the State Auditor. For designated personnel who have been residents of this State for less than five years, the background report shall include a review of criminal information from both the State and National Repositories of Criminal Histories. The criminal background reports shall be provided to the State Auditor. Criminal histories provided pursuant to this subdivision are not public records under Chapter 132 of the General Statutes.

(5)        Completing mandatory annual security awareness training and reporting compliance for all personnel, including contractors and other users of State information technology systems.

(b)        The information provided by State agencies to the State CIO under this section is protected from public disclosure pursuant to G.S. 132‑6.1(c).

(c)        County and municipal government agencies shall report cybersecurity incidents to the Department. Information shared as part of this process will be protected from public disclosure under G.S. 132‑6.1(c). Private sector entities are encouraged to report cybersecurity incidents to the Department."

SECTION 6.(f)  G.S. 143B‑1376 reads as rewritten:

"§ 143B‑1376.  Statewide security and privacy standards.

(a)        The State CIO shall be responsible for the security and privacy of all State information technology systems and associated data. The State CIO shall manage all executive branch information technology security and shall establish a statewide standard for information technology security and privacy to maximize the functionality, security, and interoperability of the State's distributed information technology assets, including, but not limited to, data classification and management, communications, and encryption technologies. The State CIO shall review and revise the security standards annually. As part of this function, the State CIO shall review periodically existing security and privacy standards and practices in place among the various State agencies to determine whether those standards and practices meet statewide security security, privacy, and encryption requirements. The State CIO shall ensure that State agencies are periodically testing and evaluating information security controls and techniques for effective implementation and that all agency and contracted personnel are held accountable for complying with the statewide information security program. The State CIO may assume the direct responsibility of providing for the information technology security of any State agency that fails to adhere to security and privacy standards adopted under this Article.

…."

SECTION 6.(g)  G.S. 143B‑1378 reads as rewritten:

"§ 143B‑1378.  Assessment of agency compliance with security cybersecurity standards.

At a minimum, the State CIO shall annually assess the ability of each State agency, and each agency's contracted vendors, to comply with the current security cybersecurity enterprise‑wide set of standards established pursuant to this section. The assessment shall include, at a minimum, the rate of compliance with the enterprise‑wide security standards and an assessment of security organization, security practices, security information standards, network security architecture, and current expenditures of State funds for information technology security. The assessment of a State agency shall also estimate the initial cost to implement the security measures needed for agencies to fully comply with the standards. standards as well as the costs over the lifecycle of the State agency information system. Each State agency shall submit information required by the State CIO for purposes of this assessment. The State CIO shall include the information obtained from the assessment in the State Information Technology Plan."

SECTION 7.(a)  G.S. 143B‑1400 reads as rewritten:

"§ 143B‑1400.  Definitions.

The following definitions apply in this Part.

(1)        911 Board. – The 911 Board established in G.S. 143B‑1401.

(2)        911 Fund. – The North Carolina 911 Fund established in G.S. 143B‑1403.

(3)        911 State Plan. – A document prepared, maintained, and updated by the 911 Board that provides a comprehensive plan for communicating 911 call information across networks and among PSAPs, addresses all aspects of the State's 911 system, and describes the allowable uses of revenue in the 911 Fund.Fund, including, but not limited to, transfer of 911 calls between geographically dispersed PSAPs, increased aggregation and sharing of call taking data, resources, procedures, standards, and requirements to improve emergency response and implementation of a NG911 network.

(4)        911 system. – An emergency communications system using any available technology that does all of the following:

a.         Enables the user of a communications service connection to reach a PSAP by dialing the digits 911.

b.         Provides enhanced 911 service.

c.         Delivers 911 calls to the State ESInet as provided by G.S. 143B‑1406(e1) or a Next Generation 911 Network.

(5)        911 system provider. – An entity that provides a an Enhanced 911 or NG911 system to a PSAP.

(5a)      Agent. – An agent is an authorized person, including an employee, contractor, or volunteer, who has one or more roles in a PSAP or for a communications service provider. An agent can also be an automaton in some circumstances.

(6)        Back‑up PSAP. – The capability to operate as part of the 911 System and all other features of its associated primary PSAP. The term includes a back‑up PSAP that receives 911 calls only when they are transferred from the primary PSAP or on an alternate routing basis when calls cannot be completed to the primary PSAP.

(7)        Call taking. – The act of processing a 911 call for emergency assistance by a primary PSAP, including the use of 911 system equipment, call classification, location of a caller, determination of the appropriate response level for emergency responders, and dispatching 911 call information to the appropriate responder.

(8)        Commercial Mobile Radio Service (CMRS). – Defined in 47 C.F.R. § 20.3.

(9)        Communications service. – Any of the following:

a.         The transmission, conveyance, or routing of real‑time communications to a point or between or among points by or through any electronic, radio, satellite, cable, optical, microwave, wireline, wireless, Internet protocol, or other medium or method, regardless of the protocol used.

b.         The ability to receive and terminate voice calls, text‑to‑911, short message service (SMS) or other messages, videos, data, or other forms of communication to, from, and between the public switched telephone network, wireless networks, IP‑enabled networks, or any other communications network.

c.         Interconnected VoIP service.

(10)      Communications service connection. – Each telephone number or trunk assigned to a residential or commercial subscriber by a communications service provider, without regard to technology deployed.

(11)      Communications service provider. – An entity that provides communications service to a subscriber.

(12)      CMRS connection. – Each mobile handset telephone number assigned to a CMRS subscriber with a place of primary use in North Carolina.

(13)      CMRS provider. – An entity, whether facilities‑based or nonfacilities‑based, that is licensed by the Federal Communications Commission to provide CMRS or that resells CMRS within North Carolina.

(13a)    Emergency medical dispatch. – The management of requests for emergency medical assistance by utilizing a system of:

a.         A tiered response or priority dispatching of emergency medical resources based on the level of medical assistance appropriate for the victim; and

b.         Pre‑arrival first aid or other medical instructions given by trained telecommunicators responsible for receiving 911 calls and dispatching emergency response services.

(14)      Enhanced 911 service. – Directing a 911 call to an appropriate PSAP by selective routing or other means based on the geographical location from which the call originated and providing information defining the approximate geographic location and the telephone number of a 911 caller, in accordance with the FCC Order.

(15)      Exchange access facility. – The access from a subscriber's premises to the telephone system of a service supplier. The term includes service supplier provided access lines, private branch exchange trunks, and centrex network access registers, as defined by applicable tariffs approved by the North Carolina Utilities Commission. The term does not include service supplier owned and operated telephone pay station lines, Wide Area Telecommunications Service (WATS), Foreign Exchange (FX), or incoming only lines.

(16)      FCC Order. – The Order of the Federal Communications Commission FCC Docket No. 94‑102, adopted on December 1, 1997, and any consent decrees, rules, and regulations adopted by the Federal Communications Commission pursuant to the Order.

(17)      GIS mapping. GIS. – Computerized geographical information that can be used to assist in locating a person who calls emergency assistance, including mapping elements such as street centerlines, ortho photography, and oblique imaging.or other imaging, and geospatial call routing to deliver 911 calls to an appropriate PSAP.

(18)      Interconnected VoIP service. – Defined in 47 C.F.R. § 9.3.

(19)      Local exchange carrier. – An entity that is authorized to provide telephone exchange service or exchange access in North Carolina.

(19a)    Next generation 911 network. – Managed Internet Protocol based networks, gateways, functional elements, and databases that augment E‑911 features and functions enabling the public to transmit digital information to public safety answering points replacing Enhanced 911, that maintains P.01 for Basic 911 or Enhanced 911 services or NENA i3 Solution standard for NG911 services, and that includes Emergency Service IP Network (ESInet), GIS, cybersecurity, and other system components.

(20)      Next generation 911 system. – An IP‑enabled Internet Protocol‑enabled emergency communications system using Internet Protocol, or any other available technology, to enable enabling the user public or subscriber of a communications service to reach an appropriate PSAP by sending the digits 911 via dialing, text, or short message service (SMS), or any other technological means.

(21)      Next generation 911 system provider. – An entity that provides a next generation or IP‑enabled 911 system to a PSAP.

(22)      Prepaid wireless telecommunications service. – A wireless telecommunications service that allows a caller to dial 911 to access the 911 system, which service must be paid for in advance and is sold in predetermined units or dollars of which the number declines with use in a known amount.

(23)      Primary PSAP. – The first point of reception of a 911 call by a public safety answering point.

(24)      Proprietary information. – Subscriber lists, technology descriptions, technical information, or trade secrets that are developed, produced, or received internally by a communications service provider or by a communications service provider's employees, directors, officers, or agents.

(25)      Public safety answering point (PSAP). – The public safety agency that receives an incoming 911 call and dispatches appropriate public safety agencies to respond to the call.

(25a)    Regional PSAP. – A primary PSAP operated by or on behalf of two or more counties and any number of municipalities, approved by the Board, for 911 call taking.

(26)      Retail transaction. – The sale of prepaid wireless telecommunications service for any purpose other than resale.

(27)      Service supplier. – An entity that provides exchange telephone service or communications service to the public or a telephone subscriber.

(27a)    State Emergency Services IP (ESInet) Network. – A NG911 network contracted by the 911 Board to one or more communications service providers for the purpose of securely receiving 911 calls, transferring 911 calls and all associated data, providing centralized network management and security monitoring, and enabling GIS call routing.

(28)      Subscriber. – A person who purchases a communications service and is able to receive it or use it periodically over time.

(28a)    Telecommunicator. – A person qualified to provide 911 call taking employed by a PSAP. The term applies to 911 call takers, dispatchers, radio operators, data terminal operators, or any combination of such call taking functions in a PSAP.

…."

SECTION 7.(b)  G.S. 143B‑1402 reads as rewritten:

"§ 143B‑1402.  Powers and duties of the 911 Board.

(a)        Duties. – The 911 Board has the following powers and duties:

(1)        To develop the 911 State Plan. In developing and updating the plan, the 911 Board must monitor trends in communications service technology utilized for the 911 system and in enhanced 911 service technology, investigate and incorporate GIS mapping and other resources into the plan, ensure individual PSAP plans incorporate a back‑up PSAP, PSAP and 911 call routing in an emergency, coordination with State emergency operations including Telecommunicator Emergency Response Taskforce (TERT), and formulate strategies for the efficient and effective delivery of enhanced 911 service.

(2)        To administer the 911 Fund and the monthly 911 service charge authorized by G.S. 143B‑1403.

(3)        To distribute revenue in the 911 Fund to CMRS providers and PSAPs in accordance with this Part and advise CMRS providers and PSAPs of the requirements for receiving a distribution from the 911 Fund.

(4)        To establish cooperative purchasing agreements or other contracts for the procurement of goods and services, to establish policies and procedures to fund advisory services and training programs including, but not limited to, Emergency Medical Dispatch and quality assurance of Emergency Medical Dispatch programs for PSAPs, PSAPs as authorized by this Part, to set operating standards for PSAPs and back‑up PSAPs, PSAPs, including telecommunicator training and certification requirements as provided by G.S. 143B‑1406(f), and to provide funds in accordance with these policies, procedures, and standards.standards subject to the limitations of G.S. 143B‑1406.

(5)        To investigate the revenues and expenditures associated with the operation of a PSAP to ensure compliance with restrictions on the use of amounts distributed from the 911 Fund.

(6)        To make and enter into contracts and agreements necessary or incidental to the performance of its powers and duties under this Part and to use revenue available to the 911 Board under G.S. 143B‑1404 for administrative expenses to pay its obligations under the contracts and agreements.

(7)        To use funds available to the 911 Board under G.S. 62‑47 [143B‑1407] G.S. 143B‑1407 to pay its obligations incurred for statewide 911 projects.

(8)        To accept gifts, grants, or other money for the 911 Fund.

(9)        To undertake its duties in a manner that is competitively and technologically neutral as to all communications service providers.

(10)      To design, create, or acquire printed or Web‑based public education materials regarding the proper use of 911.

(11)      To adopt rules to implement this Part. This authority does not include the regulation of any enhanced 911 communications service, such as the establishment of technical standards for telecommunications communications service providers to deliver process 911 voice and data.

(12)      To take other necessary and proper action to implement the provisions of this Part.

(13)      To collect, manage, and analyze call taking data that is delivered to the State ESInet for use by the Board in performing call analytics and call routing. Such data shall be subject to the limitations of G.S. 132‑1 et seq., and applicable federal privacy laws or regulations.

(14)      To coordinate, adopt, and communicate all necessary technical and operational standards and requirements to ensure an effective statewide interconnected NG911 network, the State ESInet, including the following:

a.         NG911 network design specifications;

b.         911 call processing standards and requirements including system networks, PSAP equipment, GIS caller location routing, and database requirements;

c.         Performance measures for data services necessary for the purposes of this Part.

(15)      To establish and operate a network management center for the State ESInet staffed by the Board. The center shall monitor PSAP and communications service provider compliance with technical and operational standards, requirements, and practices. The center shall monitor the State ESInet performance and security testing protocols in coordination with the Department of Information Technology.

(b)        Prohibition. – In no event shall the 911 Board or any other State agency construct, operate, or own a communications network for the purpose of providing 911 service. The 911 Board may pay private sector vendors for provisioning a communications network for the purpose of providing citizens access to 911 services and completing call‑taking processes through one or more PSAPs.

(c)        The Secretary of the Department of Information Technology shall, with the advice of the 911 Board, select an Executive Director of the 911 Board. The Executive Director shall be the Board's chief administrative officer. The Executive Director shall have appropriate training and experience to assist the Board in the performance of its duties. The Executive Director shall be considered the State 911 coordinator for purposes of relevant State and federal law and program requirements.

The Executive Director shall be responsible for managing the work of the Board, including, but not limited to:

(1)        Preparing and submitting reports of the Board to the NC General Assembly, Governor, and Federal Communications Commission;

(2)        Drafting suggested legislation incorporating the Board's findings for submission to the General Assembly;

(3)        Administering, directing, and managing the affairs and business of the 911 Board, and for the supervision of all personnel serving the Board;

(4)        Contracting with such other persons, including subject matter experts and consultants, as deemed necessary; and

(5)        Executing the Board's policies, powers, and duties subject to appropriations, available funds, and State employment and procurement laws.

(d)       The Board may meet in the offices of the Department of Information Technology or in facilities satisfactory for the Board's needs and Public Meeting laws. The Department of Information Technology shall provide office space for the Board's staff.

(e)        To execute the powers and duties provided in this Part, the Board shall determine its policies, procedures, and rules by majority vote of the members of the Board, a quorum having been established. Once a policy or procedure is determined or a rule is adopted, the Board shall communicate it to the Executive Director, who shall have the authority to execute the policy, procedure, or rule of the Board. No individual member of the Board shall have the responsibility or authority to give operational directives to any employee of the Board other than the Executive Director."

SECTION 7.(c)  G.S. 143B‑1403 reads as rewritten:

"§ 143B‑1403.  Service charge for 911 service.

(a)        Charge Imposed. – A monthly 911 service charge is imposed on each active communications service connection that provides access to the 911 system through a voice communications service. The service charge for service other than prepaid wireless telecommunications service is seventy cents (70’) or a lower amount set by the 911 Board under subsection (d) of this section. The service charge is payable by the subscriber to the provider of the voice communications service. The provider may list the service charge separately from other charges on the bill. Partial payments made by a subscriber are applied first to the amount the subscriber owes the provider for the voice communications service. If a subscriber is capable of making more than one simultaneous outbound 911 call though its communications service connections, then the total number of 911 service charges billed to the subscriber shall be (i) for CMRS providers, an amount equal to the number of CMRS connections and (ii) for all other communications service providers, an amount equal to the total number of simultaneous outbound 911 calls the subscriber can make using the North Carolina telephone numbers or trunks billed to their account.

(b)        Prepaid Wireless. – A 911 service charge is imposed on each retail purchase of prepaid wireless telecommunications service occurring in this State of seventy cents (70’) for each retail transaction of prepaid wireless telecommunications service or a lower amount set as provided by subsection (d) of this section. The service charge is collected and remitted as provided in G.S. 143B‑1414.

(c)        Remittance to 911 Board. – A communications service provider must remit the service charges collected by it under subsection (a) of this section to the 911 Board. The provider must remit the collected service charges by the end of the calendar month following the month the provider received the charges from its subscribers. A provider may deduct and retain from the service charges it receives from its subscribers and remits to the 911 Board an administrative allowance equal to the greater of one percent (1%) of the amount of service charges remitted or fifty dollars ($50.00) a month.

(d)       Adjustment of Charge. – The 911 Board must monitor the revenues generated by the service charges imposed by this section. If the 911 Board determines that the rates produce revenue that exceeds or is less than the amount needed, the 911 Board may adjust the rates. The rates must ensure full cost recovery for communications service providers and for primary PSAPs over a reasonable period of time. The 911 Board must set the service charge for prepaid wireless telecommunications service at the same rate as the monthly service charge for nonprepaid service. A change in the rate becomes effective only on July 1. The 911 Board must notify providers of a change in the rates at least 90 days before the change becomes effective. The 911 Board must notify the Department of Revenue of a change in the rate for prepaid wireless telecommunications service at least 90 days before the change becomes effective. The Department of Revenue must provide notice of a change in the rate for prepaid wireless telecommunications service at least 45 days before the change becomes effective only on the Department's Web site. The revenues must:

(1)        Ensure full cost recovery for communications service providers over a reasonable period of time; and

(2)        Fund allocations under G.S. 143B‑1404 of this Part for monthly distributions to primary PSAPs and for the State ESInet.

…."

SECTION 7.(d)  G.S. 143B‑1404 reads as rewritten:

"§ 143B‑1404.  911 Fund.

(a)        Fund. – The 911 Fund is created as an interest‑bearing special revenue fund within the State treasury. The 911 Board administers the Fund. The 911 Board must credit to the 911 Fund all revenues remitted to it from the service charge imposed by G.S. 143B‑1403 on communications service connections in the State. G.S. 143B‑1403. Revenue in the Fund may only be used as provided in this Part.

(b)        Allocation of Revenues. – The 911 Board may deduct and retain for its administrative expenses a percentage of the total service charges remitted to it under G.S. 143B‑1403 for deposit in the 911 Fund. The percentage may not exceed two three and one‑half percent (2%). (3.5%). The percentage is one percent (1%) unless the 911 Board sets the percentage at a different amount. The 911 Board must monitor the amount of funds required to meet its financial commitment to provide technical assistance to primary PSAPs duties under this Part and set the rate at an amount that enables the 911 Board to meet this commitment. The 911 Board must allocate ten percent (10%) a minimum of fifteen percent (15%) of the total service charges to the Next Generation 911 Reserve Fund to be administered as provided in G.S. 143B‑1407. The 911 Board must allocate a minimum of five percent (5%) of the total service charges to the PSAP Grant and Statewide Projects Account to be administered as provided in G.S. 143B‑1407. The remaining revenues remitted to the 911 Board for deposit in the 911 Fund are allocated as follows:for distribution to the primary PSAPs, CMRS providers, or the Accounts established in G.S. 143B‑1407.

(1)        A percentage of the funds remitted by CMRS providers, other than the funds remitted by the Department of Revenue from prepaid wireless telecommunications service, to the 911 Fund are allocated for reimbursements to CMRS providers pursuant to G.S. 143B‑1405.

(2)        A percentage of the funds remitted by CMRS providers, all funds remitted by the Department of Revenue from prepaid wireless telecommunications service, and all funds remitted by all other communications service providers are allocated for monthly distributions to primary PSAPs pursuant to G.S. 143B‑1406 and grants to PSAPs pursuant to G.S. 143B‑1407.

(3)        The percentage of the funds remitted by CMRS providers allocated to CMRS providers and PSAPs shall be set by the 911 Board and may be adjusted by the 911 Board as necessary to ensure full cost recovery for CMRS providers and, to the extent there are excess funds, for distributions to primary PSAPs.

…."

SECTION 7.(e)  G.S. 143B‑1405 reads as rewritten:

"§ 143B‑1405.  Fund distribution to CMRS providers.

(a)        Distribution. – CMRS providers are eligible for reimbursement from the 911 Fund for the actual costs incurred by the CMRS providers in complying with the requirements of enhanced 911 service. Costs of complying may include costs incurred for designing, upgrading, purchasing, leasing, programming, installing, testing, or maintaining all necessary data, hardware, and software required to provide 911 communications service as well as the recurring and nonrecurring costs of providing the service. To obtain reimbursement, a CMRS provider must comply with all of the following:

(1)        Invoices must be sworn.

(2)        All costs and expenses must be commercially reasonable.

(3)        All invoices for reimbursement must be related to compliance with the requirements of enhanced 911 service.

(4)        Prior approval must be obtained from the 911 Board for all invoices for payment of costs that exceed the lesser of:

a.         One hundred percent (100%) of the eligible costs allowed under this section.

b.         One hundred twenty‑five percent (125%) of the service charges remitted to the 911 Board by the CMRS provider.

(5)        A CMRS provider may request reimbursement by presenting a request to the Board not later than six months prior to the end of the Board's fiscal year and identifying the provider's anticipated qualified expenses for reimbursement during the Board's next fiscal year.

(b)        Payment Carryforward. – If the total amount of invoices submitted to the 911 Board and approved for payment in a month exceeds the amount available from the 911 Fund for reimbursements to CMRS providers, the amount payable to each CMRS provider is reduced proportionately so that the amount paid does not exceed the amount available for payment. The balance of the payment is deferred to the following month. A deferred payment accrues interest at a rate equal to the rate earned by the 911 Fund until it is paid.

(c)        PSAP Grant and Statewide Project Reallocation. – If the amount of reimbursements to CMRS providers approved budgeted by the 911 Board for a fiscal year is less than exceeds the amount of funds allocated disbursed for reimbursements to CMRS providers for that fiscal year, the 911 Board may reallocate part of the excess amount to the PSAP Grant and Statewide 911 Projects Account Accounts established under G.S. 143B‑1407. The 911 Board may reallocate funds under this subsection only once each calendar year and may do so only within the three‑month period that follows the end of the fiscal year. If the 911 Board reallocates more than a total of three million dollars ($3,000,000) to the PSAP Grant and Statewide 911 Projects Account in a calendar year, it must consider reducing the amount of the service charge in G.S. 143B‑1404 to reflect more accurately the underlying costs of providing 911 system services.

The 911 Board must make the following findings before it reallocates funds to the PSAP Grant and Statewide 911 Projects Account:Accounts established under G.S. 143B‑1407:

(1)        There is a critical need for additional funding for PSAPs in rural or high‑cost areas to and ensure that enhanced 911 NG911 service is deployed throughout the State.

(2)        The reallocation will not impair cost recovery by CMRS providers.

(3)        The reallocation will not result in the insolvency of the 911 Fund."

SECTION 7.(f)  G.S. 143B‑1406 reads as rewritten:

"§ 143B‑1406.  Fund distribution to PSAPs.

(a)        Monthly Distribution. – The 911 Board must make monthly distributions to primary PSAPs from the amount allocated to the 911 Fund for PSAPs. Fund. A PSAP is not eligible for a distribution under this section unless it complies with the requirements of this Part, provides enhanced 911 service, and received distributions from the 911 Board in the 2008‑2009 fiscal year. The Board may reduce, suspend, or terminate distributions under this subsection if a PSAP does not comply with the requirements of this Part. The Board must comply with all of the following:

…

(3)        Formula. – The funding formula established by the Board must consider all of the following:

a.         The population of the area served by a PSAP.

b.         PSAP reports and budgets, disbursement histories, and historical costs.

c.         PSAP operations, 911 technologies used by the PSAP, compliance with operating standards of the 911 Board, level of service a PSAP delivers dispatching fire, emergency medical services, law enforcement, and Emergency Medical Dispatch.

d.         The tier designation of the county in which the PSAP is located as designated in G.S. 143B‑437.08.

e.         Any interlocal government funding agreement to operate a regional PSAP, or between a primary PSAP and a secondary PSAP, if the secondary PSAP was in existence as of June 1, 2010, receives funding under the agreement, and is within the service area of the primary PSAP.

e1.       Any expenditure authorized by the 911 Board for statewide 911 projects or the next generation 911 system.

f.          Any other information the Board considers relevant.

…

(b)        Percentage Designations. – The 911 Board must determine how revenue that is allocated to the 911 Fund for distribution to primary PSAPs and is not needed to make the base amount distribution required by subdivision (a)(1) of this section is to be used. The 911 Board must designate a percentage of the remaining funds to be distributed to primary PSAPs on a per capita basis and a percentage to be allocated to the PSAP Grant Account Accounts established in G.S. 143B‑1407. If the 911 Board does not designate an amount to be allocated to the PSAP Grant Account, such Accounts, the 911 Board must distribute all of the remaining funds to regional or primary PSAPs on a per capita basis. The 911 Board may not change the percentage designation more than once each fiscal year.

(c)        Carryforward. – A PSAP may carry forward distributions for eligible expenditures for capital outlay, capital improvements, or equipment replacement. Amounts carried forward to the next fiscal year from distributions made by the 911 Board may not be used to lower the distributions in subsection (a) of this section unless the amount is greater than twenty percent (20%) of the average yearly amount distributed to the PSAP in the prior two years. replacement if shown pursuant to subsection (f) of this section. The 911 Board may allow a PSAP to carry forward a greater amount without changing the PSAP's distribution. Amounts carried forward to the next fiscal year from distributions made by the 911 Board may not be used to lower the distributions in subsection (a) of this section unless:

(1)        The amount is greater than twenty percent (20%) of the average yearly amount distributed to the PSAP in the prior two years; or

(2)        The amount in subsection (a) of this section is modified based upon the Board's expenditures for statewide 911 projects or the PSAP's migration to a next generation 911 network.

(d)       Use of Funds. – A PSAP that receives a distribution from the 911 Fund may not use the amount received to pay for the lease or purchase of real estate, cosmetic remodeling of emergency dispatch centers, hiring or compensating telecommunicators, or the purchase of mobile communications vehicles, ambulances, fire engines, or other emergency vehicles. Distributions received by a PSAP may be used only to pay for the following:

(1)        The lease, purchase, or maintenance of:

a.         Emergency telephone equipment, including necessary computer hardware, software, and database provisioning.

b.         Addressing.Addressing, provided that addressing shall not be paid following the earlier of July 1, 2021, or compliance with G.S. 143B‑1406(e1).

c.         Telecommunicator furniture.

d.         Dispatch equipment located exclusively within a building where a PSAP or back‑up PSAP is located, excluding the costs of base station transmitters, towers, microwave links, and antennae used to dispatch emergency call information from the PSAP or back‑up PSAP.

e.         Emergency medical, fire, and law enforcement pre‑arrival instruction software.

(2)        The nonrecurring costs of establishing a 911 system.

(3)        Expenditures for in‑State training of 911 personnel regarding the maintenance and operation of the 911 system. Allowable training expenses include the cost of transportation, lodging, instructors, certifications, improvement programs, quality assurance training, training associated with call taking, and emergency medical, fire, or law enforcement procedures, and training specific to managing a PSAP or supervising PSAP staff. Training outside the State is not an eligible expenditure unless the training is unavailable in the State or the PSAP documents that the training costs are less if received out‑of‑state. Training specific to the receipt of 911 calls is allowed only for intake and related call taking quality assurance and improvement. Instructor certification costs and course required prerequisites, including physicals, psychological exams, and drug testing, are not allowable expenditures.

(4)        Charges associated with the service supplier's 911 service and other service supplier recurring charges. The PSAP providing 911 service is responsible to the communications service provider for all 911 installation, service, equipment, operation, and maintenance charges owed to the communications service provider. A PSAP may contract with a communications service provider on terms agreed to by the PSAP and the provider. Service supplier 911 service and other recurring charges supplanted by the State ESInet costs paid by the Board shall not be paid from distributions to PSAPs following the earlier of July 1, 2021, or compliance with G.S. 143B‑1406(e1).

(e)        Local Fund. – The fiscal officer of a PSAP to whom a distribution is made under this section must deposit the funds in a special revenue fund, as defined in G.S. 159‑26(b)(2), designated as the Emergency Telephone System Fund. The fiscal officer may invest money in the Fund in the same manner that other money of the local government may be invested. Income earned from the invested money in the Emergency Telephone System Fund must be credited to the Fund. Revenue deposited into the Fund must be used only as permitted in this section.

(e1)      State NG911 Emergency Service IP Network (ESInet). –

(1)        No later than July 1, 2021, the Board and local governments operating primary PSAPs shall develop and fully implement NG911 transition plans to migrate PSAPs to the State ESInet. To the extent practicable, the migration of PSAPs will be implemented on a sequential region‑by‑region basis for those PSAPs served by each legacy 911 selective router. The Board may extend the implementation date for a primary PSAP for good cause. For purposes of this section, "good cause" means an event or events reasonably beyond the ability of the Board to anticipate or control.

(2)        All communications service providers required to provide access to 911 service shall route the 911 calls of their subscribers to ESInet points of interconnection designated by the Board. The Board shall identify points of interconnection no later than July 1, 2019. The Board shall establish ESInet points of interconnection in a manner that minimizes cost to the communications service providers to the extent practicable while still achieving necessary 911 service and ESInet objectives.

(3)        The State ESInet service provider shall receive the 911 calls delivered by the communications service provider at the designated ESInet points of interconnection and deliver the calls to the appropriate PSAP. The State ESInet service provider shall not charge a communications service provider to connect to the State ESInet point of interconnection nor for the delivery of the 911 calls to the PSAP.

(f)        Compliance. – A PSAP, or the governing entity of a PSAP, must comply with all of the following in order to receive a distribution under this section:

…

(4a)      On or before July 1, 2019, each primary PSAP dispatching emergency medical services shall develop policies and procedures for implementing an Emergency Medical Dispatch program approved by the Office of Emergency Medical Services. Emergency medical dispatch instructions must be offered by a telecommunicator who has completed an emergency medical dispatch course approved by the Office of Emergency Medical Services.

(5)        By July 1, 2016, a A primary PSAP must have a plan and means for 911 call‑taking in the event 911 calls cannot be received and processed in the primary PSAP. If a PSAP has made substantial progress toward implementation of the plan and means, the 911 Board may grant the PSAP an extension until July 1, 2017, to complete implementation of the plan and means. The plan must identify the alternative capability of taking the redirected 911 calls. This subdivision does not require a PSAP to construct an alternative facility to serve as a back‑up PSAP.

(5a)      On or before July 1, 2020, each PSAP shall deploy equipment, products, and services necessary or appropriate to enable the PSAP to receive and process calls for emergency assistance sent via text messages in a manner consistent with FCC Order 14‑118 and any other FCC order that affects the deployment of text‑to‑911.

(5b)      Persons employed as telecommunicators who are not required to be certified by the North Carolina Sheriffs' Education and Training Standards Commission shall successfully complete:

a.         A minimum of 40 hours in a nationally recognized training course for 911 telecommunicators or a basic telecommunicator course offered by the North Carolina Sheriffs' Education and Training Standards Commission within one year of the date of their employment for any person beginning employment after July 1, 2019, or a substantially similar minimum training acceptable to the telecommunicator's employer; and

b.         A nationally recognized emergency medical dispatch course or an emergency medical dispatch course approved by the Office of Emergency Medical Services not later than July 1, 2020, or if employed subsequent to July 1, 2020, within six months of the date of employment.

(6)        A primary PSAP must comply with the rules, policies, procedures, and operating standards for primary PSAPs adopted by the 911 Board.

…

(h)        Every local government shall participate in a 911 system. The establishment and operation of regional PSAPs shall be a coordinated effort among local governments, local government agencies, and the Board. Nothing in this article shall be construed to prohibit or discourage in any way the formation of regional PSAPs.

…."

SECTION 7.(g)  G.S. 143B‑1407 reads as rewritten:

"§ 143B‑1407.  PSAP Grant and Statewide 911 Projects Account; Next Generation 911 Reserve Fund.

…

(d)       Statewide 911 Projects. – The 911 Board may use funds from the PSAP Grant and Statewide 911 Projects Account and funds from the Next Generation 911 Reserve Fund for a statewide project if the Board determines the project meets all of the following requirements:

(1)        The project is consistent with the 911 plan.

(2)        The project is cost‑effective and efficient when compared to the aggregated costs incurred by primary PSAPs for implementing individual projects.

(3)        The project is an eligible expense under G.S. 143B‑1406(e).G.S. 143B‑1406(d).

(4)        The project will have statewide benefit for 911 service.

(e)        Next Generation 911 Fund. – The 911 Board may use funds from the Next Generation 911 Fund to fund the implementation of next generation 911 systems. Notwithstanding Article 8 of Chapter 143C of the General Statutes, the 911 Board may expend funds from the Next Generation 911 Fund to provide for a single data network to serve PSAPs. The 911 Board may provide funds directly to primary PSAPs to implement next generation 911 systems. By October 1 of each year, the 911 Board must report to the Joint Legislative Commission on Governmental Operations on the expenditures from the Next Generation 911 Fund for the prior fiscal year and on the planned expenditures from the Fund for the current fiscal year.

…."

SECTION 7.(h)  G.S. 143B‑1408 reads as rewritten:

"§ 143B‑1408.  Recovery of unauthorized use of funds.

The 911 Board must give written notice of violation to any communications service provider or PSAP found by the 911 Board to be using monies from the 911 Fund for purposes not authorized by this Part. Upon receipt of notice, the communications service provider or PSAP must cease making any unauthorized expenditures. The communications service provider or PSAP may petition the 911 Board for a hearing on the question of whether the expenditures were unauthorized, and the 911 Board must grant the request within a reasonable period of time. If, after the hearing, the 911 Board concludes the expenditures were in fact unauthorized, the 911 Board may require the communications service provider or PSAP to refund the monies improperly spent within 90 days. Money received under this section Part must be credited to the 911 Fund. If a communications service provider or PSAP does not cease making unauthorized expenditures or refuses to refund improperly spent money, the 911 Board must suspend funding to the provider or PSAP until corrective action is taken."

SECTION 7.(i)  G.S. 143B‑1409 reads as rewritten:

"§ 143B‑1409.  Conditions for providing enhanced 911 service.

In accordance with the FCC Order, no No CMRS provider is required to provide enhanced 911 service until all of the following conditions are met:

(1)        The CMRS provider receives a request for the service from the administrator of a PSAP that is capable of receiving and utilizing the data elements associated with the service.

(2)        Funds for reimbursement of the CMRS provider's costs are available pursuant to G.S. 143B‑1405.

(3)        The local exchange carrier is able to support the requirements of enhanced 911 service."

SECTION 7.(j)  G.S. 143B‑1413 reads as rewritten:

"§ 143B‑1413.  Limitation of liability.

(a)        Except in cases of wanton or willful misconduct, a communications service provider, and a 911 system provider or next generation 911 system provider, and their employees, directors, officers, vendors, and agents are not liable for any damages in a civil action resulting from death or injury to any person or from damage to property incurred by any person in connection with developing, adopting, implementing, maintaining, or operating the 911 system or in complying with emergency‑related information requests from State or local government officials. This section does not apply to actions arising out of the operation or ownership of a motor vehicle. The acts and omissions described in this section include, but are not limited to, the following:

(1)        The release of subscriber information related to emergency calls or emergency services.

(2)        The use or provision of 911 service, E911 service, or next generation 911 service.

(3)        Other matters related to 911 service, E911 service, or next generation 911 service.

(4)        Text‑to‑911 service.

(b)        In any civil action by a user of 911 services or next generation 911 services arising from an act or an omission by a PSAP, and the officers, directors, employees, vendors, agents, and authorizing government entity of the PSAP, in the performance of any lawful and prescribed actions pertaining to their assigned job duties as a 911 or public safety telecommunicator or dispatcher at a PSAP or at any public safety agency to which 911 calls are transferred from a primary PSAP for dispatch of appropriate public safety agencies, the telecommunicator. The plaintiff's burden of proof shall be by clear and convincing evidence."

SECTION 8.  Nothing in this act alters or diminishes the exclusive responsibility and authority of the Secretary of Revenue to maintain and safeguard the secrecy and security of taxpayer information under G.S. 105‑259.

SECTION 9.  G.S. 58‑31‑60(c) reads as rewritten:

"§ 58‑31‑60.  Competitive selection of payroll deduction insurance products paid for by State employees.

…

(c)        Payroll Deduction Slots. – Each payroll unit shall be entitled to not less than four the number of payroll deduction slots it needs to be used for payment of insurance premiums for products selected by the Employee Insurance Committee and offered to the employees of the payroll unit. The Employee Insurance Committee shall select only one company per payroll deduction slot. The products selected by the Employee Insurance Committee may be offered on a pretax basis if the products qualify as a cafeteria plan under section 125 of the Code. For purposes of this subsection, the term "Code" has the same meaning as defined in G.S. 105‑228.90. The Company selected by the an Employee Insurance Committee shall be permitted to sell through payroll deduction only the products specifically approved by the Employee Insurance Committee. The assignment by the Employee Insurance Committee of a payroll deduction slot shall be for a period of not less than two years unless the insurance company shall be in violation of the terms of the written agreement specified in this subsection. The insurance company awarded a payroll deduction slot shall, pursuant to a written agreement setting out the rights and duties of the insurance company, be afforded an adequate opportunity to solicit employees of the payroll unit by making such employees aware that a representative of the company will be available at a specified time and at a location convenient to the employees.

Notwithstanding any other provision of the General Statutes, once an employee has selected an insurance product for payroll deduction, that product may not be removed from payroll deduction for that employee without his or her specific written consent.

When an employee retires from State employment and payroll deduction under this section is no longer available, the insurance company may not terminate life insurance products purchased under the payroll deduction plan without the retiree's specific written consent solely because the premium is no longer deducted from payroll.

…."

SECTION 10.(a)  G.S. 66‑360 is repealed.

SECTION 10.(b)  This section becomes effective January 1, 2020.

SECTION 11.  Part 2 of Article 15 of Chapter 143B of the General Statutes is amended by adding two new sections to read:

"§ 143B‑1337.  Information Technology Strategy Board.

(a)        Creation; Membership. – The Information Technology Strategy Board is created in the Department of Information Technology. The Board consists of the following members:

(1)        The State Chief Information Officer.

(2)        The State Budget Officer.

(3)        The President of The University of North Carolina.

(4)        The President of the North Carolina Community College System.

(5)        The Secretary of Administration.

(6)        Two citizens of this State with a background in and familiarity with business system technology, information systems, or telecommunications appointed by the Governor.

(7)        Two citizens of this State with a background in and familiarity with business system technology, information systems, or telecommunications appointed by the General Assembly upon the recommendation of the President Pro Tempore of the Senate in accordance with G.S. 120‑121.

(8)        Two citizens of this State with a background in and familiarity with business system technology, information systems, or telecommunications appointed by the General Assembly upon the recommendation of the Speaker of the House of Representatives in accordance with G.S. 120‑121.

(9)        The State Auditor, who shall serve as a nonvoting member.

Members of the Board appointed by the Governor shall serve terms of four years with the initial term expiring January 1, 2021. Members of the Board appointed by the General Assembly shall serve terms of two years with the initial term expiring January 1, 2021. Members of the Board shall not be employed by or serve on the board of directors or other corporate governing body of any vendor providing information systems, computer hardware, computer software, or telecommunications goods or services to the State. The State CIO shall serve as the chair of the Board. Vacancies in appointments made by the General Assembly shall be filled in accordance with G.S. 120‑122. Members of the Board who are employees of State agencies or institutions shall receive subsistence and travel allowances authorized by G.S. 138‑6. A majority of the Board constitutes a quorum for the transaction of business. The Department of Information Technology shall provide all clerical and other services required by the Board.

(b)        Board Powers and Duties. – The Board shall have the following powers and duties:

(1)        To advise the State CIO on policies and procedures to develop, review, and update the State Information Technology Plan.

(2)        To establish necessary committees to identify and share industry best practices and new development and to identify existing State information technology problems and deficiencies.

(3)        To establish guidelines regarding the review of project planning and management, information sharing, and administrative and technical review procedures involving State‑owned or State‑supported technology and infrastructure.

(4)        To establish ad hoc technical advisory groups to study and make recommendations on specific topics, including work groups to establish, coordinate, and prioritize needs.

(5)        To assist the State CIO in recommending to the Governor and the General Assembly a prioritized list of enterprise initiatives for which new or additional funding is needed.

(6)        To recommend business system technology projects to the Department and the General Assembly that meet the following criteria:

a.         A defined start and end point.

b.         Specific objectives that signify completion.

c.         Designed to implement or deliver a unique product, system, or service pertaining to business system technology.

(7)        To develop and maintain a five‑year prioritization plan for future business system technology projects.

(c)        Meetings. – The Board shall adopt bylaws containing rules governing its meeting procedures. The Board shall meet at least quarterly.

(d)       Reports. – The Board shall submit a report on projects that have been recommended, the status of those projects, and the most recent version of its five‑year prioritization plan to the Joint Legislative Oversight Committee on Information Technology and the Fiscal Research Division on or before January 1 of each year."

SECTION 12.  G.S. 17E‑7 reads as rewritten:

"§ 17E‑7.  Required standards.

(a)        Justice officers, other than those set forth in subsection (c1) of this section, shall not be required to meet any requirements of subsections (b) and (c) of this section as a condition of continued employment, nor shall failure of a justice officer to fulfill such requirements make him ineligible for any promotional examination for which he is otherwise eligible if the officer held an appointment prior to July 1, 1983, and is a sworn law‑enforcement officer with power of arrest. The legislature finds, and it is hereby declared to be the policy of this Chapter, that such officers have satisfied such requirements by their experience. It is the intent of the Chapter that all justice officers employed at the entry level after the Commission has adopted the required standards shall meet the requirements of this Chapter. All justice officers who are exempted from the required entry level standards by this subsection are subject to the requirements of subsections (b) and (c) of this section as well as the requirements of G.S. 17E‑4(a) in order to retain certification.

(b)        The Commission shall provide, by regulation, that no person may be appointed as a justice officer at entry level, except on a temporary or probationary basis, unless such person has satisfactorily completed an initial preparatory program of training at a school certified by the Commission or has been exempted from that requirement by the Commission pursuant to this Chapter. Upon separation of a justice officer from a sheriff's department within the temporary or probationary period of appointment, the probationary certification shall be terminated by the Commission. Upon the reappointment to the same department or appointment to another department of an officer who has separated from a department within the probationary period, the officer shall be charged with the amount of time served during his initial appointment and allowed the remainder of the probationary period to complete the basic training requirement. Upon the reappointment to the same department or appointment to another department of an officer who has separated from a department within the probationary period and who has remained out of service for more than one year from the date of separation, the officer shall be allowed another probationary period to complete such training as the Commission shall require by rule for an officer returning to service.

(c)        In addition to the requirements of subsection (b) of this section, the Commission, by rules and regulations, may fix other qualifications for the employment and retention of justice officers including minimum age, education, physical and mental standards, citizenship, good moral character, experience, and such other matters as relate to the competence and reliability of persons to assume and discharge the responsibilities of the office, and the Commission shall prescribe the means for presenting evidence of fulfillment of these requirements.

Where minimum educational standards are not met, yet the individual shows potential and a willingness to achieve the standards by extra study, they may be waived by the Commission for the reasonable amount of time it will take to achieve the standards required. Upon petition from a sheriff, the Commission may grant a waiver of any provisions of this section (17E‑7) for any justice officer serving that sheriff.

(c1)      Any justice officer appointed as a telecommunicator at the entry level after March 1, 1998, shall meet all requirements of this Chapter. Any person employed in the capacity of a telecommunicator as defined by the Commission on or before March 1, 1998, shall not be required to meet any entry‑level requirements as a condition of continued employment but shall be reported to the Commission for certification. All justice officers who are exempted from the required entry‑level standards by this subsection are subject to the requirements of subsections (b) and (c) of this section as well as the requirements of G.S. 17E‑4(a) in order to retain certification.

(c2)      Effective July 1, 2021, any person employed as a telecommunicator by a municipal police agency shall meet all the requirements for telecommunicators as set forth in this Chapter.

(d)       The Commission may issue a certificate evidencing satisfaction of the requirements of subsections (b), (c), and (c1) of this section to any applicant who presents such evidence as may be required by its rules and regulations of satisfactory completion of a program or course of instruction in another jurisdiction."

SECTION 13.  G.S. 126‑5 is amended by adding a new subsection to read:

"(c15)  Notwithstanding any provision of this Chapter to the contrary, the State Chief Information Officer (State CIO) is authorized to do the following:

(1)        Classify or reclassify positions in the Department of Information Technology (DIT) according to the classification system established by the State Human Resources Commission (SHRC) as long as the employee meets the minimum requirements of the classification.

(2)        Set salaries for DIT employees within the salary ranges for the respective position classification established by the SHRC."

SECTION 14.  Except as otherwise provided, this act is effective when it becomes law.

 

In the General Assembly read three times and ratified this the 9th day of August, 2019.

 

 

                                                                    s/  Carl Ford

                                                                         Presiding Officer of the Senate

 

 

                                                                    s/  Tim Moore

                                                                         Speaker of the House of Representatives

 

 

                                                                    s/  Roy Cooper

                                                                         Governor

 

 

Approved 3:05 p.m. this 21st day of August, 2019