Previous  Next

24-37.5-102. Definitions.

Statute text

As used in this article 37.5, unless the context otherwise requires:

(1) "Advisory board" means the government data advisory board created in section 24-37.5-702.

(2) "Availability" means the timely and reliable access to and use of information created, generated, collected, or maintained by a public agency.

(3) "Chief information officer" means the chief information officer appointed pursuant to section 24-37.5-103.

(4) "Confidentiality" means the preservation of authorized restrictions on information access and disclosure, including the means for protecting personal privacy and proprietary information.

(5) "Data" means facts that can be collected, analyzed, or used in an effort to gain knowledge or make decisions, and that are represented as texts, numbers, graphics, images, sounds, and videos.

(6) "Data management" means development and execution of architectures, policies, practices, and procedures that properly manage the creation, collection, protection, sharing, analysis, transmission, storage, and destruction of data.

(7) "Department of higher education" means the Colorado commission on higher education, collegeinvest, the Colorado student loan program, the Colorado college access network, the private occupational school division, and the state historical society.

(8) "Disaster recovery" means the provisioning of the office's provided services for operational recovery, readiness, response, and transition of information technology applications, systems, or resources.

(9) "Enterprise" means:

(a) Information technology services that can be applied across state government; and

(b) Support for information technology that can be applied across state government, including:

(I) Technical support;

(II) Software;

(III) Hardware;

(IV) People; and

(V) Standards.

(10) "Information security" means the protection of communication and information resources from unauthorized access, use, disclosure, disruption, modification, or destruction in order to:

(a) Protect against theft or misappropriation of information, as well as improper access, modification, degradation, or destruction of information;

(b) Preserve authorized restrictions on information access and disclosure;

(c) Ensure timely and reliable access to and use of information; and

(d) Maintain the confidentiality, integrity, and availability of information.

(11) "Information security plan" means the plan developed by a public agency pursuant to section 24-37.5-404.

(12) "Information technology" means technology, infrastructure, equipment, systems, software, controlling, displaying, switching, interchanging, transmitting, and receiving data or information, including audio, video, graphics, and text. "Information technology" shall be construed broadly to incorporate future technologies that change or supplant those in effect as of September 7, 2021.

(13) "Infrastructure" means data and telecommunications networks, data center services, website hosting and portal services, and shared enterprise services such as email and directory services; except that "infrastructure" does not include the provision of website information architecture and content.

(14) "Institution of higher education" means a state-supported institution of higher education.

(15) "Integrity" means the prevention of improper information modification or destruction and ensuring information nonrepudiation and authenticity.

(16) "Interdepartmental data protocol" means file sharing and governance policies, processes, and procedures that permit the merging of data for the purposes of policy analysis and determination of program effectiveness.

(17) "Joint technology committee" means the joint technology committee created in section 2-3-1702.

(18) "Local government" means the government of any county, city and county, home rule or statutory city, town, special district, or school district.

(19) "Major information technology project" means a project that considers risk, impact on employees and citizens, and budget, and that includes at least one of the following: A complex set of challenges, a specific level of business criticality, a complex group or high number of stakeholders or system end users, a significant financial investment, or security or operational risk. A "major information technology project" includes, without limitation, implementing a new information technology system or maintaining or replacing an existing information technology system.

(20) "Nongovernmental organization" means any scientific, research, professional, business, or public-interest organization that is neither affiliated with nor under the direction of the United States government or any state or local government.

(21) "Office" means the office of information technology created pursuant to section 24-37.5-103.

(22) "Personal identifying information" means any information that alone, or in combination with other information, can be used to identify an individual, including, but not limited to, social security number, driver's license number or other identification number, biometric data, personal health information as defined by the federal "Health Insurance Portability and Accountability Act of 1996", as amended, Pub.L. 104-191, and other information that is considered personal information or personally identifiable information as defined in law.

(23) "Political subdivision" means a municipality, county, city and county, town, or school district in this state.

(24) "Project management" means the application of knowledge, skills, tools, and techniques to support completing outcomes identified in the work.

(25) "Project manager" means a person who is trained in the management of information technology projects and is responsible for organizing and leading the project team that accomplishes all of the project deliverables.

(26) "Public agency" means every state office, whether executive or judicial, and all of its respective offices, departments, divisions, commissions, boards, bureaus, and institutions. "Public agency" does not include institutions of higher education or the general assembly.

(27) "Security incident" means an accidental or deliberate event that results in or constitutes an imminent threat of the unauthorized access, loss, disclosure, modification, disruption, or destruction of communication and information resources.

(28) "State agency" means all of the departments, divisions, commissions, boards, bureaus, and institutions in the executive branch of the state government. "State agency" does not include the legislative or judicial department, the department of education, the department of law, the department of state, the department of the treasury, or state-supported institutions of higher education.

(29) "State information technology personnel" means any personnel whose employment is necessary to carry out the purposes of this article 37.5 by the chief information officer and to administer, perform, and enforce the powers, duties, and functions of the office.

History

Source: L. 99: Entire article added with relocations, p. 865, 1, effective July 1. L. 2006: (3) and (4) amended, p. 1725, 2, effective June 6; (3.5), (3.7), (4.3), and (4.7) added, p. 1721, 1, effective June 6. L. 2008: Entire section amended, p. 1111, 1, effective May 22. L. 2010: (1.5), (1.7), and (2.5) added, (SB 10-148), ch. 107, p. 358, 1, effective April 15; (1.3) and (3.5) added, (HB 10-1401), ch. 367, p. 1729, 1, effective June 7. L. 2012: (1.8), (1.9), (2.6), and (3.2) added, (HB 12-1288), ch. 67, p. 232, 2, effective August 8. L. 2013: (2.3) added, (HB 13-1079), ch. 246, p. 1191, 2, effective May 18. L. 2015: (1.6) added and (1.7) amended, (HB 15-1213), ch. 83, p. 241, 1, effective August 5. L. 2018: IP and (2.6)(a) amended, (HB 18-1421), ch. 395, p. 2355, 2, effective June 6. L. 2019: (4) amended, (SB 19-253), ch. 255, p. 2454, 1, effective August 2. L. 2021: Entire section amended, (HB 21-1236), ch. 211, p. 1097, 5, effective September 7.

Annotations

Editor's note: (1) Subsection (1.3)(b) provided for the repeal of subsection (1.3) and subsection (3.5)(b) provided for the real of subsection (3.5), effective July 1, 2014. (See L. 2010, p. 1729.)

(2) The provisions of this section are similar to several former provisions of 24-37.5-402 and 24-37.5-702 as they existed prior to 2021.