The purpose of this rule is to implement the provisions of Section 282.0051(11)(e), F.S., to adopt rules relating to the operation of the State Data Center.  

  •  

    AGENCY FOR STATE TECHNOLOGY

    RULE NOS.:RULE TITLES:

    74-3.001Definitions

    74-3.002Physical Access and Security

    74-3.004Service Requests and Approvals

    74-3.007Budgeting and Accounting; State Data Center Cost-Recovery Methodology

    PURPOSE AND EFFECT: The purpose of this rule is to implement the provisions of Section 282.0051(11)(e), F.S., to adopt rules relating to the operation of the State Data Center.

    SUMMARY: The proposed rulemaking adopts new rules related to the State Data Center, including budgeting and accounting procedures, cost-recovery methodologies, and operating procedures.

    SUMMARY OF STATEMENT OF ESTIMATED REGULATORY COSTS AND LEGISLATIVE RATIFICATION: The Agency has determined that this will not have an adverse impact on small business or likely increase directly or indirectly regulatory costs in excess of $200,000 in the aggregate within one year after the implementation of the rule. A SERC has not been prepared by the Agency.

    The Agency has determined that the proposed rule is not expected to require legislative ratification based on the statement of estimated regulatory costs or if no SERC is required, the information expressly relied upon and described herein: the economic review conducted by the Agency.

    Any person who wishes to provide information regarding a statement of estimated regulatory costs, or provide a proposal for a lower cost regulatory alternative must do so in writing within 21 days of this notice.

    RULEMAKING AUTHORITY: 282.0051(18) FS.

    LAW IMPLEMENTED: 282.0051(11)(e) FS.

    A HEARING WILL BE HELD AT THE DATE, TIME AND PLACE SHOWN BELOW:

    DATE AND TIME: May 9, 2016, 9:00 a.m.

    PLACE: First District Court of Appeal, 2000 Drayton Drive, Room 1183, Tallahassee, Florida 32399

    Pursuant to the provisions of the Americans with Disabilities Act, any person requiring special accommodations to participate in this workshop/meeting is asked to advise the agency at least 5 days before the workshop/meeting by contacting: Anthony Garcia at (850)412-6066 or at anthony.garcia@ast.myflorida.com. If you are hearing or speech impaired, please contact the agency using the Florida Relay Service, 1(800)955-8771 (TDD) or 1(800)955-8770 (Voice).

    THE PERSON TO BE CONTACTED REGARDING THE PROPOSED RULE IS: Anthony Garcia at (850)412-6066 or at anthony.garcia@ast.myflorida.com

     

    THE FULL TEXT OF THE PROPOSED RULE IS:

     

    74-3.001 Definitions.

    (1) The following terms are defined:

    (a) Infrastructure as a Service (IaaS) – a data center service offering that provides processing, storage, networks and other fundamental computing resources used to deploy and run arbitrary software, which can include operating systems and applications.

    (b) Mechanical Room / High-Power Room – those areas at the State Data Center dedicated to the mechanical equipment (e.g., switchgear, uninterruptible power supply, batteries, generators, and transformers) that serves this facility.

    (c) Raised Floor – the area at the State Data Center where an elevated floor is constructed above the solid substrate leaving the open space created between the two for cables, wiring, electrical supply, and/or cooling infrastructure.

    (d) Service Request – a request by a customer entity, made to the State Data Center, for data center services.

    (e) Vendor(s) – means a person who is under contract with a customer entity or AST to deliver or install equipment at the SDC, or provide contractual services for the AST or a customer entity at the SDC.

    (f) Visitor(s) – any person(s) who is not an Agency for State Technology (AST) employee employed at the SDC who is requesting or has been approved to enter the SDC facility pursuant to these rules. Examples of Visitors include employees of customer entities, State of Florida employees, and Vendors of customer entities.

    Rulemaking Authority 282.0051(18) FS. Law Implemented 282.0051(11)(e) FS. History-New______.

     

    74-3.002 Physical Access and Security.

    (1) General - In order to gain access to the State Data Center (SDC) facility, all Visitors must:

    (a) Provide a government issued photo identification to verify their identify. Visitor identification will be verified before SDC access is approved;

    (b) Be visiting the SDC on business relating to the official duties or responsibilities of the SDC or a SDC customer entity, or be a State of Florida governmental employee visiting the SDC on official state business; and

    (c) Sign the SDC visitor log kept at the front desk of the SDC, and provide the following information in the log: 1. Name,

    2. Job title,

    3. Work or cell telephone number,

    4. Work e-mail address,

    5. Time entering the SDC, and

    6. Time departing the SDC (provided when leaving the SDC).

    (2) Identification Badge - Visitors approved to enter the SDC must wear the AST-issued identification badge in a visible place on their person at all times while at the SDC.

    (3) Access to Raised Floor Area.

    (a) Vendor Unescorted Access - Vendors may be allowed in raised floor area unescorted only if they satisfy the following requirements:

    1. Within the last five (5) years, they have successfully passed a Criminal Justice Information Services (CJIS) background screening, conducted by the Florida Department of Highway Safety and Motor Vehicles, under the AST’s Originating Agency Identifier (ORI) number.

    2. Within the last two (2) years, they have successfully completed (i.e., received a score at least a 70% or higher) CJIS Security Training as provided via https://www.cjisonline.com/.

    Vendors who have successfully satisfied the requirements of (3)(a)1. and 2. above will, for purposes of this rule, be considered “CJIS Compliant.”

    (b) Vendor Escorted Access - Vendors that are not CJIS Compliant must be escorted by a CJIS Compliant employee of the customer entity, approved by the SDC facilities manager, while in Raised Floor areas.

    (c) Non-Vendor Visitor Access – Non-Vendor Visitor access to the Raised Floor Area shall always be conducted under escort by an AST employee employed at the SDC.

    (4) Access to Mechanical and High / Power Room Areas - Facility mechanical and high-power rooms are off limits to all Visitors unless their access is both necessary (e.g., to conduct repairs to equipment located in this area) and approved in writing by either the SDC infrastructure and facilities bureau chief or facilities administrator. Visitors accessing these areas must be accompanied at all times by AST facilities or SDC management employees.

    (5) During their visit to the SDC, authorization of Visitors that have been initially approved to be at the SDC may be verified by AST staff.

    (6) Individuals shall only be admitted to the communications equipment room if escorted by AST staff.

    Rulemaking Authority 282.0051(18) FS. Law Implemented 282.0051(11)(e) FS. History-New _____.

     

    74-3.004 Service Requests and Approvals.

    (1) The acquisition of data center services, including IaaS, will be accomplished by customer entities submitting a Service Request to the State Data Center.

    Rulemaking Authority 282.0051(18) FS. Law Implemented 282.0051(11)(e) FS. History-New _____.

     

    74-3.007 Budgeting and Accounting; State Data Center Cost-Recovery Methodology.

    (1) The State Data Center (SDC) is responsible for developing and implementing cost-recovery mechanisms that recover the full direct and indirect cost of services through charges to applicable customer entities. To ensure the costs of providing data center services are equivalent to costs charged to customer entities the SDC will follow the following budget methodology:

    (a) Initial annual estimate. Before the start of each fiscal year the SDC will estimate both the total annual anticipated cost to operate the SDC and the projected customer entity utilization of data center services. These estimates will be used by the SDC to create an initial annual budget projection for SDC customer entities the upcoming fiscal year.

    (b) Monthly invoicing and payment. Customer entity monthly invoicing and payment will be managed as follows:

    1. Customer entities will be invoiced monthly for services provided in the previous month; however, the SDC may pre-bill customer entities to ensure the SDC has sufficient revenue to satisfy operating financial obligations it may have with the Department of Financial Services.

    2. With the exception of (b)1. above, customer entities will only be invoiced for products and service consumed or used by the customer entity.

    3. The cost for services provided to customer entities will be adjusted, monthly and at the close of each fiscal year, to ensure actual costs to operate the SDC are satisfied.

    4. Customer entities will receive an electronic mail communication from the SDC billing system providing them with a link to access their invoice no later than twenty (20) days after the last day of the prior month.

    (c) Customer entity payments. Payment to the SDC for services provided to customer entities will be due in full upon receipt, but no later than forty (40) days after receipt of an invoice by a customer entity. Payment from state customer entities will be made by way of electronic journal transfer to the SDC. If a customer entity disputes a line item invoice charge and the dispute is found by the SDC to be valid, an appropriate credits will be included on a subsequent customer entity invoice within sixty (60) days of resolution.

    Rulemaking Authority 282.0051(18) FS. Law Implemented 282.0051(11)(e) FS. History-New ______.

     

    NAME OF PERSON ORIGINATING PROPOSED RULE: Kevin Patten, Chief Operations Officer

    NAME OF AGENCY HEAD WHO APPROVED THE PROPOSED RULE: Jason Allison, Executive Director

    DATE PROPOSED RULE APPROVED BY AGENCY HEAD: April 8, 2016

    DATE NOTICE OF PROPOSED RULE DEVELOPMENT PUBLISHED IN FAR: April 15, 2015

Document Information

Comments Open:
4/15/2016
Summary:
The proposed rulemaking adopts new rules related to the State Data Center, including budgeting and accounting procedures, cost-recovery methodologies, and operating procedures.
Purpose:
The purpose of this rule is to implement the provisions of Section 282.0051(11)(e), F.S., to adopt rules relating to the operation of the State Data Center.
Rulemaking Authority:
282.0051(18) FS.
Law:
282.0051(11)(e) FS.
Contact:
Anthony Garcia at (850)412-6066 or at anthony.garcia@ast.myflorida.com.
Related Rules: (4)
74-3.001. Definitions
74-3.002. Physical Access and Security
74-3.004. Service Requests and Approvals
74-3.007. Budgeting and Accounting; State Data Center Cost-Recovery Methodology