Because SUNCOM was a component of the State Technology Office (STO), the elimination of the STO left SUNCOM without rules. These proposed rules reestablish SUNCOM rules with significant and fundamental changes because of changes to Statutes, ...  


  • RULE NO: RULE TITLE
    60FF-1.001: General
    60FF-1.002: Definitions
    60FF-1.003: Establishing and Maintaining Eligibility for Non-Required SUNCOM Customers
    60FF-1.004: Required Users Filing SUNCOM Exemption Requests for Use of Network Resources Not Provided through SUNCOM
    60FF-1.005: Exemption Request Part I: Description of the Business Objectives
    60FF-1.006: The Department’s Evaluation of Part I of Exemption Requests
    60FF-1.007: Exemption Request Part II: Description of the Network Solution
    60FF-1.008: The Department’s Evaluation of Part II of Exemption Requests
    60FF-1.009: Exemption Request Part III: Verification that the Purchase and Implementation Met Rules Requirements
    60FF-1.010: The Department’s Evaluation of Part III of Exemption Requests
    60FF-1.011: State Intranet Users Clearance Requests Related to Interoperability and Security
    60FF-1.012: Department Response to Clearance Requests
    PURPOSE AND EFFECT: Because SUNCOM was a component of the State Technology Office (STO), the elimination of the STO left SUNCOM without rules. These proposed rules reestablish SUNCOM rules with significant and fundamental changes because of changes to Statutes, technology and deregulation of the telecommunications industry that were not accounted for in the STO rules.
    SUMMARY: These proposed rules describe steps and criteria for verifying Eligibility to use SUNCOM and to become a customer; establish a process that replaces the CPLA process for statutorily “Required Users” (agencies and universities according to Section 282.103(3), F.S.) to obtain exemptions from use of SUNCOM; establish a “Clearance Request” process for SUNCOM Intranet customers before implementing non-SUNCOM network solutions.
    SUMMARY OF STATEMENT OF ESTIMATED REGULATORY COSTS: No Statement of Estimated Regulatory Cost was prepared.
    Any person who wishes to provide information regarding a statement of estimated regulatory costs, or provide a proposal for a lower cost regulatory alternative must do so in writing within 21 days of this notice.
    SPECIFIC AUTHORITY: 282.102 (9) FS.
    LAW IMPLEMENTED: 282.102, 282.103, 282.104, 282.105, 282.106, 282.107 FS.
    A HEARING WILL BE HELD AT THE DATE, TIME AND PLACE SHOWN BELOW:
    DATE AND TIME: January 28, 2008, 1:00 p.m., February 7, 2008, February 20, 2008, 9:00 a.m.
    PLACE: Betty Easley Conference Center, Room 152, 4075 Esplanade Way, Tallahassee, Florida
    THE PERSON TO BE CONTACTED REGARDING THE PROPOSED RULE IS: Carolyn Mason, Department of Management Services, Communications and Information Technology, 4030 Esplanade Way, Suite 125K, Tallahassee, FL 32309; Carolyn.mason@dms.myflorida.com or telephone 850/922-7503.
    Interested parties are encouraged to obtain electronic copies of these proposed rules via an electronic mail request to Carolyn Mason and send Ms. Mason specific excerpts with clearly identifiable suggestions on how the proposed wording can be improved (i.e. using underline and strike through to signify suggested changes). All parties providing such suggestions should include information identifying themselves and the organization they represent with contact information.

    THE FULL TEXT OF THE PROPOSED RULE IS:

    STATE COMMUNICATIONS DEFINITIONS; USAGE QUALIFICATIONS; EXEMPTIONS AND CLEARANCES

    60FF-1.001 General.

    As mandated by Section 282.103, F.S., the Department of Management Services (the Department) shall design, acquire, engineer, implement and operate a statewide network referred to as SUNCOM. Barring exceptions described within these rules, the Department shall obtain, secure, manage, coordinate State communications and provision for use of State communications services, equipment and communications software.  Most of these communications resources shall be rendered into a cohesive SUNCOM network with centrally controlled invoicing to achieve economies of scale, interoperability, accountability and enhanced capabilities for voice, data, video, radio,  telephony, wireless, and  multimedia communications services that SUNCOM shall make available to Eligible Users. The Department shall further establish standards for, regulate and monitor connections to the SUNCOM network. This rule chapter applies to Eligible Users, as defined in Sections 282.103, .104, .105, and .106, F.S., including state agencies, political subdivisions of the state, municipalities, educational institutions, libraries, and nonprofit corporations using SUNCOM or procuring communications services through the Department.

    Specific Authority 282.102(9) FS.  Law Implemented 282.102(2), (8), (12), 282.103, 282.104, 282.105, 282.106, 282.107 FS. History– New_________.

     

    60FF-1.002 Definitions.

    (1) The following terms as defined below, are applicable to Chapters 60FF-1, 60FF-2 and 60FF-3.

    (a) Authorizing Official – An individual appointed by the Eligible User who shall assume one or several roles, and have the ability to exercise the secure and exclusive rights granted through those roles, in the CSAB System(s) on behalf of the Eligible User. Authorizing Officials shall have the authority to obligate funds on behalf of the Eligible User and to approve expenditures for communications services through their actions in the CSAB System(s) or by their receipt of uncontested electronic mail notifications from SUNCOM staff regarding changes to Customer services as reflected in the CSAB System(s). At least one Authorizing Official appointed by the Eligible User shall have the authority to establish other Authorizing Officials for the same Eligible User, thus granting the associated authorities, within the CSAB System(s). Some or all of the Authorizing Officials shall be knowledgeable about the Electronic Communications needs and conditions of the Eligible User.

    (b) Backdoor – Any Unauthorized Connection linking an part of the State Intranet to an outside network or the Internet.

    (c) Billing Data – Data, in standardized formats established by the Department used by the Department to charge Customers for the relative portions of SUNCOM Services they use.

    (d) Business Objective – An operational or cost savings benefit expected from use of Network Equipment, Software or Services. The mere implementation, ownership or use of Network Equipment, Software or Services or Communications Devices shall not be considered to be a genuine Business Objective.

    (e) Communications Device – Any device or software which renders audio, video and/or data into Electronic Communications.

    (f) Communications Service Authorization and Billing System (CSAB Systems) – The Department system(s) for ordering SUNCOM Services, billing Customers for SUNCOM Services and the associated electronic repository of CSA and Billing Data that is available to Customers by accessing through the Web site http://SUNCOM.myflorida.com.

    (g) Communications Service Authorization (CSA) – Order from Eligible User requesting a SUNCOM Service placed through the CSAB System(s), authorizing its installation/implementation and implicitly or explicitly acknowledging the associated Eligible User payment obligations.

    (h) Communication Service Provider – Entity providing communications services, circuits, hardware or software within the State of Florida.

    (i) Connection – A link between two devices or networks to facilitate Electronic Communications.

    (j) Customer – An entity that is a qualified Eligible User and has accepted access to the CSAB System, has ordered, retains usage of or is paying for a SUNCOM Service. In instances where different entities order, use or pay for a specific SUNCOM Service, the using entity is considered to be the Customer.

    (k) Customer’s Physical Network – All of the devices, software and circuits facilitating the Customer’s Electronic Communications in one location. The Customer’s Physical Network ends at the point(s) where it is connected to any circuits provided by SUNCOM, a Communications Service Provider or any public network.

    (l) Department – The Florida Department of Management Services.

    (m) Electronic Communications – The exchange of electronic information between networks and/or devices including voice, data, video and multimedia using physical, virtual and/or wireless transport methods.

    (n) Eligible User – Qualifying user of SUNCOM Services including state agencies, county and municipal agencies, public schools and districts, private, nonprofit elementary and secondary schools (provided they do not have an endowment in excess of $50 million), state universities, community colleges, libraries, water management districts, state commissions and councils, and nonprofit corporations. Any entity ordering or using or paying for a SUNCOM Service must be an Eligible User.

    (o) Network Equipment – Any device or circuit which establishes Physical or Virtual Connections from within the Customer’s Physical Network to networks or devices outside of the Customer’s Physical Network to facilitate communications on behalf of Communications Devices or other Network Equipment. A Communications Device, regardless of its primary use, shall be classified as Network Equipment if it also performs this Network Equipment function.

    (p) Network Service – Any service that includes establishment of Physical or Virtual Connections from within the Customer’s Physical Network to networks or devices outside of the Customer’s Physical Network to facilitate communications on behalf of Communications Devices or Network Equipment. This also includes any services to install, configure or manage Network Software or Network Equipment.

    (q) Network Security – The protection of network topologies and associated services from unauthorized modification, destruction, or disclosure and the reassurance that the network performs its critical function without harmful side effects.

    (r) Network Software – Any software which establishes Physical or Virtual Connections from within the Customer’s Physical Network to networks or devices outside of the Customer’s Physical Network to facilitate communications on behalf of Communications Devices or Network Equipment.

    (s) Network Solution – Use of Network Equipment, Network Software and/or Network Services to meet a Business Objective.

    (t) Physical Connection – Hardware and/or circuit used to establish and/or maintain a Connection.

    (u) Portfolio of Services – The electronic publication located on the official Web site of the Department defining SUNCOM Services and providing associated technical standards, as mandated in Section 281.102(1), F.S.

    (v) Required User – All state agencies and state universities mandated to use SUNCOM in Section 281.103, F.S.

    (w) Security Breach – Any instance where Florida government data or software is accessed or becomes accessible to unauthorized parties or instances where the resources owned or leased by Florida government entities, their partners or vendors are rendered inoperable, unavailable or impaired due to actions of an unauthorized party.

    (x) State Intranet – That portion of the SUNCOM network protected from other networks or the Internet via the State Firewall maintained by the Department.

    (y) State Network – The entire SUNCOM offering including the State Intranet, extranet from the State Intranet, virtual private network connections through the State Intranet and all portions of the SUNCOM infrastructure regardless of whether it is leased or owned by the Department. This includes the private and public portions and the portion in between the private and public portions.

    (z) Sub-network – Networks established by Customers within, or attached to, the broader State Network that is maintained by the Department.

    (aa) SUNCOM Provider – Communication Service Provider authorized by the Department to sell, deliver, configure and/or maintain hardware, circuits, software and/or services under the SUNCOM name to SUNCOM Customers. SUNCOM Providers must be in compliance with all applicable laws, including rules or regulations promulgated by the Florida Public Service Commission and the Federal Communications Commission if the SUNCOM Provider is a Communication Service Provider regulated by these agencies.

    (bb) SUNCOM Services – Network Equipment, Network Services, Network Software, Communications Devices or the configuration or management of any of these, obtained, secured or provided by the Department and rendered into services that are made available to Eligible Users by the Department or SUNCOM Providers under agreements with the Department

    (cc) System Failure – Any condition where Florida government Electronic Communications are impaired or inoperable.

    (dd) Traffic – Flow of Electronic Communications over Network Hardware and circuits.

    (ee) Traffic Monitoring – Information collected regarding communications over the State Network including destination/source address, volume, pattern, and date and time information that may be recorded and analyzed by the Department for any given session.

    (ff) Unauthorized Access – Any sign-on and/or log-on activity accessing any part of the State Network and/or connected devices performed by an Unauthorized User.

    (gg) Unauthorized Activity – Unauthorized Access to, Unauthorized Connection to, Unauthorized Traffic on and Unauthorized Use of the State Network.

    (hh) Unauthorized Connection – Any virtual private network, private virtual circuit, extranet and/or point-to-point connection to the State Network that has not been disclosed to and recorded by the Department.

    (ii) Unauthorized Traffic – Any communications transported across the State Network that is not directly relevant to state business and/or that is directed to or from an Unauthorized User.

    (jj) Unauthorized User – Individual user not affiliated with and authorized by a current Customer of SUNCOM who is using the State Network.

    (kk) Virtual Connection – The configuration or use of software to establish and/or maintain a Connection.

    (2) Other terms shall have their commonly understood meanings.

    Specific Authority 282.102(9) FS. Law Implemented 282.102(2), (8), (12), 282.103, 282.104, 282.105, 282.106, 282.107 FS. History– New_________.

     

    60FF-1.003 Establishing and Maintaining Eligibility for Non-Required SUNCOM Customers.

    (1) Eligible Users which are not Required Users must submit an electronic mail request to customerservice@dms.myflorida.com, provide the associated information necessary to prove eligibility and agree to the provisions of these rules and SUNCOM policies and procedures prior to becoming a Customer.

    (2) Once designated by the Department as eligible, Eligible Users have the obligation to maintain understanding of statutory eligibility requirements, verify their ongoing eligibility and notify the Department upon loss of eligibility.

    (3) At any time the Department may declare an Eligible User ineligible if the Department finds that the Customer no longer qualifies in accordance with Sections 282.103-.107, F.S.

    (4) The acts of an entity to establish an account in the CSAB System(s) or accept SUNCOM Services is considered acknowledgement by the entity of these eligibility requirements and is a declaration that the entity is eligible in accordance with Sections 282.103-.107, F.S.

    (5) The registration process in the CSAB System(s) will consist of the following:

    (a) Upon first login of the Authorizing Official (User), the User will be prompted with a statement akin to the following: By ordering SUNCOM Services, the User acknowledges:

    1. All requirements of Chapter 282, F.S., and the Rules, policies and procedures of the Department;

    2. Responsibility to pay for ordered services until cancelled by the User;

    3. That the resale of any SUNCOM service to a non-Eligible User is expressly prohibited;

    4. Responsibility to notify the Department upon any change in eligibility within thirty days of status change;

    5. That telephone numbers and electronic addresses provided by the Department as part of the SUNCOM Service offering belong to the Department and upon termination of the SUNCOM service cannot be transferred to another entity without the Department’s expressed written consent.

    (b) The potential Customer will be asked to Accept or Decline these terms and conditions.

    (6) Accepting these terms will allow the Customer to provide a profile in the CSAB System including:

    (a) Category of Organization as pertains to eligibility: County, City, Non-Profit, Education, Library, Contractor, etc.

    (b) If the User is a Contractor, additional information is required before use of the CSAB System is possible: State Agency, County or City government the Eligible User has a contract with, Contract Number, Expiration Date, Contract Administrator (must be state, county or city government employee), Telephone Number of Contract Administrator, Email Address of Contract Administrator.

    (c) Upon completion of this information, the Customer will be able to place orders.

    (7) Declining these terms will result in a statement akin to the following: Acceptance is required for the use of SUNCOM Service. Please contact your local SUNCOM Representative with questions or concerns at: 888-4SUNCOM.

    Specific Authority 282.102(9) FS. Law Implemented 282.102(2), (8), (12), 282.103, 282.104, 282.105, 282.106, 282.107 FS. History– New_________.

     

    60FF-1.004 Required Users Filing SUNCOM Exemption Requests for Use of Network Resources Not Provided through SUNCOM.

    (1) Required Users intending to implement a Network Solution through means other than SUNCOM, must obtain an exemption from the Department of Management Services by filing an Exemption Request consisting of the three parts described Rules 60FF-1.005 through 60FF-1.010, F.A.C.

    (2) Upon identifying a business need requiring a new Network Solution and prior to developing any part of the Exemption Request, the Required User shall discuss the Required User’s need with the Department to find out if SUNCOM’s existing or impending services, or a collaborative effort between the Department and the Required User, can accommodate the need.

    (3) The Required User shall incorporate common practices of readability including tables of contents, headings, executive summaries or cover letters, proper grammar and spelling. Recommended templates and examples shall be provided through the Portfolio of Services as they become available.

    (4) Required Users shall submit Exemption Requests either:

    (a) Through the provisions of the CSAB System.

    (b) Or via electronic mail with attachments to SUNCOMRequests@myflorida.com with “Exemption Request” and the name of the Required User in the Subject line.

    Note that if the request contains sensitive information, use of electronic mail may pose security risks.

    (c) Or via U. S. Postal Service address to: Department of Management Services, SUNCOM, Attention: Exemption Request Processing, 4030 Esplanade Way, Tallahassee, Florida 32399-0950.

    (5) If at any time after submittal of the Exemption Request, the Required User determines that SUNCOM can satisfy the Required User’s Business Objectives described in the Exemption Request, the Department or the Required User shall acknowledge that fact in writing.  The Required User and the Department shall then be absolved of the requirements related to Exemption Requests. The Department and the Required User shall then arrange for implementation of SUNCOM Services or preparation of a SUNCOM proposal to meet the Customer’s Business Objectives.

    Specific Authority 282.102(9) FS.  Law Implemented 282.102(2), (8), (12), 282.103, 282.104, 282.105, 282.106, 282.107 FS. History– New_________.

     

    60FF-1.005 Exemption Request Part I: Description of the Business Objectives.

    Part I shall consist of the following:

    (1) Standard contact, categorization and tracking data including:

    (a) The Customer account number;

    (b) Requesting Required User organization name, address, city, state, zip code;

    (c) Exemption Request author, name, telephone number, electronic mail address;

    (d) Address, city, state, zip code where the primary part of Network Solution implementation shall take place;

    (e) Date that the Network Solution is to be implemented;

    (f) Category of service to which the Exemption Request pertains (e.g., Voice, Data, Conferencing, Wireless);

    (g) Any pending SUNCOM orders affected;

    (h) Brief summary of Business Objectives.

    (2) Verification that Part I of the Exemption Request has been authorized by the Chief Information Officer or the equivalent (if a CIO does not exist) for the Required User.

    (3) The Required User’s description of the Business Objectives to be satisfied by the proposed Network Solution for which the Required User is seeking an Exemption. The description shall contain the same essential information the Required User used (shall use) to formulate the Required User’s proposed Network Solution (in Part II).

    (4) A general description of the Required User’s proposed technical means to achieve the Business Objectives in sufficient detail for the Department to evaluate whether the Department can currently, or shall soon be able to, provide a solution.

    (5) A description of the Required User’s findings from their initial inquiry to and discussions with SUNCOM regarding the Required User’s needs in accordance with subsection 60FF-1.004(2), F.A.C.  Upon identifying a business need requiring a new Network Solution and prior to developing any part of the Exemption Request, the Required User shall discuss the Required User’s need with the Department to find out if SUNCOM’s existing or impending services, or a collaborative effort between the Department and the Required User, can accommodate the need. Upon identifying a business need requiring a new Network Solution and prior to developing any part of the Exemption Request, the Required User shall discuss the Required User’s need with the Department to find out if SUNCOM’s existing or impending services, or a collaborative effort between the Department and the Required User, can accommodate the need.

    (6) The expected timing of the milestones for implementing the solution.

    (7) All of the projected one-time and recurring costs of the solution.  This includes all of the costs of Network Services, Network Software and Network Equipment, project management, planning, consulting, procurement process and miscellaneous costs associated with the entire project.

    (8) This statement: “Based upon current information available to the requestor, the Business Objectives described in Part I of this Exemption Request cannot currently be satisfied through SUNCOM Services.”

    (9) The name and contact information of the person holding a full time position as an employee of the Required User in a position established through the General Appropriations Act who shall have authored the Exemption Request and shall be available to answer related questions.

    (10) Any subsequent supplementary documentation requested by the Department that shall clarify or elaborate on Part I components and is needed to properly evaluate Part I of the Required User’s Exemption Request.

    Specific Authority 282.102(9) FS. Law Implemented 282.102(2), (8), (12), 282.103, 282.104, 282.105, 282.106, 282.107 FS. History– New_________.

     

    60FF-1.006 The Department’s Evaluation of Part I of Exemption Requests.

    The Department shall make one of three findings regarding the Department’s ability to provide a timely and cost effective SUNCOM solution to the Required User’s Business Objectives within 15 days after receipt of Part I of the Exemption Request.

    (1)(a) If the Department makes a preliminary finding that a SUNCOM Service cannot currently satisfy the Business Objectives and requires more information than what is contained in Part I in order to complete its evaluation, the Department shall notify the Required User of this finding and begin evaluating Part II as soon as it is available.

    (b) If the Department finds that some of the standard components of Part II are unnecessary to the Department’s evaluation, it may notify the Required User that those components need not be provided.

    (2) If the Department makes a final determination that a SUNCOM Service cannot meet the Required User’s genuine Business Objectives described in Part I, the Department shall notify the Required User of this finding and that none of Part II needs to be submitted.

    (3)(a) If the Department concludes that a SUNCOM Service, or a collaborative effort between the Department and the Required User, can meet the Required User’s Business Objectives described in Part I, the Department shall notify the Required User that the Exemption Request has been denied, none of Part II needs to be submitted and the Department intends to propose a solution.

    (b) Within 30 days from submittal of the Exemption Request, the Department shall provide the Required User a SUNCOM proposal at a level of detail that is commensurate with the completeness and thoroughness provided in Part I of the Exemption Request. This SUNCOM proposal may include a general description of a proposed collaborative effort between the Department and the Required User to meet the Required User’s need.

    Specific Authority 282.102(9) FS. Law Implemented 282.102(2), (8), (12), 282.103, 282.104, 282.105, 282.106, 282.107 FS. History– New_________.

     

    60FF-1.007 Exemption Request Part II: Description of the Network Solution

    (1) At the Required User’s discretion, the Required User may submit Part II at the same time Part I is submitted.  However, Part II shall not be evaluated by the Department until after the evaluation of Part I is complete.

    (2) The Part II description of the Network Equipment, Software or Services must include the following:

    (a) Verification that Part II of the Exemption Request has been authorized by the Chief Information Officer or the equivalent (if a CIO does not exist) for the Required User.

    (b) An explanation of how the proposed Network Solution shall be used to satisfy the Business Objectives in Part I.

    (c) Descriptions of the Network Equipment, Software or Services comprising the proposed Network Solution.

    (d) Appropriate categorization and projected costs of the expected sources of Network Equipment, Software and Services using the following three categories:

    1. “Internal Resources” – Required User full or part-time staff, Required User owned Equipment and Software developed by the Required User.

    2. “Vendor(s) Resources” – Vendor provided Equipment, Software and Services.

    3. “SUNCOM Resources” – SUNCOM provided Equipment, Software and Services.

    (e) An update to the expected costs listed in Part I (per subsection 60FF-1.005(6), F.A.C.).

    (f) The procurement method expected to be used such as: State Contract Number, Single Source,  Invitation to Bid, Request for Proposal.

    (g) If known at the time of submittal of Part II; the entity that is expected to provide the solution with contact information including:  entity name, city, state, representative name, telephone number, electronic mail address.

    (h) The Return on Investment (ROI) calculations estimating the net cost savings from the proposed solution using all of the estimated short and long term costs of the solution if cost savings is considered to be among the benefits described in Part I.  ROIs must show the calculation methods in sufficient detail to allow for replication.

    (i) Schematics of the affected network prior to and after the implementation of the solution.

    (j) General descriptions of security exposures associated with the proposal and security measures to address the exposures.

    (k) This statement: “This Exemption Request and the solution it proposes is in compliance with Sections 282.102 and 282.103, F.S., and Title 60FF of the Florida Administrative Code and shall be implemented in a manner that is consistent with the Security Requirements of Chapter 60FF-3, F.A.C.”

    (l) The name and contact information of the person, holding a full time position as an employee of the Required User in a position established through the Appropriations Act who shall have authored the request and shall be available to answer related questions.

    (3) The Required User must provide any subsequent supplementary documentation requested by the Department that shall clarify or elaborate on Part II components and is needed to properly evaluate Part II of the Required User’s Exemption Request.

    Specific Authority 282.102(9) FS. Law Implemented 282.102(2), (8), (12), 282.103, 282.104, 282.105, 282.106, 282.107 FS. History– New_________.

     

    60FF-1.008 The Department’s Evaluation of Part II of Exemption Requests.

    If the Department concludes that a SUNCOM Service, or a collaborative effort between the Department and the Required User, can better meet the Required User’s Business Objectives than the means proposed in Part II, the Department shall notify the Required User that the Request has been denied and that the Department intends to propose a solution within 30 days.  The Department shall use the following criteria when evaluating Part II of the Exemption Request:

    (1) Congruity – The Department shall evaluate the congruity of Part II to ensure that the Required User’s proposed Network Solution is likely to meet the genuine Business Objectives described in Part I.  The Department shall evaluate congruity only for the purpose of establishing comparable standards of comparison between the Required User’s proposed solution and potential SUNCOM alternatives.  This congruity evaluation shall neither consider the appropriateness of the Business Objectives (beyond ensuring that they are genuine Business Objectives), nor be a means of managing the Required User’s risk, nor determine if the cost to achieve the Required User’s genuine Business Objectives is appropriate unless one of the objectives is cost savings or if the Department can provide a SUNCOM alternative that is less expensive to the State.

    (a) If the Department determines that there are material incongruities in Part II or between Parts I and II, the Department shall either:

    1. Request that the Required User make changes to Parts I and/or II reconciling incongruities. If the Department asks the Required User to reconcile incongruities, the Department shall specifically name all identifiable material incongruities and be comprehensive in its evaluation of the Exemption Request. Accordingly, subsequent requests from the Department shall not require the Required User to submit changes to components of the request previously seen by the Department if the components were not previously identified as a concern and are unaffected, directly or contextually, by a change to the Exemption Request.

    2. Request that the Required User resubmit the entire Exemption Request based on the determination that the incongruities are so substantial that a broad reconsideration by the Required User is warranted. In such instances, the Department shall specify the major concerns but shall not provide a detailed evaluation as described in a. If the Department asks the Required User to reconcile incongruities, the Department shall specifically name all identifiable material incongruities and be comprehensive in its evaluation of the Exemption Request. Accordingly, subsequent requests from the Department shall not require the Required User to submit changes to components of the request previously seen by the Department if the components were not previously identified as a concern and are unaffected, directly or contextually, by a change to the Exemption Request. If the Department asks the Required User to reconcile incongruities, the Department shall specifically name all identifiable material incongruities and be comprehensive in its evaluation of the Exemption Request. Accordingly, subsequent requests from the Department shall not require the Required User to submit changes to components of the request previously seen by the Department if the components were not previously identified as a concern and are unaffected, directly or contextually, by a change to the Exemption Request. above.

    3. Conclude that the Department alone or a collaborative effort between the Department and the Required User can develop an alternative solution that is more responsive to the Business Objectives described in Part I or more tenable or less expensive than what is proposed in Part II. The Department shall then:

    a. Deny the Exemption Request.

    b. Within 30 days from the denial of the Exemption Request, provide the Required User a SUNCOM proposal at a level of detail that is commensurate with the completeness and thoroughness provided in Part II of the Exemption Request.  This proposal may include a general description of a collaborative effort between the Department and the Required User to meet the Required User’s need.

    (2) The Department shall use the following congruity criteria:

    (a) Congruity between the Required User’s Business Objectives (described in Part I) and the proposed Network Solution (described in Part II): This criterion shall determine if the likely benefits of the proposed Network Solution will satisfy the Required User’s identified Business Objectives.

    (b) Congruity between the Required User’s estimated costs and the realistic resources required, market conditions and scope that will likely drive costs: This criterion shall determine if the costs estimate is realistic.

    (c) Congruity between the Required User’s estimated timing and the work effort required: This criterion shall determine if the milestones in Part I are realistic given the description of the proposed Network Solution in Part II.

    (d) Congruity between the Required User’s expectations of the proposed Network Solution and the likelihood those expectations shall be met: This criterion shall determine if the proposed technology has been used before to satisfy equivalent Business Objectives and what is the likelihood of success based upon the scope, technological maturity and track-record of similar projects.

    (3) Economies of scale considerations.

    (a) If the Department determines that the Required User can satisfy its Business Objectives at the same or lower costs in a timely manner through a shared solution with another Required User or the Required User’s subordinate entities, the Department shall negotiate with the Required User with the goal of implementing a shared solution.

    (b) If the Department proposes a collaborative or shared solution between the Required User and the Department then the Department:

    1. Shall commit to an approach that shall not unreasonably delay the Required User’s project nor compel the Required User to incur additional costs.

    2. May require that the shared solution become a SUNCOM offering from which the Required User obtains the solution.

    (4) Compatibility of the solution with the State Network – If the Department determines that the Network Solution proposed in Part II creates incompatibility with the State Network such that State communications or economies of scale shall be impaired, the Department shall request that the Required User modify its Network Solution proposal accordingly.  If the solution cannot be modified to prevent the impairments, the Department shall deny the Exemption Request.

    (5) Security Impact on the State Network – If the Department determines that the Network Solution proposed in Part II will not comport with the Network Protection Standards for State Network established in Rule 60FF-3.004, F.A.C., the Department shall request that the Required User modify its proposed Network Solution accordingly.  If the solution cannot be modified to comport with Rule 60FF-3.004, F.A.C., the Department shall deny the Exemption Request.

    Specific Authority 282.102(9) FS. Law Implemented 282.102(2), (8), (12), 282.103, 282.104, 282.105, 282.106, 282.107 FS. History– New_________.

     

    60FF-1.009 Exemption Request Part III: Verification that the Purchase and Implementation Met Rules Requirements.

    If the Department has approved Parts I and II of the Exemption Request, the Required User shall provide copies of all related procurement solicitations, contracts, purchase orders or agreements for related Network Services, Network Software and Network Equipment as they become available.

    Specific Authority 282.102(9) FS. Law Implemented 282.102(2), (8), (12), 282.103, 282.104, 282.105, 282.106, 282.107 FS. History– New_________.

     

    60FF-1.010 The Department’s Evaluation of Part III of Exemption Requests.

    If the Department discovers that any procurement solicitations, contracts, purchase orders or agreements related to the Exemption Request do not comply with Rule 60FF-3.005, F.A.C., the Department shall deny the Exemption Request.

    Specific Authority 282.102(9) FS. Law Implemented 282.102(2), (8), (12), 282.103, 282.104, 282.105, 282.106, 282.107 FS. History– New_________.

     

    60FF-1.011 State Intranet Users Clearance Requests Related to Interoperability and Security.

    (1) Specific Customers must provide certain information regarding the interoperability and security of network projects to obtain a clearance from the Department prior to implementation. This rule applies to SUNCOM Customers which are:

    (a) Using the State Intranet.

    (b) And are not Required Users covered under the provision of Rule 60FF-1.004, F.A.C.

    (c) And are intending to initiate Network Solutions that result in the purchase or lease of Network Services, Network Software or Network Equipment and these network resources:

    1. Make use of the Internet Protocol.

    2. And are not provided through SUNCOM.

    (2) These Customers shall submit Clearance Requests either:

    (a) Through the provisions of the CSAB System described in Chapter 60FF-2, F.A.C.

    (b) Or via electronic mail with attachments to SUNCOMRequests@myflorida.com with “Clearance Request” and the name of the Customer in the subject line.   Note that if the request contains sensitive information, use of electronic mail may pose security risks.

    (c) Or via U. S. Postal Service address: Department of Management Services, SUNCOM, Attention: Clearance Request Processing, 4030 Esplanade Way, Tallahassee, Florida 32399-0950.

    (3) These Customers must provide the following as a part of the Clearance Request:

    (a) Standard contact, categorization and tracking data including:

    1. The Customer account number;

    2. Customer organization name, address, city, state, zip code;

    3. Clearance Request author name, telephone number, electronic mail address;

    a. Note that this contact person shall be available to answer related questions.

    4. Address, city, state, zip code where the primary part of the Network Solution shall take place;

    5. Date that the Network Solution is to be implemented;

    6. Category of service the Clearance Request pertains to (e.g., Voice, Data, Conferencing, Wireless);

    7. Any pending SUNCOM orders affected;

    (b) Brief summary of Business Objectives.

    (c) Descriptions of the Network Equipment, Software or Services comprising the Network Solution.

    (d) If known at the time of submittal of the Clearance Request, the entity that is expected to provide the solution with contact information including: entity name, city, state, representative name, telephone number and electronic mail address.

    (e) Schematics of the affected network prior to and after the implementation of the Network Solution.

    (f) General descriptions of security exposures associated with the proposal and security measures to address the exposures.

    (4) A statement must be included that the Customer shall commit to Rule 60FF-3.005, F.A.C., and be prepared to demonstrate this commitment by providing copies of purchasing documents, if requested by the Department.

    (5) The Customer must provide any subsequent supplementary documentation requested by the Department that shall clarify or elaborate on the Network Solution and is needed to properly evaluate its potential impact on the State Intranet and its other Customers.

    Specific Authority 282.102(9) FS. Law Implemented 282.102(2), (8), (12), 282.103, 282.104, 282.105, 282.106, 282.107 FS. History– New_______.

     

    60FF-1.012 Department Response to Clearance Requests.

    (1) The Department shall evaluate the Customer’s Clearance Request for the following conditions:

    (a) Compatibility of the solution with the State Network – If the Department determines that the Network Solution creates incompatibility with the State Intranet such that State communications or economies of scale shall be impaired, the Department shall request that the Customer modify its Network Solution accordingly.  If the Network Solution cannot be modified to prevent the impairments, the Department shall deny the Clearance Request.

    (b) Security Impact on the State Network – If the Department determines that the Network Solution shall not comport with the Network Protection Standards for State Network established in Rule 60FF-3.004, F.A.C., the Department shall request that the Customer modify its Network Solution accordingly.  If the Network Solution cannot be modified to comport with Rule 60FF-3.004, F.A.C., the Department shall deny the Clearance Request.

    (2) Clearance Requests that are denied shall result in one of the following:

    (a) Re-submittal of another approach by the Customer.

    (b) A proposal from the Department for an alternative approach that is in compliance.

    (c) Termination of the Customer’s participation in the State Intranet.

    Specific Authority 282.102(9) FS. Law Implemented 282.102 (2), (5) (8), (12), 282.103, 282.104, 282.105, 282.106, 282.107 FS. History– New_________.


    NAME OF PERSON ORIGINATING PROPOSED RULE: Charles Ghini, Director of Telecommunications and Wireless, and Michael Kyvik, Chief of Operations, Communications and Information Technology Services (CITS)
    NAME OF SUPERVISOR OR PERSON WHO APPROVED THE PROPOSED RULE: Terry Kester, Deputy Secretary, Communications and Information Technology Services (CITS), Department of Management Services
    DATE PROPOSED RULE APPROVED BY AGENCY HEAD: December 19, 2007
    DATE NOTICE OF PROPOSED RULE DEVELOPMENT PUBLISHED IN FAW: November 9, 2007

Document Information

Comments Open:
12/28/2007
Summary:
These proposed rules describe steps and criteria for verifying Eligibility to use SUNCOM and to become a customer; establish a process that replaces the CPLA process for statutorily “Required Users” (agencies and universities according to Section 282.103(3), F.S.) to obtain exemptions from use of SUNCOM; establish a “Clearance Request” process for SUNCOM Intranet customers before implementing non-SUNCOM network solutions.
Purpose:
Because SUNCOM was a component of the State Technology Office (STO), the elimination of the STO left SUNCOM without rules. These proposed rules reestablish SUNCOM rules with significant and fundamental changes because of changes to Statutes, technology and deregulation of the telecommunications industry that were not accounted for in the STO rules.
Rulemaking Authority:
282.102 (9) FS.
Law:
282.102, 282.103, 282.104, 282.105, 282.106, 282.107 FS.
Contact:
Carolyn Mason, Department of Management Services, Communications and Information Technology, 4030 Esplanade Way, Suite 125K, Tallahassee, FL 32309; Carolyn.mason@dms.myflorida.com or telephone 850/922-7503. Interested parties are encouraged to obtain electronic copies of these proposed rules via an electronic mail request to Carolyn Mason and send Ms. Mason specific excerpts with clearly identifiable suggestions on how the proposed wording can be improved (i.e. using underline and strike ...
Related Rules: (12)
60FF-1.001. General
60FF-1.002. Definitions
60FF-1.003. Establishing and Maintaining Eligibility for Non-Required SUNCOM Customers
60FF-1.004. Standards for Submitting Requests, Notices and Declarations to the Department
60FF-1.005. Customer Notice of Security Concern Regarding a Netwrok Solution
More ...