(a) The Department of Revenue is authorized to deviate from any provision in G.S. 147-33.83(a) that requires departments or agencies to consolidate information processing functions on equipment owned, controlled, or under custody of the Office of Information Technology Services. All deviations by the Department of Revenue pursuant to this section shall be reported in writing within 15 days by the Department of Revenue to the State CIO and shall be consistent with available funding. Any State agency may apply in writing to the State CIO for authority to deviate. If granted, any deviation shall be consistent with available funding and shall be subject to such terms and conditions as may be specified by the State CIO. If the agency's request for deviation is denied by the State CIO, the agency may request a review of the decision pursuant to G.S. 147-33.72D.
(b) The Department of Revenue is authorized to adopt and shall adopt plans, policies, procedures, requirements, and rules for the acquisition, management, and use of information processing equipment, information processing programs, data communications capabilities, and information systems personnel in the Department of Revenue. If the plans, policies, procedures, requirements, rules, or standards adopted by the Department of Revenue deviate from the policies, procedures, or guidelines adopted by the Office of Information Technology Services, those deviations shall be allowed and shall be reported in writing within 15 days by the Department of Revenue to the State CIO. The Department of Revenue and the Office of Information Technology Services shall develop data communications capabilities between the two computer centers utilizing the North Carolina Integrated Network, subject to a security review by the Secretary of Revenue.
(c) The Department of Revenue shall prepare a plan to allow for substantial recovery and operation of major, critical computer applications. The plan shall include the names of the computer programs, databases, and data communications capabilities, identify the maximum amount of outage that can occur prior to the initiation of the plan and resumption of operation. The plan shall be consistent with commonly accepted practices for disaster recovery in the information processing industry. The plan shall be tested as soon as practical, but not later than six months, after the establishment of the Department of Revenue information processing capability.
(d) Notwithstanding the provisions of subsections (a) and (b) of this section, the Department of Revenue shall review and evaluate any deviations and shall, in consultation with the Office of Information Technology Services, adopt a plan to phase out any deviations that are not determined to be necessary in carrying out functions and responsibilities unique to the Department. The plan adopted by the Department shall include a strategy to coordinate its general information processing functions with the Office of Information Technology Services in the manner prescribed by G.S. 147-33.83(a) and provide for its compliance with policies, procedures, and guidelines adopted by the Office of Information Technology Services. The Department of Revenue shall submit its plan to the Office of State Budget and Management by January 15, 2005. (1989, c. 239, s. 5; c. 770, s. 60; 1989 (Reg. Sess., 1990), c. 1024, s. 36; 1991 (Reg. Sess., 1992), c. 900, s. 14(g); c. 1030, s. 51.14; 1997-148, ss. 5, 6; 1999-347, s. 2; 1999-434, s. 27; 2000-174, s. 2; 2004-129, s. 16.)
Last modified: March 23, 2014