Title 2.2. Administration of Government
Chapter 26. Councils
§ 2.2-2699.6. Powers and duties of the ITAC; report.
A. The ITAC shall have the power and duty to:
1. Adopt rules and procedures for the conduct of its business;
2. Advise the CIO regarding cybersecurity policies, standards, and guidelines, for (i) assessing security risks, (ii) determining appropriate security measures, (iii) performing security audits of government electronic information, (iv) strengthening the Commonwealth's cybersecurity, and (v) protecting against and responding to breaches of information technology security;
3. Advise the CIO on strategies and priorities for information technology for executive branch agencies;
4. Advise the CIO on information technology planning and projects;
5. Advise the CIO on policies, standards, and guidelines for information technology and data of the Commonwealth; and
6. Advise the CIO on information technology budgeting, investments, and expenditures.
B. The ITAC may appoint advisory subcommittees consisting of individuals with expertise in particular subject areas and information technology to advise the ITAC on the utilization of nationally recognized technical and data standards in such subject areas. If such a subcommittee is appointed by the ITAC, the CIO, or his designee, shall be an ex officio member and the Secretary of Administration may appoint representatives from other relevant Secretariats or state agencies as may be appropriate. Any such subcommittee may be appointed for a period of two years and may be reappointed by the ITAC at the end of any two-year period.
C. The CIO shall report annually to the Governor and the General Assembly regarding the work of the ITAC and any advisory subcommittees.
D. As used in this section, "information technology" has the same meaning as set forth in § 2.2-2006.
2010, cc. 136, 145; 2011, cc. 266, 313; 2016, c. 296; 2022, cc. 260, 261.