(1) The agency shall have the following powers and duties related to the governance of information services:
(a) To develop statewide standards and policies governing the:
(i) Acquisition of equipment, software, and technology-related services;
(ii) Disposition of equipment;
(iii) Licensing of the radio spectrum by or on behalf of state agencies; and
(iv) Confidentiality of computerized data;
(b) To develop statewide and interagency technical policies, standards, and procedures;
(c) To review and approve standards and common specifications for new or expanded telecommunications networks proposed by agencies, public postsecondary education institutions, educational service districts, or statewide or regional providers of K-12 information technology services;
(d) With input from the legislature and the judiciary, to provide direction concerning strategic planning goals and objectives for the state;
(e) To establish policies for the periodic review by the director of state agency performance which may include but are not limited to analysis of:
(i) Planning, management, control, and use of information services;
(ii) Training and education;
(iii) Project management; and
(iv) Cybersecurity, in coordination with the office of cybersecurity;
(f) To coordinate with state agencies with an annual information technology expenditure that exceeds ten million dollars to implement a technology business management program to identify opportunities for savings and efficiencies in information technology expenditures and to monitor ongoing financial performance of technology investments;
(g) To develop statewide standards for agency purchases of technology networking equipment and services;
(h) To implement a process for detecting, reporting, and responding to security incidents consistent with the information security standards, policies, and guidelines adopted by the director;
(i) To develop plans and procedures to ensure the continuity of commerce for information resources that support the operations and assets of state agencies in the event of a security incident; and
(j) To work with the office of cybersecurity, department of commerce, and other economic development stakeholders to facilitate the development of a strategy that includes key local, state, and federal assets that will create Washington as a national leader in cybersecurity. The agency shall collaborate with, including but not limited to, community colleges, universities, the national guard, the department of defense, the department of energy, and national laboratories to develop the strategy.
(2) Statewide technical standards to promote and facilitate electronic information sharing and access are an essential component of acceptable and reliable public access service and complement content-related standards designed to meet those goals. The agency shall:
(a) Establish technical standards to facilitate electronic access to government information and interoperability of information systems, including wireless communications systems; and
(b) Require agencies to include an evaluation of electronic public access needs when planning new information systems or major upgrades of systems.
In developing these standards, the agency is encouraged to include the state library, state archives, and appropriate representatives of state and local government.
(3) Each state agency must annually certify to the agency that it is in compliance with the policies and standards developed under this chapter.