IDENTITY AUTHENTICATION/ELECTRONIC SIGNATURES
Guidelines for Use of Electronic Signatures by State Agencies
(1) The purpose of this rule is to implement the electronic signature provisions of the Uniform Electronic Signatures Act (UETA). The rule is not intended to apply to the other provisions of the act.
(2) This rule applies prospectively to new software applications with electronic transactions requiring signatures that are implemented after the effective date of this rule.
(3) Agencies shall follow the Information Resources Management Division policy which adopts the federal E-authentication process. The IRMD policy requires that agencies using electronic signatures:
(a) Determine the level of assurance the agency needs that the party signing an electronic transaction is authentic.
(b) Use only those tools and software applications approved by NIST and the Department of Administrative Services, Information Resources Management Services Division to mitigate the risks identified and provide the level of authentication needed.
(4) Agencies may request an exemption from these rules from the Department of Administrative Services.
Stat. Auth.: ORS 184.305, 291.038, 84, 84.049, 84.052, 84.055 & 84.064
Stats. Implemented: Portions of 2001 HB 2112
Hist.: DAS 10-2005(Temp), f. 8-31-05, cert. ef. 9-21-05 thru 3-18-06; DAS 11-2005, f. & cert. ef. 10-21-05
Enterprise Geographic Information System (GIS) Software Standard
(1) Purpose. The purpose of this rule is to establish a common, enterprise GIS Software standard to promote the creation, use and exchange of inter-related and standards-based geographic data and geospatial business intelligence within and between state agencies. The objective of this standard is to provide a common geospatial software and data framework underpinning all future computer applications containing geospatial components thus increasing the value and use of those applications as state information technology assets. The GIS Software standard will also allow the State of Oregon the opportunity to leverage the buying power of the broadest possible user base. The GIS Software standard is anticipated to enable the most integrated, economic and efficient acquisition, installation and use of GIS across Oregon state government. These outcomes will be made possible through the:
(a) Current installed base of GIS software and trained expertise within state agencies.
(b) General technical benefits associated with the use of standardized software, including but not limited to:
(A) Simplified software and application infrastructure configurations.
(B) Ease of software installations and upgrades.
(C) Simplified application connectivity, security and data distribution architectures.
(D) The capacity for simultaneous multi-user editing, dataset versioning, and history retention.
(E) The ability to utilize existing geospatial business intelligence to ensure data integrity and consistency via the establishment of topology rules, data attribute domain rules, and data validation rules.
(c) Enterprise-oriented data and application accessibility offered by the use of common GIS software deployed across state agencies.
(d) Enhanced functionality and interoperability of related software components within a suite of software applications including the reduction of costly data translations between diverse software products and the ability to leverage data modeling and processing efforts for reuse between agencies.
(e) Ease of sharing geospatial data among agencies and with the public based on a common GIS software infrastructure.
(2) Definitions. For the purposes of this rule:
(a) “GIS” means geographic information systems which comprise the hardware, software, network, data, and human resources involved in creating, maintaining, managing, and distributing data, information, and knowledge about spatial objects and their relative positions.
(b) “GIS Software” means computer-language coding created specifically to facilitate the creation, management, distribution, accessibility, and promulgation of Spatial Data. For the purposes of this rule, “GIS Software” does not mean computer-language coding used for the purposes of computer aided design (CAD), simple address list management or similar business processes unless the purpose is to establish inter-agency Spatial Data.
(c) “Spatial Data” means digital information that identifies the geographic location of features and boundaries that are usually stored as coordinates and topology that can be mapped or used for comparative spatial analysis.
(d) “State Agency” or “Agency” means every state officer, board, commission, department, institution, branch or agency of the state government, whose costs are paid wholly or in part from funds held in the State Treasury, except:
(A) The Legislative Assembly, the courts and their officers and committees;
(B) The Public Defense Services Commission;
(C) The Secretary of State and the State Treasurer in the performance of the duties of their constitutional offices;
(D) The State Board of Higher Education or any state institution of higher education within the Oregon University System; and
(E) The State Lottery.
(3) Standard. To achieve the purposes described in section (1) of this rule the standard for GIS Software for Oregon state agencies is the scalable suite of Environmental Systems Research Institute, Inc (ESRI) software applications:
(a) Deployed at the desktop, server, or web interface levels and designed to enable the creation, manipulation, management, storage and distribution of digital maps, digital spatial objects and any associated spatial tabular databases; or,
(b) To manage shared spatially-referenced information.
(4)(a) GIS Software Inventory. All state agencies shall inventory and report use of all GIS Software in the format and at the time established by DAS Enterprise Information Strategy and Policy Division (EISPD). Upon conclusion of the inventory the exception process described in subsection (5) of this rule becomes effective.
(b) Continued use of existing, installed, non-standard GIS Software declared in inventory; assumed exception. Agencies currently using non-standard GIS Software described by the agency in the inventory required by subsection (a) of this section will be granted a written exception to the enterprise GIS Software standard until such time as any of the conditions described in section (5)(d) of this rule occur.
(5)(a) Exception. Notwithstanding the enterprise GIS Software standard established in subsection (3) of this rule, the State Chief Information Officer (CIO) or their designee may grant a written exception to an agency to the GIS Software standard.
(b) Considerations for evaluating an agency exception request. Considerations to be weighed by the State CIO or their designee in evaluating an agency request for an exception to the GIS software standard include, but are not limited to:
(A) Agency business rationale for use of non-standard GIS software;
(B) The degree to which the requested non-standard use of GIS software would materially inhibit the state from ensuring that its information resources fit together in a statewide system capable of providing ready access to and sharing of information, computing or telecommunication resources;
(C) The degree to which the requested non-standard use of GIS software would interfere with the state’s goal of acquiring and using enterprise information technology resources in the most integrated, interoperable, efficient and economical manner possible; and
(D) Other factors deemed to be relevant to consider by the State Chief Information Officer (CIO).
(c) Agency Exception Request. An agency may be granted an exception to the GIS Software standard by submitting a written exception request to DAS EISPD. An agency exception request must address each of the considerations described in subsection (b) of this section and contain the facts base necessary to justify agency conclusions.
(d) Conditions requiring agency to submit an exception request. An agency must submit a written agency exception request to DAS EISPD when the any of the following conditions arise:
(A) Use of excepted, non-standard GIS Software evolves over time. Any agency using excepted, non-standard GIS Software must submit a request to continue that exception whenever agency’s use of the non-standard GIS Software is anticipated to change. Changes include, but are not limited to:
(i) An expansion of the number of software licenses used within the agency.
(ii) Changing the license management system from desktop-oriented to network-oriented use.
(iii) Changing the software use model from a desktop to a client-server orientation.
(iv) Supplementing the existing GIS Software use with a web-based application for functionality, data creation, data sharing, or map product distribution.
(B) Initial acquisition of non-standard GIS Software. Before initial acquisition of non-standard GIS Software an agency must request an exception to the GIS Software standard.
(C) Non-standard GIS Software used for documented research or instructional purposes. Before initial or expanded use of non-standard GIS Software for research or instructional purposes an agency must request an exception to the GIS Software standard. A single exception request from an agency should be sufficient to cover all research and instruction conducted by any division, unit, or individual of that agency.
(e) Emergency exception. Notwithstanding the exception request process described in subsections (c) and (d) of this section, the State CIO may waive some or all of the requirements for written submission of an agency exception request when immediate action is required to address an agency’s emergency need to use non-standard GIS Software.
(f) Reconsideration. An agency may request reconsideration of a denial of a GIS Software standard exception request by submitting a subsequent request in writing to the State CIO containing additional supporting information that was not included in the original exception request.
(6) Biennial Review. At least once every two years the State CIO must issue a written report to the Oregon Geographic Information Council regarding the efficacy of the GIS Software standard and its accomplishment of the purposes described in subsection (1) of this rule.
Stat. Auth.: ORS 291.038
Stats. Implemented: ORS 291.038
Hist.: DAS 5-2008, f. 6-23-08, cert. ef. 6-30-08