House State Government Finance Committee 4/11/18

Show video

We're. Gonna start, committee, I can't call us the order yet because we do not have quorum, but. Out, of respect for representative. How I know he has other commitments. We, are just going to go ahead, represent. How you have house file. 3447. Why. Don't you describe your bill as we're waiting to get quorum well thank, you madam chair and members House file three, four four seven is an attempt to focus, minute on smaller. Projects, that I believe, and many, others do that are better suited for their skill set, this. Is done by. Making. It a priority to provide IT. Support. Services. Above. And before developing, and designing, specific. IT. Projects. It. Requires. Projects. Over a hundred thousand dollars to be, subject, to contracts, with, one or more vendors and then. It requires a report, on that project prior, to going live and. That's. The, meat of the bill so, this, is just a an, attempt. To make. Minute. A more. Effective, efficient. Agency. That's. That's the bill. Re. I, am going to ask if there's anyone that wishes to testify, on your bill and. I believe the Commissioner, is here. Mister, did you wanna testify, on house file 3447. And then just be aware we haven't officially called, ourselves to order yet and I main it need to interrupt you when that happens so commissioner. Madam. Chair members thank you for the opportunity, to testify on House Senate excuse. Me house file, 3447. I. I. Do, have some concerns about the impacts of project, costs and timelines, of IT projects. Over. The hundred thousand threshold. And. What. That would be required in vendor contracting. As the, bill currently reads we would be required a higher avenged. To carry out a project regardless. Of whether current state employees. Are. Able and. Available, to perform the services by the contract. Is how it reads right now it. Would be a poor use of tax dollars, to, pay, twice for project, work because, the statute, requires us to hire a vendor to perform a project, that we could task employees, already on staff with, carrying out the project work on. Additionally. We want to indicate that the, need for some additional clarity, would need to be brought to section 6 of the bill which. Would require that the IT project. Impacting, local government be field tested by local, government. Before, being deployed we've. Actually reached out to the Association, of Minnesota counties. Who. Is advocating for this language to better understand, their desired scope, for this requirements. As. The bill currently reads it is unclear, if the requirement, is intended to apply to the rollout for a wholly new IT system, or, whether this would apply for a systems. Upgrade, or any functionality, system, being added or any bug fix that. Is being released, AMC. Has expressed their willingness to work with us to, clarify the language so that we are we're, all in the same page. Ultimately. The, scope of the requirement. Will also dictate the, scope of the fiscal impact that. That would have and so just some concerns, that I want to highlight on this bill, again. Thank you for the opportunity, to allow, me to express some of the concerns on this, bill at hand okay, I appreciate. That I'm gonna see if there's anyone else that wishes to testify on this bill. And. While you're coming up I'm. Gonna take care of some housekeeping items, here I'm, gonna be I'm gonna move that house files 3447. Be laid over for possible inclusion in the omnibus state government finance bill, members. Within your packets, you have two sets of minutes. Representative. Kadesh, Bodine do you want to move the minutes for March, 29th, I do. I move. To approve, the minutes for, March 29th, 2018. All, those in favor please say aye those. Opposed the. March 29th, minutes. Approved, and then. Represented. Green you want to move the April 10th a minutes. Yes. Madam chair I'd like to move the minutes for April 10th green. Moves April 10. Minutes. All those in favor please say aye those. Opposed the, minutes are adopted. Okay. Welcome, to the committee if you could please state your name for the record and who you represent thank. You madam chair members I'm Alice Roberts Davis I'm an assistant commissioner at the Department of Administration I'm, here today to respectfully. Request, that the chair request a fiscal note on this bill, we. Believe that there are fiscal, impacts that need to be accounted for with. This bill. Great. Is, that it. All. Right is there anyone else that wishes to testify on this bill. Remembers. Any questions, representative, Liu thank. You madam chair I, guess. This would be to the Commissioner and possibly. The bill author there, how. Much I mean. How. Much does $100,000. Buy-in nowadays in a in, a contract. For IT. Services. Or. Is it 200. What's where's the where's.

The Benchmark, well, represent, how thank, you madam chair and represent, I, will tell you that the hundred thousand dollar came. Right out of the air and I. Know that. Minute. And I have had some, initial discussions that, it may be too low I have. Not heard from them where the right. Target, number is and I'm open. To change that if that's if we can if, that's 200, thousand if that's 300 thousand if it, needs to be different. In wordings two systems, instead of projects. I'm. Okay with that my my effort, here is to target them and make that emphasis, more. On. System. Maintenance and, security. Rather, than building. New systems, and I think that's where. It. Needs to go and if, they want to provide me some guidance and some wordage some. Verbage to make, that happen, I'm all ears to to amend this to make it so. It's more, effective. In. Their organization. But. Thank you represent, of how I think yes that's a that's a approach. And. Yeah. I think because. I have no idea either, if a hundred-thousand is going to do it or if it's three. Quarters of a million. Whatever but thank, you very much I appreciate the input, there. Any. Other questions members. Represent. And actually Commissioner, Clyburn if you can come back. I'm, looking at the piece on page four subdivision. 11 this, is the portion. That is impacting, local government, know, one of the reports one of the issues. That was raised in, the report, that we reviewed yesterday, and on, meek in a minute and just how your overall operations. Ago. Was. The fact that there wasn't proper, testing. Done, with, the entities, that were involved. In using, the final end product, that, was a major criticism. Throughout the report that had that taken place a lot of the bugs that then were, discovered, upon the launch in July 24th, that that would have been addressed, so, can you talk to me a little bit because, I view this language as helping to fix some of that problem. So what. Talk. To me a little bit more about, what, your concerns, are on this language, in particular. Give. Me a better description description, on that we're. Sure. Madam. Chair, members, when. I'm looking at subdivision. Four you referring to the evaluation, procedure I'm looking on page four subdivision. 11 systems, impacting, local government. Section. Six. Madam. Chair members my, concern, with us is that. First. Off what we need to understand the impact of the local unit I do believe, that field testing, is is, a fundamental. Of IT. Release, but the scope in which it is field tested, the amount of participation, does. That mean members of every local. Community. Does that mean, members. That comprised of multiple local. Governments. What. Is, the. Requirement, for the. Project. Itself is this, a new. System, is this also apply to a software. Upgrade, where. Are the parameters. Around it that they give clarity as to. Full. Release or deployment which are not traditionally, terms, that we. Would use, and. Then. What. Is the, parameter. If. It's not the system that they are really unhappy about but the underlying policy. That. The legislature. Has, put, in place that, is requiring, the system. Okay. Well as I'm reading it and I'll just. Commissioner. I'm looking on a page for line six and, you. Had reference, that your concern of you know how many local units of government does, this entail and in the language here it says by at least one, local unit of government so. If you're in, the, case of the mill our system, obviously this impacted, the entire state, but. In this situation, they would have said at least one local unit of government would.

Have Participated. In. The. Testing, of the software, before it went into play so, I think that addresses, the concern that you have there, what, I'm more interested in, is is if, you can provide us with language. I think that would be helpful on the other concerns, of. Giving. Some definition, to it but I also see some some, folks of the. Local, government folks that could maybe give, us some greater, detail too, and I'd ask you to come to the table as well thank, you. Welcome. To the committee if you can please state your name for the record and who you represent. Jerry, Anderson members of the committee my name is Matt Hill guard and I work for the association of Minnesota counties an organization, that represents all Minnesota's. 87 counties, and, I'll try to be brief, this. Issue actually, came out of one of our policy, committees by, the work of two members commissioners. One of them Anoka, County Commissioner, Rhonda sahaja and the other Olmstead, county, commissioner Sheila Cascadian and it. Was an effort to, say that if there are major IT. Upgrades. Developments. Projects, new systems, that. Minutes. And any. Kind of, administration. Is reaching out and actually working with local units of government to test those technologies, so. That we know that they work so, I'm, glad to hear it sounds like everyone is at least an acknowledgement, that that's a good idea and I think that we're all willing to be working. On the particulars of the language to make sure it actually fundamentally, works the, Commissioner has our commitment to work to. Figure out if there's some parameters, that would be. Suitable. For this bill, right, thank you mr. Hill garden and to, Commissioner, this maybe will give you some peace. Of mind if you look on page 4 again line 9 of the bill it, says standards, for field testing that meets the requirements of the subdivision, must be incorporated. Into the project so, you would be able to develop that plan in working with the different units so, that you would have parameters, around what. This would all entail and I think that addresses the other concern that you expressed, but I'm, anxious, to look forward to see if you can. Work something out with the counties, that. Has a different, language but as I think that we've got it covered here but. I'm. Wait, to hear from you in the future if there's any other items. That you want to have I've got represented, an Asha and representative quorum thank, you madam chair. Wanted, to thank representative Howe for letting me amend this into, his bill when we were in government. Operations it seemed like eons ago or it felt like eons ago but, I think that the the gist of what this amendment was designed to do was to say to counties, and other, government. Entities that are going to be potentially. Suffering, at the hands of a piece of software that's rolled out perhaps, like men Lars that, that testing, regimen. Prior to go alive would, have alleviated, a lot of the problems that we have seen with. Men Lars because it would been caught by people who use this software, everyday. In, their their, business so lots. Of county-owned registrar's. They, would have found out what's, wrong they would have been able to raise a red, flag and say hey not. Working so much and you should probably go back and fix this before you go live, this. Just makes sense so if your clients, are, going to be using something and the clients in this case are the counties and other registrar's, if. They would have been included in the testing regimen they would have found out and would have been able to articulate that this is broken long. Before we ever went down this road so representative. Howe thanks so much, represented, qualm I think, you met him chair and one. Of the things I enjoy about this. Section is the. Fact that in all the testimony. I've. Not heard a coherent, definition, of, alpha and beta testing, protocols. And. Every. Organization, I've been involved with has had a fairly, detailed so we could understand. The. Go no-go. You. Know general. Criteria, instead of just the details, and I think this adds a key component. To. You. Know if you're out and. No. Offense there there's government world and then there's what I call the real world and the real world. You. Don't. Do. Anything without. Having, the, input feedback, you. Know you're not going to release it unless the customer gives you that input feedback. And you, have an idea of of. What. Their take is on it and I think. This. Formalized, is something that I was. Part, of the standard operating procedure, but because.

It Wasn't visible. I think, multiple. People felt there was a need and I, support, their, opinion, on that and. Looking. At the bill the only thing that would maybe. Like is assurance, from, the author that we look at maybe having a charge code, specifically. For cybersecurity so. No matter what project, we. Have an idea of what expenses. Are being, tailored. To that and that will help us in the future when we're analyzing. What. We're spending on what's effective, and what's not. You, know just. You, know if there's an audit in the future but. I. Think this is government. Learning, how. To do. Things better after a, minor. Mishap. Thank, you. No. I I if, if, we can work that language in I'm, definitely. Open it to it but I'm not quite sure how to make. That happen so we'll have to have some discussions, to to, figure out exactly the. Verbage to try and do something like that, great. Closing. Comments, representative, how. Well. No, madam. Chair I'm uh I thank, you for this sport I thank you for the questions I look forward to working, with minute to try and come, up with some language that actually will identify. What we need to have happen to make this a successful, piece, of legislation appreciate. It with that I'm gonna renew my motion that house file 3447. Be laid over for possible inclusion in, the omnibus a government finance bill thank, you representing ha Thank You commissioner all. Right, I represent, an ash, we're. Gonna move represent. An ash moves. House. File, 2868. To. Be laid over possible inclusion in the omnibus state government finance bill represent, a national looks like you've got an amendment, yes, madam chair if we could move the a 1 to put it in the format I'd like Arizona, national, moves the a one amendment to, get the bill in the order that you would like all those in favor of the a one amendment please say aye those. Opposed the. Amendment is adopted to your bill as amended, everything, madam chair and members you've, heard me talk about cybersecurity a lot so I won't beat, the drum too much on. That but realistically. Every, day, in. The state of Minnesota millions of people do, business. That creates data. Here, at the state and. We, need to, do a better job of, taking care of that data. There. Are cyber attacks that happen from all over the world it's not just somebody, in his mom's basement. And away at a keyboard it is nation-states, it is professional, organizations. In other, countries, that are commercializing. The data that, reside here in. The databases, that we have in the state of Minnesota I am. Trying to apply a. Private. Sector real world to use representative, qualms words, approach.

To Cybersecurity, which. Is to, say that a percentage, now three and a half percent in a bill three, and a half percent of all spend, for. IT. That, is through minutes will, have a three, and a half percent peel, off to put, towards cybersecurity. What. This does is, it helps, keep, in. Check, the amount of growth of IT, with. The amount of IT, that is being secured and protected so, that, is the goal of the bill is to, provide an ongoing, long-term. Solution. To cybersecurity. Funding, and I wanted to thank chair Anderson for last year putting money into, the bill to. Do cybersecurity, funding, that didn't happen this, is a different solution to, the. Same need. Data. Grows we. Have more and more of it it's not going away we have to find a way to make this a reality, so there. Are some test fires that are going to be coming forward but, members. It. Is our responsibility, to be the caretakers, of the, data that resides, in the databases, that we have and each and every one of your constituents, and you yourself, are in those databases so I. Personally. Don't want to be the person that looks in, the eye of some of my constituents, and say well sorry, we we got it wrong because we didn't put money towards it but, I'm sure you'll be fine in 30, years after your identity, has been compromised, but have a great day so. With. That madam chair I, know there are there's at least one testifier, and. I will also be happy to take, questions great. So is it Aaron call that is going to be testifying mr.. Kaul can you join us please. Welcome. To the committee if you can please state your name for the record and who you represent, madam. Chair members my. Name is Aaron call I'm the state's chief, information security officer. First I'd like to thank representative Nash, for his effort to promote cybersecurity, investment, through house file, 2868. It recognizes. The need for increased, focus on cybersecurity, and, attempts to address the, challenge. By redirecting current IT spend, it. Is our mutual responsibility. To figure out how to address this issue before Minnesota. Finds. Itself in the news the next embarrassing. Victim, of an avoidable cyberattack, as the. State's chief information security officer. I'm responsible, for the security of our state's and citizens, information, and, I take that responsibility with.

Grave Seriousness. Narrowly. Viewed, this, bill would help equip the state security program, to be more effective against, this evolving threat, without. A commensurate, increase in, funding, this. Bill as drafted would, force minute partners to reallocate, budget, which is particularly, disruptive, mid biennium we. As. Minute, broadly, are concerned, about some agencies. Reallocating. From application, support and development, activities. Negatively. Impacting, the function, of some, of our applications, another. Option, could, be the delay of modernization. Projects, that in the long term, hinders. Our ability, to efficiently protect, the state, still. Others would be forced to cut corners in other areas of IT in order, to maintain the levels of service they, provide today while complying with the mandate nonetheless. I think we can find language that increases, security for Minnesotans, without putting other operations, at undue, risk again. Thank You representative Nash, I look forward to working with you on this bill and I'm optimistic that we can arrive at language that helps protect Minnesotans. Before. We move on is there anyone anyone else that wishes to testify to this bill. Represent. A few, thank. You madam chair and representative. Nash. Wondering. How if, this bill is, signed into law by the governor it might, help protect. The statewide voter registration. System the Secretary of State in his office and in. Protecting. The, the data in the statewide voter, registration, system. Madam. Chair in rips into the. Secretary, of State is not a minute, client they are a standalone, I do have another bill that appropriates, money for, cybersecurity, at the Secretary of State but I'm glad that you're thinking along those lines because. Again none of us want to be the person that that looks the voter in the eye and say hey your. Data, is now in. The hands of somebody else but this, focuses. The efforts solely on those. Who are minute. Clients. Or subscribers, and, to. Address mr. calls concern, about some, of the.

Existing. Projects, or potentially, scheduled projects, from, being deprived, of some, money and end it so that's a legitimate, concern but. If you remember what I said in my my, initial testimony we, don't want the. Growth of IT to, outstrip, us protecting. That. Information, that is in, those projects, and I would. Argue that we. Are currently, out stripping, the, protection, and that, is something that is. Deeply. Concerning to me I would hope it's all deep deeply, concerning for you as well it. Is something that we can fix and again. This is not a, revolutionary, idea this, is something that is being done in the private sector every single. Day that. The mandate. Is to not grow faster, than you can essentially, keep the wall around the castle you don't want to grow beyond the castle wall. Thank, you madam chair that's. Your hide you direct this to one on the fiscal note. Possibly. Somebody from minute but, I'm. Looking at the eighty-seven. Thousand dollar expenditure, that, would have to be done to implement, this and. My. Question, is why, aren't we doing this already you, know they're talking, about another eighty-seven thousand dollars to track. How much we're basically spending, on cybersecurity. And, analyze, it and my, thought is that we should be probably. Doing that already and if. We're not I don't, not sure why we need a fiscal note because maybe it should be implemented under the current budget mr.. Madam. Chair members. There. Is an, accounting, mechanism in place for. Tracking some. Cybersecurity spend, it, does not account for project-based. Spend, and other, things that would have to be accounted. For. As. Part, of this 5%, so as to maximize. Credits, so to speak to those agencies. Madam. Chair and to the testifier, I. Guess. My. Concern is cybersecurity, like everybody else and. If. We're not having a good, tracking system already that would. Give us these numbers then, maybe. We should be be doing that and I recognize that there might be some additional cost but I'm not so sure that that, should be a result of this bill it. Should, be done already and, that's. My basic question here is why, we're getting a fiscal know for something that should. Be there or is there and not maybe being properly. Enhanced. Madam. Chair members so. Today. Security, spend exists, in a number of different locations not, all of it is is controlled. Directly by. Findex. That I have, direct insight, into a great deal of it is being provided. Under. The, policies. And standards and direction, promulgated. From, my. Program but. Not. The, the budget is not. Tracked. As part of those controls. Thank. You madam chair and I guess probably. No use having more question and answer on this because something. I believe should be done but I would, suggest that maybe a minute look at, tracking. What we're doing on cybersecurity, whether, or not this bill is implemented, well. I think that actually if you look on page 7, in the last paragraph they.

Obviously Are tracking it because they state that 3%. Out, of state agencies, is for cybersecurity and they have that amount at 13, million so. They're already performing, the function, so I don't know why this would be something new. But. You raised a very good point representative. Vogel maybe we need an independent Legislative. Budget Office oh I, think you have a bill for that don't you. Representative. Lillie oh thank. You madam chair and thank you representative, Nash, I know. You're very. Earnest. On the security, thing yesterday I was on capital investment and you have that bill for capital security, and I think, it's a great bill and it's it's, great to be thinking about those things and important because it. Is a, changing, world so. Carrying, that same argument forward. I mean this really is a changing, world as we you know well no we had, Secretary, of State sitting where you were and saying that you, know our state's being you. Know preyed on or started. To be and there's, all sorts of new sorts of, different. Types of threats so. Just my, concern isn't, upping. The game and cyber security ever, it's just the, the way you're going about it and so, just kind of I know you're a sports. Guy but it's just kind of like you, know the twins may be saying, hey you know hey, I care about cybersecurity but, I I don't want to invest in it so it reminds me like the twins say they they. Want to win no we want to win but they're not gonna hire a pitcher, so you're. Not gonna up your game or I know you're like soccer and the, our, soccer, team just hired a new midfielder. You, know so that they can help their chances of winning so these are just examples but, I I'm. Not necessarily I mean I'm totally in favor you. Know what you're you, know, caring. About security, and we. All need every, one of us I mean these threats are real every, day on our phones, every, there's. Predators out there it's and, like you say it's not the old person. Sitting in a basement maybe, like. It used to be it's serious. Organized, threats, and the. Data that our state has and we had a great opportunity to, tour the revenue department but, they have you, know wealth of information and, they have real. Threats every day that, are going on over there but maybe. A better analogy, is I don't remember the movie Monty Python so, I think what you're doing is a little bit like that you're like you, know you're you're. Kind of making turning, the state into I'll fight you but, you know you're you're, cutting arms off and you're you, know so you're not really giving a fair the state, fair. Fight to. You. Know I just. Wish we'd fully. Fund things and then you, know so that the state and we'd. Have the property. Know so remember monty python where the movie. And and so. The guy is basically. Sitting there with no arms and legs and so, that's what, i feel like you're doing a little bit and i know that your sincere, that you care about these issues and you, know it's not some theater that you're playing but it's i, just.

Wish You'd help the state be, successful, that's all well. Madam chair. Just. A second is there anyone else that has questions otherwise, do. You want to respond to that i do i do madam, chair and. And representable. It's really more than a just a flesh wound. The. The. The entities. That buy, from, minute, should. Be participating, in, the acquisition. Of. Cybersecurity. Tools, that, are going to be deployed on their behalf so if you remember I talked, to the the, fact that chair Anderson put money in last year's budget, bill which, we put out there last. Year was a budgeting year this year is not so. Now we have to find a way to get the same tools but, we have fewer. Ways to get it done this, is a way that we can actually get it done this is a way that's being done in the real, world, and. It. Is it is largely, successful, and again remember, that. This. Is something that should, be happening and it's really not we've heard a number of instances. And I I think of mister call and before, him mister Busey as you. Know sometimes. Just barely holding, it all together and. We. Have to provide a better way to do that last. Year's bill didn't, work out the. Governor chose to, to reappropriation. ISM. That I have in front of me to do that so that's how we're going down that road. Representative. Thank. You madam chair and mine was a little bit along the lines of representative, lilies and you're just hitting on some of it too is last year was a budget year we, underfunded, our state agency, requests. This, year were midstream, in a biennium, or we're asking them to take, money away from something, to go into cybersecurity, which we all agree I mean there's no disagreement. On the, spirit of what is happening, but, I feel like the timing of asking, our agencies after last year a budget year we. Heard, them in multiple, ways talked about issues related, to this, we didn't heed the request to fully fund their, their, request now we're at a point mid biennium, where we're not in a budget year asking. Them to change their budgets and and. Doing, it in a way we were not providing, funding when it is we. Do sit in a surplus so so, I also just share concerns if we're serious about cybersecurity. And. I think what you're getting at here is good and I agree, we need to do it but just the spirit of a mid biennium, change without any funding makes. It really difficult to hear that we're taking it as serious as we need to. Madam. Chair and represented Olson I want, to go back again to talk about the fact that we did put, money in the, bill last year for cyber tools we did it was 26 million dollars we, put it in the bill and we. Got it off the floor we took it to conference committee and. Commissioner. Fran's negotiated. It away at the governor's direction. And, I spoke to Commissioner, then Busey, and he said, 26 million would have been a fantastic, amount, of money to. Come. Up with cyber, tools so, I. Understand. But. We didn't under fund this last, year we, provided a very. Ample amount of money for, cyber, tools so, I. Understand. Your concern but. This, effective, date is July. Of 18. You. Know so most. Of the projects are probably under way this is gonna have a bigger, effect for projects, moving forward but. We have got to do this and we, had a solution last time that, got a negotiated, away at the governor's request so thank, you ma'am sure. Well. I appreciate representative. Nash bringing. This issue, forward, because, when I look, at how we handle. Issues, that are that important. Mr.. Kaul did you care to comment, madam. Chair I just wanted to follow up on the the, explanation, I apologize of my explanation, about that that. 87,000. Was inadequate I, do, think that we we've, got, it explained, on page 7 of the fiscal note. And I'm happy to take any follow-up, questions as, to how we arrived at that or why why we believe that the added complexity, warrants, another, F to you thank, you so. Before. We move on from this bill I just want to applaud you represent, an ash for bringing this forward. I am, surprised actually that we have to put this in legislation, because. I would assume that if you're viewing, cybersecurity. As, a number one priority for the agency that, that would be part of how they budget and how they manage projects, going forward I know, that any entity, out there that has this they look at their top priorities, what do we need to do and and.

What Would we like to do and cybersecurity. Obviously, is a need to do item and and. Yet we don't have to do that so I apologize. That you have to go through the gymnastics. Of putting this bill forward because you would assume that this would be part of the budgeting anyway. Especially. When you know it was okay to use two and a half million for you know new. Office, space but, not cybersecurity, so, I applaud your efforts and and with that represented, Nash renews his motion that house file 2868. Be, laid over for possible inclusion and the arms of a state government finance bill as. Amended. And. Represented. An ash you want to move house file. 3570. Yes madam chair I'd like to move 3570. Before the committee and I do have, an author's amendment if we could also move that. Represent. An ash moves a one amendment, to get the bill and ordered it up that the author wishes all those in favor of the a one amendment please say aye those. Opposed the, amendment is adopted represent, an ash to your bill as amended thank you madam chair this. Bill. Essentially. Says that if a an enterprise. Software project. Is going to be undertaken, and it, will be. There. Will be more software projects, in the state of Minnesota it is the nature of IT there's, going to be more i. Would, hope and this, is directed, towards the commissioner i hope it would get away from putting min before some of our new software initiatives, because you know bad taste in your mouth, but. We're, gonna do more software and what. This bill says is, that moving forward if we're going to do an enterprise, software project. That we should go to and we, should look for a way to buy. Versus, build because as we. Have seen in recent history. Some. Software. Hasn't really gone all that well and we. Don't need to beat the drum on the names because. You know them all and there, was a there, was one just last week that the Commissioner prevented, from going live but again, it's, an excellent example of the fact that we need to look, to the private. Sector to somebody. Who has perhaps already built something that can be sold to all 50 states and the various, territories. That have their own operating, software's it, is an important, issue for. I think Minnesotans, and that, if we can put up some guardrails, to. Afford. Minnesotans. Some confidence, that we are looking, at, whatever. Future software project, it is that. We're going to go out and look and see if some enterprising. Company. Has, built something that can be customized, to the point that, it will meet some of the specific needs that Minnesota is inevitably going to have because all states will do something somewhat, differently, it's. Not a revolutionary. Idea but. Again I find, myself putting a non revolutionary, idea in a bill and, madam. Chair here we are. Ok. Is there anyone else, Commissioner do you wish to testify on this bill. Like. We're getting to be old friends welcome. To the committee if you please state your name for the record and who you represent, madam. Chair members my name is Joanna Clybourn I'm the Commissioner of Minnesota information, technology, services. House. File, 3570. Would mandate that a funding for an information, technology, project, is made to an agency other than minute the, IT system, must be developed designed and built through a vendor contract. Members. Should be aware that despite. The passage, of the IT, consolidation. Law IT, project. Appropriations. Have. Not been made to minute in fact, they continue, to be made to the agency, that will be served. By the resulting, IT system. This. Approach was taken because federal. Funding, restricts. That, certain, funds remain under the control and, direction of the relevant agency, commissioner, for. Example, federal, restrictions on. Game and fish funds requires. Fleiss ins funds to be managed by the agency, overseeing, the game and fish programs, and license. Revenue in our state the DNR. Appropriating. Information technology, funds, to, minute directly, would actually, risk a federal, finding, of diversion. Of M. DNR. Funds. As well as Dena are losing, the management, control of those funds, when. The legislature. Does appropriation. Funds to an agency, for an IT project minutes. Staff work, with our agency, partners to assess the best method, for cost, effective. Successful and timely completion of the project this, is often referred to as a build or by analysis. We, help evaluate what projects, products. Are available on, the commercial market we, reach out to other states, to talk to with, them about what they've been doing what, has worked well what, have they used, in. Many cases this will result in an RFP, or request for, proposals. To identify, a commercial, off-the-shelf product. That, can be implemented, or customized, to meet an agency's, needs makes, sense right I mean why would I build something that's already in existence.

In, Many, cases, this assessment makes it clear that. Whether. It's easier to buy, that and adjust if needed or do. We need to make the assessment that the state staff can actually do the cost the production, cost more quickly and more effectively to complete that project, this, is especially the case when, it relates to projects. To, make changes, in either existing. Or enhancing. Legacy, systems, so, for example, when the legislature. Mandates program, changes, or. Necesitas. IT work, state. Staff I have years of experience operating. Maintaining. Enhancing, these legacy, systems, and are often much better, positioned. To complete projects that impact existing. Systems. Requiring. These projects, we put out for bid would increase the overall cost and length of implementation, timelines, additional. Time and expenses, would be required to accommodate, the RFP, process and. Procurement, there. Would be additional time, and expense required to train acclimate. Vendor staff to the state's legacy, systems, which, in many cases as we know are decades decades, old if. The legislature, were to change historic, practice and appropriate, dollars directly, to minute for IT projects. When, they are to be completed in house then. A builder, by analysis, would have to be completed before the final passage of any bill that, requires IT project, work, this. Would make it necessary, to determine whether an appropriation. Should be made to the agency, or to minute, it. Is hard to see how such an analysis, could be completed, in the midst of a fluid legislative, session, where legislation, is continuously, changing as, it moves through the committee process and, in. Cases where an internal, build is preferable. We, are concerned about the impact of federal funding, if the appropriation. Is made to minute directly, as this bill would require. We. Plan to work with the author to better understand. The intent of the mechanism. That is envisioned, by a House final, 3570. And address the, state agency concerns. We. Fully I fully. Recognize. The. Legislators. Frustration. With. The troubled rollout arm in large systems and other IT projects. That the state has faced in recent years but. It's important, to recognize there's no silver bullet for ensuring IT project, success and by, the way the. Two main problems that we've had in the past were. In fact let, out for contract, bid and handled, commercially. Initially. Failures. And major challenges, that have occurred when projects, are out sourced. Occur. Just as much as when they are internally. Handled, each. Project, must be treated differently, and it's, important, that the same statute, provides the flexibility, needed to, craft the most effect approach in each, case as directed. By the legislature. Or the agency's, needs thank. You. All. Right. Thank, You commissioner. Is there anyone else that wishes to testify to this bill. Welcome. To the committee if you can please state your name for the record and who you represent. Good. Afternoon again I'm Alice Roberts Davis assistant, commissioner Department, of Administration madam. Chair and members again, I'd like to respectfully, request, that we that. The chair request, a fiscal, note on this bill, thank. You is there. Anyone else that wishes to testify to this bill. All. Right members questions. Representative. Lee. Thank. You madam chair and I represent -. Again. I'm you. Know I'm I'm not a programmer, any. Of those sort of things but I I happen. To have one at home and. So. I here every day and she works with healthcare. Systems and she's, a programmer, every day she's programming. And tweaking. Software. So. Are you saying that, we could we, could just pick up software, and then. Never have. I. Mean. I just can't I.

Mean. This is horrible what's happened when we get it everybody is. In full agreement, where. We're at but you, know every day we've got these folks here and it, just it's. Just I don't know how they're gonna get how, is it gonna get better you. Know that's really not related to my question but it's like at, some point we got to let these people go do their job so that's that's, one point but the and. I know you get that I know, you do because you have come from the private sector and you would not want your staff sitting in these meetings but. I don't, know how. So. You you. Think that private sector we're. Gonna be able to pick up some free software what's. That website I came over what it is my son had me do it once I downloaded a free software, like. An Adobe. Photoshop. Kind of thing and. You. Know I don't know pro source or what's that called I can't remember but anyways I loaded, a program, but. It didn't work as well as the, and, I. Just. So, you don't you think we're gonna be all just because it goes private, that there won't be any problems, we'll, just be able to come. Up with a better system. Well. We're absolutely, madam. Chair there won't be problem lily okay the. Couple. Things one. I'm. Obviously. Talking, about spending. Money on software, programs, so no we're not gonna be using freeware. So. That's, not my intent, my, intent is much, like. We. Changed. Gears late last year to go with a private, vendor to handle the Real ID piece, that's. Kind. Of the conversation that we should be having and if. You'll all look on, line. 1.3, and mister gearing may want to weigh in on this it says unless, money is expressly, appropriated. So, there isn't there's a mechanism to. Handle. This this deep concern, that seems to be being. Shared with us is that, there is a way that, if we're if, it's brought to our attention that there's no private, vendor or there's, another way there's another pot of money we can expressly. Appropriate. Money so. It's. Not like we're holding a gun to their head and saying you always have to go out what, we're saying is you got to go out and look because. Much like fast, enterprises, exist and they built this so that it could be sold to all 50 states they've. Done the work they have done the heavy lifting and you can't sell a piece of software necessarily, unless it works and there, will be bugs with that piece of software as well but, when you enter a contract, relationship. You. Entered, in that relationship, assuming. That if things go badly it's, on them. There, will be some internal costs but it's on them, to fix it so, you, know I'm not I'm not advocating. That we download things off of the internet for, free. But. What, I'm saying is that there is a, step. That we should be taking so, that you can look at your constituents, in the eye and, say we. Did this with. More. Transparency. We did this at a higher, level of accountability and, that we. Afford. An opportunity. For express. Appropriation, to happen if we find out there's just nothing else that exists out there so, again. And the Commissioner is gonna say again that we went down the road of private. Private. Relationships, with HP, or whoever I don't, know what went wrong because we can't get at that information but. It's. There there's a there's a non-disclosure that happened with HP, from back in the day so I don't know you don't know the Commissioner knows because she has access to that but I don't. But. We. Should, be able to very. Easily go, out to bid just like. We do in the real world and say, if it exists great if it doesn't well then we have to come back to the legislature and say we, need money because we'll. Have to do this internally because it's something that's so unique to. Us that. Then we have to do it internally. Thank. You madam chair and represent, a shake I appreciate. The dialogue I just I, just. Think. You're I. Mean. Just to be totally clear I mean this this, whole thing is bad and we we, all understand. That. But. I don't know that you know this is a little bit of Monday. Morning Quarterback, and. But. You. Know this these, tweaks on computer, systems I know you know this continually. In the private sector need. You. Know it's not the silver, bullet all the time I mean, I could go through a list of companies. That have just had. Epic, problems.

You, Know in the news I mean I, don't, know if you're sitting on your 4-inch pad over there like. Mr. Facebook, was yesterday, you don't eat it you're pretty tall but. Oh. The. Owner of Facebook at Congress, was, anyways. It's a not. That funny I guess. But. No I know, that you're very bright and that you know that there's problems, in the in. The private sector so we all want we. Want you, know people to get their tabs and they're you know we we all want that it's it's it's a horrible situation and, we but. I'm. Not sure that the private sector is always, the silver bullet answer and I mean, I wish it I wish it was actually, if that's the case or I wish our you know that we didn't have that, we were at, where we're at so. I'm. Not sure that your bill is totally the answer but, please at some point let you know this whole committee please let our, let. Our team go out and and go, do the work I mean and and let. Them I mean I'm imagining they're doing these same meetings in the Senate and I. Can't, I don't know we've we, were all in a long meeting yesterday we're in one today I would imagine it got preparation, and then, I, don't. Know how you would you, know as a business owner in this industry I mean, you yourself, especially must, you. There's no way you would want your team here day after day after day, doing. This and and. And, we, know it's bad so I just not sure that you're. Really. Solving it maybe these are meetings that we could do during the off session, and of, course I mean they can't pass anything so no that's right but. I don't, know it's more of a statement than a question but. Thank. You madam chair and. Representative. Nash you just touched on this a little bit it was something I was thinking about what the House bill as well if. We're contracting, with private, vendors and the accountability is in the contract, that the state agency makes, with a private vendor, how, do we ensure that we can have the kind of oversight and clarity that we need I mean again we bring our state agencies, in front of us and, we. Ask all the questions we, give them strict, guardrails, we have that ability to do that here in this committee in other settings how. Do you see that being. Able to how can we have that accountability, with. The private, sector. And the vendors I mean, is it still going to be through to you I mean you've said it with HP, contract, they had we. Weren't able to do that like how are we going to ensure that we can have, the accountability, we need from the private sector because, they did still state funding, so. It's our state money going, through you. Know the contracts, usually go through the Department of Administration they. Contract, out with vendors. That's. A far removal, then from the accountability, and the money and if. We're going to hold our state agencies, to this level, of scrutiny and in, my mind a little bit of a barrage at times how, are we going to be able to do that to private vendors with with the bill that you have in front us. Well. Thank you madam chair and represent of ulsan I'm. Not, eliminating. Minute. We'll still have a commissioner, we'll, still have people who enforce, contracts, we'll still have people who are responsible, for those contracts, we'll, still have people at minute who are responsible for the specifics, of those contracts, and I'm, not, advocating, for, us, to do that God. Knows I didn't come here to mirror, that which I do in my private world every day but. We find ourselves at, a, crossroads, where, we have to make a decision because. We are the only ones and, we've had this conversation before you and I in committee we are the only ones that appropriate, money we are the only ones that set direction for the agencies we are the only ones who put up those guardrails, we. Do that that's what we are sent here to do so.

We Are asked, by the people who we work for in all, of your districts to say go, fix this and. I'm not trying to be punitive, the. Commissioner may feel like is punitive sometimes, but I'm not trying to be punitive what. I'm trying to do is say there is a better, way to. Acquire, software. And if there isn't a piece of software I have afford for that unless it's you, know and there's, nothing out there we, can appropriate money for that so. I would encourage us to do this bill I have another bill out there that still didn't get we didn't get it done but there is a. Hopefully. A committee, that could just be all IT that. Would be exciting stuff well maybe for just me but. We. Set the direction representative. Olson that's what, we're here to do not, to micromanage this is setting direction and. I'm. Not trying, to be. There alongside of them when they're making purchases. Because that's not my job my. Job and, your job and, all of our jobs is to appropriate the money and set the guidelines by which it's spent. And. I agree I actually hear you what you're saying there so, then my question is how in your bill and what you're proposing do. We have that accountability. What. Will you know how can we ensure that accountability. With the private vendors are. You expecting, certain ways that contracts, will be written so that we have the accountability if we needed to bring in a private vendor like, how does that accountability, to the money we spending you're right we can appropriate, money to the agencies, that then can contract with the vendors but, could you speak to how how, we can have that. Level of accountability, with. The private sector that we do have with our state agencies, when we do this. Madam. Chair I'm gonna phone a friend or mr., Goering mr. Goering simple, question when, we enter a contract, with a private vendor we, like, all contracts, the state builds, in to, those contracts, ways that we can make sure that performance, is actually carried out the, correct. I'm. Sure -. Correct. Correct. Didn't I hear that but then you said with the HP contract, that didn't happen. Well. Madam chair and represent Wilson I don't know that it did I don't know that it didn't because we're, not allowed to read. What, happened there that, has a non-disclosure. We. Don't know what happened. Thank, you madam chair and I think that's the point of what I'm making the, the accountability. With, the private, if we're gonna go through our state agencies, and we have a level of scrutiny and the ability to talk to them you know I'm just worried that if we, have. The level of accountability through our state agencies, with our vendors that the, level of scrutiny and the level of accountability and the guardrails we set up we, have a little less control over that with, the way the money is spent going into a private sector so, that's the only point because. We don't set those contracts, you know it's up to the state agencies, to design what that looks like in those methods of accountability, so, I just want to make sure the, point being if we're gonna move away from spending.

In Our state agencies, and be, able to give money to private sector to do work that the state used to do I want, to make sure that we're being good stewards of those resources. I. Have. A question so Commissioner Clybourn when. When. You, when. You enter into contracts, with state, vendors, because you do it on a regular basis, this is not something, new that the agency. So. If you. Have a contractor. That fails, to perform, are. You able to recoup, money. Other, amenities. I assume that's part of the contracts, that you make with them is that part that are you able to recoup the loss, Madame, chair members yes. Contracts. Half performance contract. Requirements. In there and a, failure to perform and, those are usually specified, it often comes down to the. Vendor indicating. That performance. Was. Met, the. Person. Or the agency, saying, we don't believe that the level of performance was met usually. What happens there's. Some sort of mediation, that occurs, and we kind of reach a meeting, of the minds given, potentially, the cost it might take to take the matter to litigation, in a court setting for example. That. Failed to perform what, happens, are. You able to recoup the loss from. Madam. Chair members are you asking if I can assign. Cooky a value, or money take money from employees if they fail to perform. Because. I mean if you're looking at a vendor. Contractor. Obviously. If they fail to perform they don't follow the performance, measures that were outlined in the contract, because, you have a contract that outlines all of it right, but. You don't necessarily, have a contract, that outlines, performance, measures for the. Employees, of minute, and. So, I'm assuming that you wouldn't be able to recoup, or claw back any of of that. From those that are actually, internal. Employees. Is that correct madam. Chair members depending. On what the issue of non performances. I can terminate employment, I can demote I can do lots of different things. After. Appropriate due process, an investigation, of the issue but, I cannot, I'm not aware of a methodology, that allows me unlike the military to dock salary, from someone who, is who's failed to meet whatever, the the ethical. Or or standard. Of care is required, right. And so, in. This last situation. With min Lars, you. Have one person, that you terminated, out of all of those that were responsible, for it right so. As far as recouping, of the loss there wasn't anything that actually to. Protect the state there was no guard whales around it because, you were having it done internally, is that correct. Madam. Chair members. Couldn't. Fire anyone else they were all gone. So. The. Reality is is once. Once. We had the information, and improve the appropriate, amount of due process was taking I terminated, the, remaining person, on the project, not, because, of. Any. Other reason than their performance, met failed, to meet what I believe to be the standard of care in that project. Representing. Ash I appreciate, this component, in particular, because it does give the state. Greater. Protection. If you will when something bad like new Mars happens, or, mnsure. Or, any of the other hosts, they have projects, that you can point to so I appreciate you doing that I've got representative, Fenton and then representative, oh thank, you very much and I've represented Nash, and representative. Olson I did, want to point out that there, is accountability and. I think. The. Members, of this committee I think, participated. And saw that accountability, when. We. Had the Minnesota sports, facility, Authority in here as well, as they. Use outside vendors, for security, and other issues we. Had their vendors in here, also. So there. Is the mechanism for, accountability, when, we use outside. Vendors. Thank. You madam chair and representative, Nash, I I think, this is a this, is a good bill and and I. I think as, time goes by it's gonna probably, evolve and everything else but, if.

You If you were someone. That was watching TV right now or are you somebody out on the street and you ask. Somebody, who's. Gonna do a better job government. Or the private sector, I think we all know who's what, the answer is going to be and. And. Because. Of the, fact if we go outside with, independent. Vendors and everything else, noncom. Non-performance. Equals, losses, or bankruptcy, in the private sector it. Doesn't, happen in the public sector that way, we. Just, appropriate. More money and. Things like that the. Real, key to this, proposal. Here, is, for the administration. To write RFPs. That are, going to be good that are going to set the parameters out that are going to provide for. Penalties. For non performance. And it's, easy to do that in a contract, in an RFP. Much, easier than what Commissioner, Claiborne has been struggling with, over. The last couple. Of months she's been here so. You. Know I like, the idea that. We. Can quantify the. Value of these private, contracts. With. The with, the with the costs, and we. Can hold the the. Private contractors, feet to the fire there's performance. The. Performance. Deadlines. And other, things like that and, in. The public sector those, performance, deadlines. Keep, slipping, backwards, but. In the private, sector we're. Gonna we're gonna see that they they have to perform that way so I. Think. I think it I think it's a very good bill I think it's a good answer to this. It'll. Definitely downsize. Minute. There's no question about that but minute we'll still have a very valuable, function. For. The for the state of Minnesota, and what. We've been doing isn't, working. It's. Just not working and it's, not just, minute. Here and min, Lars it's it's. Many other systems too so and we do have the out I mean, I probably wouldn't vote for this bill unless. Representative. Nash has the. 1.15. Line, there section, B. Unless. Money is expressly appropriated. By the state chief. Information officer, I, think, that I think that we're, on the right track here and I certainly. Appreciate what, you're doing and I can see where we. Might have some light at the end of the tunnel. Thank. You madam chair I I think there was a question, or the Commissioner was going to respond to something I would just want to make sure if she had the chance to do that if she needed to before we wrap up. I'm. Chair members I, respectfully. Disagree, that, this. Is a good idea this. Actually gets to an effective backdoor, to decentralization. Is what it really does, there. Is no, corporation. That I'm aware of that, would, dictate its, internal. IT shop. Could. Not look at building, and it had to do everything, outhouse. In order. To manage their IT projects. I'm. Not aware of any, corporation. That would dictate that specifically. Additionally. If, this. Bill passes the, way it is. We're. Gonna have some issues with the appropriation. For example, of State dollars if, you appropriates, state dollars to my agency, the, ability if it's a program that has a federal match a federal dollar match would. Not be able to occur. Lastly. When. You look at B specifically. This isn't just about software. Now I get that I've got some legal training background but I like to parse statutes, for fun sometimes and, when I parse this statute, and, I read it it specifically. Says all. State. Information. And.

Technology. Munication, x'. Projects. Must, be, developed designed. And built through vendor contract. So. You. Need update. Can't. Do it, you. Need a piece. Of phone quipment that we might have that you need a small project on the way I read this I'll read the amendment in one moment can't, do it. So. 11.15. Right. I'm so I'm looking at that all enterprise, software projects, must either be purchased, or built through a vendor contract, again. The. Original bill prior to amendment. Indicates. That that's the case when, I look at this amendment, it still puts it into the software, piece no, matter what, it is that you were asking, or wanting to do we're gonna have the match problem, and you're, not giving me an opportunity to work with the agency determine. If a builder buy which is what we already do is the. Appropriate, solution. Thank. You. I. Thank. Madam chair to the Commissioner. After. Going through the report yesterday and, reading. That I'm. Wondering. When, you talk about corporate, America, corporate. America, you have a diligent you you have, a responsibility, as. A CEO as, it. As the board of directors to take, care of the shareholders. My. Sense is that we haven't taken care of the shareholders, here the shareholders, are our taxpayers, we. Spent a hundred million dollars and haven't. Delivered a product so. To compare. What. Minute has done relative, to min Lars to. The corporate. World, where. People, would, be fired, their, bra probably, would be clawbacks, if you, wasted one hundred million dollars I think. Is unfair so. The. Other part of this is that. Reading. That through I didn't. See much diligence, in the RFP now. If you're writing an RFP. And putting it out the private industry you're. Writing standards, you're you've, got to some extent you've got what you need which, is two opposing forces you. Wanting to work done as as efficiently. And as inexpensively, as possible the. Fender over here trying to make money you've. Got those two competing, things that make for a good product I didn't, see any of that in here what, I saw was, an agency that was trying to build this thing themselves. Fired. The firm. Halfway, through because of communication or, whatever so I think. It's really unfair to, compare. This to corporate America in a number of ways and this. Idea of not, mandating. RFP. To me is. It. Just doesn't fit because if you would have done a good of RFP, on this wall project upfront I don't. Think we'd be where we are today. Madam. Chair members that's, simply not true, we've, already did that we've already delivered over, a billion, dollars in revenue on this system the. RFP, the original, contract, that was let was actually left before minute even existed, so. I understand. That piece but but remember, were there's, a time warp I can't go back to and, there, was a contractor. And it wasn't just a matter of they. Didn't. Meet some timelines, there were serious, issues, with the code there, were serious problems along the way that. Report actually is available to the legislature, as I understand, it there is a non-disparagement. Requirements. Within that contract which means we can't say anything bad right. But the report itself in the findings on that contract, are certainly available to the legislature, and I would have presumed the part of the, audit, previously, done would have included. Some. Of the findings of the HP contract, as well but. It is true that in corporate, America, there are projects.

There Failed, there are IT things, that do not go out the, way they're supposed to am i excusing, what has occurred with Mendler's absolutely. Not I would not be sitting here if I. Thought that there was some, reason, I could say oh it's not a big deal it is a big deal it's. A big deal because I'm a taxpayer, and for some of you you are my, legislators. And so, with that said I expect, my legislative, body to hold be held accountable as well as, holding me as the commissioner minute accountable, but. At the same time you've got to give me an opportunity my agency, to succeed, and. This. Is basically another way to get to decentralization. And no, ability of something we already do which is build and buy if we're worried about contracting. Let's look at the contracting, process and what we need to have in there but there's some options to look at I don't believe this is the vehicle that gets you the accountability, that you're looking for. Thank. You madam chair into the Commissioner I. Get. And. I know I look at things simply, sometimes from a business perspective but, in this case we, are the Board of Directors we are the ones that represent the shareholders, who are the taxpayers here it, isn't, going right and. My. Feeling is that we have to do something and what. We have to do is put some controls on this ourselves unfortunately. And it, may be a little. More invasive than it and it, may be in a in a regular situation but. Again, I go back to if. There would have been a more competitive RFP. Process from, the very start of this I don't. Think we'd be where we are today and we. Can argue the technicalities. Of that but, the bottom line is the specs were set, somewhat. Subjectively, as I read this through and therefore, the people didn't know where they were going they didn't produce so I'm not, looking for an argument but I don't think, it's fair to blame corporate, America, by saying that they screw up just as bad because if they do their. Shareholders, take it but, then they, also get claw backs at the personal level which. We don't have here so I'm, not going to get into an argument but I really, believe that it's, not fair

2018-04-14

Show video