North Carolina General Statutes
Article 15 - Department of Information Technology.
§ 143B-1376 - Statewide security and privacy standards.

143B-1376. Statewide security and privacy standards.
(a) The State CIO shall be responsible for the security and privacy of all State information technology systems and associated data. The State CIO shall manage all executive branch information technology security and shall establish a statewide standard for information technology security and privacy to maximize the functionality, security, and interoperability of the State's distributed information technology assets, including, but not limited to, data classification and management, communications, and encryption technologies. The State CIO shall review and revise the security standards annually. As part of this function, the State CIO shall review periodically existing security and privacy standards and practices in place among the various State agencies to determine whether those standards and practices meet statewide security, privacy, and encryption requirements. The State CIO shall ensure that State agencies are periodically testing and evaluating information security controls and techniques for effective implementation and that all agency and contracted personnel are held accountable for complying with the statewide information security program. The State CIO may assume the direct responsibility of providing for the information technology security of any State agency that fails to adhere to security and privacy standards adopted under this Article.
(b) The State CIO shall establish standards for the management and safeguarding of all State data held by State agencies and private entities and shall develop and implement a process to monitor and ensure adherence to the established standards. The State CIO shall establish and enforce standards for the protection of State data. The State CIO shall develop and maintain an inventory of where State data is stored. For data maintained by non-State entities, the State CIO shall document the reasons for the use of the non-State entity and certify, in writing, that the use of the non-State entity is the best course of action. The State CIO shall ensure that State data held by non-State entities is properly protected and is held in facilities that meet State security standards. By October 1 each year, the State CIO shall certify in writing that data held in non-State facilities is being maintained in accordance with State information technology security standards and shall provide a copy of this certification to the Joint Legislative Oversight Committee on Information Technology and the Fiscal Research Division.
(c) Before a State agency can contract for the storage, maintenance, or use of State data by a private vendor, the agency shall obtain the approval of the State CIO.
(d) With the approval of the State CIO, enterprise-level system owners may share data between their secure systems and other enterprise-level secure systems to maximize State government's effectiveness and productivity, unless sharing the data is expressly prohibited by State or federal law. Sharing of data under this subsection shall include the transfer of PII or other potentially sensitive data only when appropriate safeguards are in place for both the transfer of the data and storage of the data in the receiving system and when consistent with the Statewide Information Security Policy. For purposes of this subsection, the term "owner" means a State agency having both (i) possession or control of data with the ability to access, create, modify, transfer, or remove data and (ii) authority to assign access privileges to others. (2015-241, s. 7A.2(b); 2019-200, s. 6(f); 2021-180, s. 25.2(a).)

<< Previous
Next >>

Structure North Carolina General Statutes

North Carolina General Statutes

Chapter 143B - Executive Organization Act of 1973

Article 15 - Department of Information Technology.

§ 143B-1320 - Definitions; scope; exemptions.

§ 143B-1321 - Powers and duties of the Department; cost-sharing with exempt entities.

§ 143B-1322 - State CIO duties; Departmental personnel and administration.

§ 143B-1323 - Departmental organization; divisions and units; education community of practice.

§ 143B-1324 - State agency information technology management; deviations for State agencies.

§ 143B-1325 - State information technology consolidated under Department of Information Technology.

§ 143B-1330 - Planning and financing State information technology resources.

§ 143B-1331 - Business continuity planning.

§ 143B-1332 - Information Technology Fund.

§ 143B-1333 - Internal Service Fund.

§ 143B-1335 - Financial reporting and accountability for information technology investments and expenditures.

§ 143B-1336 - Information technology human resources.

§ 143B-1337 - Information Technology Strategy Board.

§ 143B-1340 - Project management.

§ 143B-1341 - Project management standards.

§ 143B-1342 - Dispute resolution.

§ 143B-1343 - Standardization.

§ 143B-1344 - Legacy applications.

§ 143B-1350 - Procurement of information technology.

§ 143B-1351 - Restriction on State agency contractual authority with regard to information technology.

§ 143B-1352 - Unauthorized use of public purchase or contract procedures for private benefit prohibited.

§ 143B-1353 - Financial interest of officers in sources of supply; acceptance of bribes; gifts and favors regulated.

§ 143B-1354 - Certification that information technology bid submitted without collusion.

§ 143B-1355 - Award review.

§ 143B-1356 - Multiyear contracts; Attorney General assistance.

§ 143B-1357 - Purchase of certain computer equipment and televisions by State agencies and governmental entities prohibited.

§ 143B-1358 - Refurbished computer equipment purchasing program.

§ 143B-1359 - Configuration and specification requirements same as for new computers.

§ 143B-1360 - Data on reliability and other issues; report.

§ 143B-1361 - Information technology procurement policy; reporting requirements.

§ 143B-1362 - Personal services contracts subject to Article.

§ 143B-1365 - Data centers.

§ 143B-1370 - Communications services.

§ 143B-1371 - Communications services for local governmental entities and other entities.

§ 143B-1372 - Statewide electronic web presence; annual report.

§ 143B-1373 - Growing Rural Economies with Access to Technology (GREAT) program.

§ 143B-1373.1 - Completing Access to Broadband program.

§ 143B-1373.2 - G.R.E.A.Tprogram fixed wireless and satellite broadband grants.

§ 143B-1373.3 - Wireless broadband grants.

§ 143B-1374 - Satellite-Based Broadband Grant Program.

§ 143B-1375 - Security.

§ 143B-1376 - Statewide security and privacy standards.

§ 143B-1377 - State CIO approval of security standards and risk assessments.

§ 143B-1378 - Assessment of agency compliance with cybersecurity standards.

§ 143B-1379 - State agency cooperation and training; liaisons; county and municipal government reporting.

§ 143B-1385 - Government Data Analytics Center.

§ 143B-1390 - through 143B-1394Recodified as Part 8 of Article 13 of Chapter 143B, G.S143B-1203 through 143B-1207, by Session Laws 2021-180, s19A.7A(b), effective January 1, 2022.

§ 143B-1391 - 143B-1390 through 143B-1394Recodified as Part 8 of Article 13 of Chapter 143B, G.S143B-1203 through 143B-1207, by Session Laws 2021-180, s19A.7A(b), effective January 1, 2022.

§ 143B-1392 - 143B-1390 through 143B-1394Recodified as Part 8 of Article 13 of Chapter 143B, G.S143B-1203 through 143B-1207, by Session Laws 2021-180, s19A.7A(b), effective January 1, 2022.

§ 143B-1393 - 143B-1390 through 143B-1394Recodified as Part 8 of Article 13 of Chapter 143B, G.S143B-1203 through 143B-1207, by Session Laws 2021-180, s19A.7A(b), effective January 1, 2022.

§ 143B-1394 - 143B-1390 through Recodified as Part 8 of Article 13 of Chapter 143B, G.S143B-1203 through 143B-1207, by Session Laws 2021-180, s19A.7A(b), effective January 1, 2022.

§ 143B-1400 - Definitions.

§ 143B-1401 - 911 Board.

§ 143B-1402 - Powers and duties of the 911 Board.

§ 143B-1403 - Service charge for 911 service.

§ 143B-1404 - 911 Fund.

§ 143B-1405 - Fund distribution to CMRS providers.

§ 143B-1406 - Fund distribution to PSAPs.

§ 143B-1407 - PSAP Grant and Statewide 911 Projects Account; Next Generation 911 Reserve Fund.

§ 143B-1408 - Recovery of unauthorized use of funds.

§ 143B-1409 - Conditions for providing enhanced 911 service.

§ 143B-1410 - Audit.

§ 143B-1411 - Subscriber records.

§ 143B-1412 - Proprietary information.

§ 143B-1413 - Limitation of liability.

§ 143B-1414 - Service charge for prepaid wireless telecommunications service; seller collects 911 service charge on each retail transaction occurring in this State; remittances to Department of Revenue and transfer to 911 Fund.

§ 143B-1415 - Limitation of liability, prepaid wireless.

§ 143B-1416 - Exclusivity of 911 service charge for prepaid wireless telecommunications service.

§ 143B-1420 - Council established; role of the Center for Geographic Information and Analysis.

§ 143B-1421 - Council membership; organization.

§ 143B-1422 - Compensation and expenses of Council members; travel reimbursements.