§ 147-33.84. Deviations authorized for Department of Revenue; agency requests for deviations.
§ 147‑33.84. Deviationsauthorized for Department of Revenue; agency requests for deviations.
(a) The Department ofRevenue is authorized to deviate from any provision in G.S. 147‑33.83(a)that requires departments or agencies to consolidate information processingfunctions on equipment owned, controlled, or under custody of the Office ofInformation Technology Services. All deviations by the Department of Revenuepursuant to this section shall be reported in writing within 15 days by theDepartment of Revenue to the State CIO and shall be consistent with availablefunding. Any State agency may apply in writing to the State CIO for authorityto deviate. If granted, any deviation shall be consistent with availablefunding and shall be subject to such terms and conditions as may be specifiedby the State CIO. If the agency's request for deviation is denied by the StateCIO, the agency may request a review of the decision pursuant to G.S. 147‑33.72D.
(b) The Department ofRevenue is authorized to adopt and shall adopt plans, policies, procedures,requirements, and rules for the acquisition, management, and use of informationprocessing equipment, information processing programs, data communicationscapabilities, and information systems personnel in the Department of Revenue.If the plans, policies, procedures, requirements, rules, or standards adoptedby the Department of Revenue deviate from the policies, procedures, orguidelines adopted by the Office of Information Technology Services, thosedeviations shall be allowed and shall be reported in writing within 15 days bythe Department of Revenue to the State CIO. The Department of Revenue and theOffice of Information Technology Services shall develop data communicationscapabilities between the two computer centers utilizing the North CarolinaIntegrated Network, subject to a security review by the Secretary of Revenue.
(c) The Department ofRevenue shall prepare a plan to allow for substantial recovery and operation ofmajor, critical computer applications. The plan shall include the names of thecomputer programs, databases, and data communications capabilities, identifythe maximum amount of outage that can occur prior to the initiation of the planand resumption of operation. The plan shall be consistent with commonlyaccepted practices for disaster recovery in the information processingindustry. The plan shall be tested as soon as practical, but not later than sixmonths, after the establishment of the Department of Revenue informationprocessing capability.
(d) Notwithstanding theprovisions of subsections (a) and (b) of this section, the Department ofRevenue shall review and evaluate any deviations and shall, in consultationwith the Office of Information Technology Services, adopt a plan to phase outany deviations that are not determined to be necessary in carrying outfunctions and responsibilities unique to the Department. The plan adopted bythe Department shall include a strategy to coordinate its general informationprocessing functions with the Office of Information Technology Services in themanner prescribed by G.S. 147‑33.83(a) and provide for its compliancewith policies, procedures, and guidelines adopted by the Office of InformationTechnology Services. The Department of Revenue shall submit its plan to theOffice of State Budget and Management by January 15, 2005. (1989, c. 239, s. 5; c. 770,s. 60; 1989 (Reg. Sess., 1990), c. 1024, s. 36; 1991 (Reg. Sess., 1992), c.900, s. 14(g); c. 1030, s. 51.14; 1997‑148, ss. 5, 6; 1999‑347, s.2; 1999‑434, s. 27; 2000‑174, s. 2; 2004‑129, s. 16.)