As used in this article 37.5, unless the context
otherwise requires:
(1) Advisory board means the government data advisory board created in
section 24-37.5-702.
(2) Availability means the timely and reliable access to and use of
information created, generated, collected, or maintained by a public agency.
(3) Chief information officer means the chief information officer appointed
pursuant to section 24-37.5-103.
(4) Confidentiality means the preservation of authorized restrictions on
information access and disclosure, including the means for protecting personal
privacy and proprietary information.
(5) Data means facts that can be collected, analyzed, or used in an effort
to gain knowledge or make decisions, and that are represented as texts, numbers,
graphics, images, sounds, and videos.
(6) Data management means development and execution of architectures,
policies, practices, and procedures that properly manage the creation, collection,
protection, sharing, analysis, transmission, storage, and destruction of data.
(7) Department of higher education means the Colorado commission on
higher education, collegeinvest, the Colorado student loan program, the Colorado
college access network, the private occupational school division, and the state
historical society.
(8) Disaster recovery means the provisioning of the office's provided
services for operational recovery, readiness, response, and transition of information
technology applications, systems, or resources.
(9) Enterprise means:
(a) Information technology services that can be applied across state
government; and
(b) Support for information technology that can be applied across state
government, including:
(I) Technical support;
(II) Software;
(III) Hardware;
(IV) People; and
(V) Standards.
(10) Information security means the protection of communication and
information resources from unauthorized access, use, disclosure, disruption,
modification, or destruction in order to:
(a) Protect against theft or misappropriation of information, as well as
improper access, modification, degradation, or destruction of information;
(b) Preserve authorized restrictions on information access and disclosure;
(c) Ensure timely and reliable access to and use of information; and
(d) Maintain the confidentiality, integrity, and availability of information.
(11) Information security plan means the plan developed by a public agency
pursuant to section 24-37.5-404.
(12) Information technology means technology, infrastructure, equipment,
systems, software, controlling, displaying, switching, interchanging, transmitting,
and receiving data or information, including audio, video, graphics, and text.
Information technology shall be construed broadly to incorporate future
technologies that change or supplant those in effect as of September 7, 2021.
(13) Infrastructure means data and telecommunications networks, data
center services, website hosting and portal services, and shared enterprise services
such as email and directory services; except that infrastructure does not include
the provision of website information architecture and content.
(14) Institution of higher education means a state-supported institution of
higher education.
(15) Integrity means the prevention of improper information modification or
destruction and ensuring information nonrepudiation and authenticity.
(16) Interdepartmental data protocol means file sharing and governance
policies, processes, and procedures that permit the merging of data for the
purposes of policy analysis and determination of program effectiveness.
(17) Joint technology committee means the joint technology committee
created in section 2-3-1702.
(18) Local government means the government of any county, city and
county, home rule or statutory city, town, special district, or school district.
(19) Major information technology project means a project that considers
risk, impact on employees and citizens, and budget, and that includes at least one
of the following: A complex set of challenges, a specific level of business criticality,
a complex group or high number of stakeholders or system end users, a significant
financial investment, or security or operational risk. A major information
technology project includes, without limitation, implementing a new information
technology system or maintaining or replacing an existing information technology
system.
(20) Nongovernmental organization means any scientific, research,
professional, business, or public-interest organization that is neither affiliated with
nor under the direction of the United States government or any state or local
government.
(21) Office means the office of information technology created pursuant to
section 24-37.5-103.
(22) Personal identifying information means any information that alone, or
in combination with other information, can be used to identify an individual,
including, but not limited to, social security number, driver's license number or
other identification number, biometric data, personal health information as defined
by the federal Health Insurance Portability and Accountability Act of 1996, as
amended, Pub.L. 104-191, and other information that is considered personal
information or personally identifiable information as defined in law.
(23) Political subdivision means a municipality, county, city and county,
town, or school district in this state.
(24) Project management means the application of knowledge, skills, tools,
and techniques to support completing outcomes identified in the work.
(25) Project manager means a person who is trained in the management of
information technology projects and is responsible for organizing and leading the
project team that accomplishes all of the project deliverables.
(26) Public agency means every state office, whether executive or judicial,
and all of its respective offices, departments, divisions, commissions, boards,
bureaus, and institutions. Public agency does not include institutions of higher
education or the general assembly.
(27) Security incident means an accidental or deliberate event that results
in or constitutes an imminent threat of the unauthorized access, loss, disclosure,
modification, disruption, or destruction of communication and information
resources.
(28) State agency means all of the departments, divisions, commissions,
boards, bureaus, and institutions in the executive branch of the state government.
State agency does not include the legislative or judicial department, the
department of education, the department of law, the department of state, the
department of the treasury, or state-supported institutions of higher education.
(29) State information technology personnel means any personnel whose
employment is necessary to carry out the purposes of this article 37.5 by the chief
information officer and to administer, perform, and enforce the powers, duties, and
functions of the office.