(1) If a state agency determines a need for a new enterprise standard or policy or a modification to an existing enterprise standard or policy, a written request may be submitted in accordance with processes and forms adopted by the department. The request must:

(a) describe the need for a new or amended standard or policy;

(b) describe the of consequences of failure to adopt or modify a standard or policy;

(c) specify details of the standard or policy;

(d) offer alternatives to the standard or policy;

(e) analyze the impact on the enterprise of adoption and nonadoption of the standard or policy;

(f) provide a proposed effective date of the standard or policy.

(2) The department shall apply the following process in reviewing the request:

(a) determine if the proposal is in compliance with strategic direction of the state;

(b) confer with subject matter experts within and outside of the department;

(c) solicit input in accordance with department adopted standard development and policy development processes;

(d) evaluate input received;

(e) conduct a review by the CIO;

(f) at the discretion of the department, present the proposal to the information technology board or other advisory groups;

(g) notify the requesting state agency director, advisory groups and stakeholders of approval and associated effective date or disapproval of the standard or policy.

(3) When the department creates or modifies procedures or guidelines that directly affect how a state agency interacts with the department, the department will review those with the necessary advisory groups prior to adoption.

(4) Any agency within the enterprise may develop their own information technology standards and policies as needed within their organization as long as these standards and policies do not conflict with statute, rule or enterprise standards and policies established by the department.

History: 2-17-518, MCA; IMP, 2-17-512, MCA; NEW, 2003 MAR p. 2417, Eff. 10/31/03.