9-27-6. Secretary; duties and general powers.
A. The secretary is responsible to the governor for the operation of the department. It is the secretary's duty to manage all operations of the department and to administer and enforce the laws with which the secretary or the department is charged.
B. To perform the secretary's duties, the secretary has every power expressly enumerated in the laws, whether granted to the secretary or the department or any division of the department, except where authority conferred upon any division is explicitly exempted from the secretary's authority by statute. In accordance with these provisions, the secretary shall:
(1) exercise general supervisory and appointing authority over all department employees, subject to any applicable personnel laws and regulations;
(2) delegate authority to subordinates as the secretary deems necessary and appropriate, clearly delineating such delegated authority and the limitations thereto;
(3) organize the department into those organizational units the secretary deems will enable it to function most efficiently, subject to provisions of law requiring or establishing specific organizational units;
(4) within the limitations of available appropriations and applicable laws, employ and fix the compensation of those persons necessary to discharge the secretary's duties;
(5) take administrative action by issuing orders and instructions, not inconsistent with the law, to ensure implementation of and compliance with the provisions of law for whose administration or execution the secretary is responsible and to enforce those orders and instructions by appropriate administrative action in the courts;
(6) conduct research and studies that will improve the operations of the department and the provision of services to state agencies and the residents of the state;
(7) provide courses of instruction and practical training for employees of the department and other persons involved in the administration of programs with the objective of improving the operations and efficiency of administration;
(8) prepare an annual budget of the department;
(9) provide cooperation, at the request of heads of administratively attached agencies, in order to:
(a) minimize or eliminate duplication of services and jurisdictional conflicts;
(b) coordinate activities and resolve problems of mutual concern; and
(c) resolve by agreement the manner and extent to which the department shall provide budgeting, record-keeping and related clerical assistance to administratively attached agencies; and
(10) appoint for each division a "director". These appointed positions are exempt from the provisions of the Personnel Act [10-9-1 NMSA 1978]. Persons appointed to these positions shall serve at the pleasure of the secretary.
C. As the chief information officer, the secretary shall:
(1) review executive agency plans regarding prudent allocation of information technology resources; reduction of duplicate or redundant data, hardware and software; and improvement of system interoperability and data accessibility among agencies;
(2) approve executive agency information technology requests for proposals and other executive agency requests that are subject to the Procurement Code [13-1-28 NMSA 1978], prior to final approval;
(3) promulgate rules for oversight of information technology procurement;
(4) approve executive agency information technology contracts and amendments to those contracts, including emergency procurements, sole source contracts and price agreements, prior to approval by the department of finance and administration;
(5) develop and implement procedures to standardize data elements, determine data ownership and ensure data sharing among executive agencies;
(6) verify compliance with state information architecture and the state information technology strategic plan before approving documents referred to in Paragraphs (2) and (4) of this subsection;
(7) monitor executive agency compliance with its agency plan, the state information technology strategic plan and state information architecture and report to the governor, executive agency management and the legislative finance committee on noncompliance;
(8) develop information technology cost recovery mechanisms and information systems rate and fee structures of state agencies and other public or private sector providers and make recommendations to the information technology rate committee;
(9) provide technical support to executive agencies in the development of their agency plans;
(10) ensure the use of existing public or private information technology or telecommunications resources when the use is practical, efficient, effective and financially prudent and is in compliance with the Procurement Code;
(11) review appropriation requests related to executive agency information technology requests to ensure compliance with agency plans and the state information technology strategic plan and make written recommendations by November 14 of each year to the department of finance and administration and by November 21 of each year to the legislative finance committee, the appropriate interim legislative committee and the information technology commission; provided, however, that the recommendations to the legislative committees and the commission have been agreed to by the department of information technology and the department of finance and administration;
(12) promulgate rules to ensure that information technology projects satisfy criteria established by the secretary and are phased in with funding released in phases contingent upon successful completion of the prior phase;
(13) provide oversight of information technology projects, including ensuring adequate risk management, disaster recovery and business continuity practices and monitoring compliance with strategies recommended by the information technology commission for information technology projects that affect multiple agencies;
(14) conduct reviews of information technology projects and provide written reports to the information technology commission and appropriate legislative oversight bodies;
(15) conduct background checks on department employees and prospective department employees that have or will have administrative access or authority to sensitive, confidential or private information or the ability to alter systems, networks or other information technology hardware or software;
(16) report to the information technology commission projects that have been certified and are in compliance with contingencies; and
(17) perform any other information technology function assigned by the governor.
D. Each executive agency shall submit an agency information technology plan to the secretary in the form and detail required by the secretary. Each executive agency shall conduct background checks on agency or prospective agency employees that have or will have administrative access or authority to alter systems, networks or other information technology hardware or software.
E. A state agency that receives an invoice from the department for services rendered to the agency shall have thirty days from receipt of the invoice to pay the department or to notify the department if the amount of the invoice is in dispute. The agency shall have fifteen days from its notification of dispute to the department to present its reasons in writing and request an adjustment. The department shall have fifteen days from its receipt of the reasons for dispute to notify the agency of its decision. If the department and the agency do not agree on a resolution, the secretary of finance and administration shall make a determination on the amount owed by the agency to the department. If the agency has not paid the department or notified the department of a dispute within thirty days of receipt of the invoice, the department shall notify the department of finance and administration and request that the department of finance and administration transfer funds from the agency to the department of information technology to satisfy the agency's obligation.
F. The secretary, as chief information officer, shall prepare a state information technology strategic plan for the executive branch and update it at least once every three years, which plan shall be available to agencies by July 31 of each year. The plan shall comply with the provisions of the Department of Information Technology Act and provide for the:
(1) interchange of information related to information technology among executive agencies;
(2) coordination among executive agencies in the development and maintenance of information technology systems; and
(3) protection of the privacy and security of individual information as well as of individuals using the state's information technology systems.
G. The secretary may apply for and receive, with the governor's approval, in the name of the department, any public or private funds, including United States government funds, available to the department to carry out its programs, duties or services.
H. Where information technology functions of executive agencies overlap or a function assigned to one agency could better be performed by another agency, the secretary may recommend appropriate legislation to the next session of the legislature for its approval.
I. The secretary may make and adopt such reasonable procedural rules as may be necessary to carry out the duties of the department and its divisions and requirements and standards for the executive branch's information technology needs, functions, systems and resources, including:
(1) information technology security;
(2) approval for procurement of information technology that exceeds an amount set by rule;
(3) detail and format for the agency information technology plan;
(4) acquisition, licensing and sale of information technology; and
(5) requirements for agency information technology projects and related plan, analysis, oversight, assessment and specifications.
J. Unless otherwise provided by statute, no rule affecting any person or agency outside the department shall be adopted, amended or repealed without a public hearing on the proposed action before the secretary or a hearing officer designated by the secretary. The public hearing shall be held in Santa Fe unless otherwise permitted by statute. Notice of the subject matter of the rule, the action proposed to be taken, the time and place of the hearing, the manner in which interested persons may present their views and the method by which copies of the proposed rule, proposed amendment or repeal of an existing rule may be obtained shall be published once at least thirty days prior to the hearing date in a newspaper of general circulation and mailed at least thirty days prior to the hearing date to all persons who have made a written request for an advance notice of hearing. Rules shall be filed in accordance with the State Rules Act [14-4-1 NMSA 1978].