Rule 3301-3-07 | Performance requirements.

Information technology centers shall meet the following performance requirements:

(A) Governance - agreement/constitution

(1) The agreement between user entities establishing an information technology center shall be ratified by all user entities, be in compliance with section 3313.92 or Chapter 167. of the Revised Code, reviewed by legal counsel for compliance with section 3313.92 or Chapter 167. of the Revised Code, and be approved by the superintendent of public instruction.

(2) The agreement shall include such provisions for a governing assembly as a board of directors or an executive committee.

(3) The agreement shall include provisions for a systematic approach to encourage participation that is representative of all end users and governance that is representative of all user entities.

(4) The agreement shall define the responsibilities of each component of the organizational structure.

(5) The information technology center's governing authority shall rest with the board of directors or the governing assembly rather than the fiscal agent.

(6) The agreement shall set forth the process of change and define how organizational changes are to occur, including, amending the agreement, changing the fiscal agent, adding and withdrawing membership, and changing officers.

(7) The information technology center's governance document shall contain language that holds harmless the fiscal agent for any liabilities, obligations, claims, damages, penalties, causes of action, costs or expenses relating to the operation and activities of the information technology center. Amounts to be paid in settlement of any such claims or damages, including attorneys' fees and costs and expenses, shall be apportioned among all districts participating in the information technology center to the extent permitted by law.

The provisions of paragraph (A)(7) of this rule would not be applicable to cases of misfeasance, malfeasance, nonfeasance, or other illegal or inappropriate activities directly attributed to the actions of the fiscal agent.

(8) All governance policies and procedures, as well as daily site operations, shall be in accordance with the information technology center's current by-laws, agreement(s), or both.

(9) All information technology centers shall maintain fully executed contractual agreements with their user entities. The contractual agreement between the information technology center and its user entities must specify at a minimum the quality implementation standards, as defined by the department, for all core services, as well as any additional fees to supplement state subsidy for the core services.

(B) Fiscal operations requirements

(1) Local fiscal operations

(a) The information technology center shall evidence the appropriate appointment and utilization of a fiscal agent.

(i) An information technology center organized under section 3313.92 of the Revised Code shall designate one user entity participating in the consortium agreement to act as fiscal agent.

(ii) An information technology center organized as a council of governments in accordance with Chapter 167. of the Revised Code may employ its own treasurer to assume all financial responsibilities or may elect to designate one user entity participating in the council to act as fiscal agent.

(iii) The fiscal agent treasurer or the treasurer employed by a council of governments is responsible for all financial transactions associated with the information technology center.

(iv) The fiscal agent treasurer or the treasurer employed by a council of governments shall be licensed in accordance with section 3301.074 of the Revised Code.

(b) Financial accounting records of information technology center activities shall be separately maintained and be auditable.

(i) Information technology centers shall perform all financial transactions and accounting procedures in compliance with applicable laws of the state of Ohio and requirements of the auditor of state.

(ii) Information technology centers shall establish, define, and adhere to procedures for receipting expenditures and accounting and equipment acquisition, inventory, and disposition.

(c) The appropriate governing bodies of the information technology center shall approve all fee assessments, contracts, employee compensation and benefits, as well as initial and modified appropriations, as evidenced by official meeting minutes.

(d) The board of directors or the governing assembly shall be provided access to the following:

(i) Detailed fiscal reports for each regular board of directors or governing assembly meeting.

(ii) Other reports upon request.

(2) Financial condition

(a) Amortization periods for the retirement of indebtedness shall not exceed the recommended schedules for depreciation as established by the internal revenue service.

(b) The information technology center shall establish a schedule of fees for services that, in combination with state subsidy funding, cash reserves, and other sources of revenue, shall generate operating funds sufficient to meet anticipated expenditures.

(C) Operating requirements

(1) Organization

(a) The information technology center shall hold a valid permit and maintain compliance with the criteria established for that permit as identified in rule 3301-3-03 of the Administrative Code.

(b) The information technology center shall be in compliance with section 3301.075 of the Revised Code and with the OECN line item appropriation language contained in House Bill 1 of the 128th General Assembly.

(c) The information technology center as organized in accordance with either Chapter 167. or section 3313.92 of the Revised Code shall provide a current copy of its organizational agreement(s) for review during the site review specified in paragraph (A)(2) of rule 3301-3-04 of the Administrative Code and upon request by the department and/or the public.

(2) Core services

(a) Core services shall be delivered based upon the quality implementation standards communicated by the department.

(b) All software and hardware used by information technology center shall enable efficient and effective end-user access to the core services.

(c) Equipment for computer systems or support services may be shared among and between multiple information technology centers in order to increase operational efficiencies, lower operating costs, and/or to improve service reliability.

(d) Contractual agreements shall be executed with user entities across all core service areas specifying the areas of service (e.g. software management, data management, training, problem resolution, documentation, communication and quality of service), responsibilities of the information technology center and the user entity for each area of service, and quality implementation standards for each area of service.

(e) Specific guidelines applying to internet access and networking services

(i) The speed and reliability of the network shall be commensurate with department standards and provide for optimal performance to end users.

(ii) Standards established by the department for connectivity shall be maintained by the information technology center.

(iii) The information technology center shall be responsible for any repairs or maintenance to the network and equipment for accessing the internet.

(iv) The information technology center shall coordinate and manage an integrated services network that may include, but not be limited to, voice, video, and data services. Any educational entity desiring to be connected shall have the option of access and the primary internet service provider(s) shall involve the network and provider(s) selected by the department.

(3) Reports

(a) The information technology center shall file with the department a continuous improvement plan that meets department guidelines and timeframes as set by the department. The report shall include tthe information technology center's planned versus actual delivery of core services based upon quality implementation standards. The report shall inform the department-managed accountability system for the OECN. The information technology center shall respond in writing to the department and/or make operational adjustments as directed by the department if deficiencies are noted in the department's review of the continuous improvement plan.

(b) The information technology center shall implement an automated help-desk system with quality implementation standards defined by the department in partnership with the OECN. The system shall, at a minimum, facilitate communication and problem resolution among user entities and escalation to appropriate information technology center staff across the OECN, as well as with the department. The system shall enable the reporting of quality implementation metrics for the core services to the department and provide data for the department-managed accountability system for the OECN.

(c) Detailed financial records of the information technology center for the current and previous fiscal year transactions shall be made available to the department during the site-review conducted pursuant to rule 3301-3-04 of the Administrative Code. Financial records shall also be made available to the department within sixty days of the end of the fiscal year in an electronic format as specified by the department.

(4) Business continuity, security, data release, and other safeguards

(a) A written business continuity plan shall be formulated, reviewed at regular intervals by the governing body of the information technology center, and be kept on file at the department.

(b) A written security policy shall be implemented to include the following:

(i) The policy shall specify the methods for obtaining, processing, reporting and storing data.

(ii) The policy shall prohibit access to the computer systems and services by unauthorized personnel.

(c) The information technology center staff shall be bonded, at a level determined by the information technology center's governing body, for the faithful performance of their duties.

(d) The information technology center shall have insurance coverage for all fixed assets.

(e) A data-retention policy shall be written, implemented, and communicated to all user entities, and shall specify how data are stored and restored and the method for disposal of data.

(f) The computer system shall be reviewed at regular intervals to ensure sufficient system performance and data security.

(g) The information technology center shall not modify in any respect software or associated data structures provided by the department without the prior written approval from the superintendent of public instruction or his or her designee.

(h) The environment for the computer systems shall be in compliance with the manufacturer's standards for installation, power, and maintenance.

(i) The physical security of the information technology center shall prevent unauthorized access to the computer systems.

(j) A written data release policy shall be implemented and communicated by the information technology center. The policy shall describe the process for requesting a release, return, or transfer of data. A release, return, or transfer of data shall occur no later than ten business days following the district's request, unless otherwise specified and agreed upon by both the district and the information technology center.

(5) Information technology center personnel

(a) Staffing levels shall be sufficient to meet the service needs of the user as measured by end-user and staff satisfaction. Personnel assignments shall be made to ensure that user support needs are met and that all core services are successfully delivered.

(b) All staff shall have training and/or experience necessary to perform the duties contained in their job descriptions.

(c) All information technology center staff shall be given the appropriate training for the task assigned.

(d) All information technology center staff whose job assignments are related to the support of technology or technology services shall engage in an ongoing program of in-service relative to their area of assignment. Staff training shall be aligned with the continuous improvement plan of the information technology center and reflect the policies and guidelines established by the local professional development committee (LPDC).

(e) Information technology staff who hold an educator license or certificate issued by the Ohio department of education and who are utilizing the LPDC process in order to renew and maintain department licensure shall follow the license renewal and professional development requirements and timelines established in rule 3301-24-08 of the Administrative Code.