2-17-514. Department -- enforcement responsibilities. (1) If the department determines that an agency is not in compliance with the state strategic information technology plan provided for in 2-17-521, the agency information technology plan provided for in 2-17-523, or the statewide information technology policies, framework, controls, standards, procedures, and guidelines provided for in 2-17-505 and 2-17-512, the department may cancel or modify any contract, project, or activity that is not in compliance.
(2) If the department determines that an agency is not in compliance with the state security policies, framework, controls, standards, procedures, and guidelines provided for in 2-17-534, the department may take appropriate action, in its sole discretion, up to and including terminating the information technology resource and requiring the use of an alternative information technology resource.
(3) Any contract entered into by an agency that includes information technology resources must include language developed by the department that references the department's enforcement responsibilities provided for in subsection (1). A contract that does not contain the required language is considered to be in violation of state law and is voidable pursuant to subsection (1). The language developed by the department may not be varied pursuant to 18-4-224.