30.5 How to Begin the High Risk IT Procurement Review Process
30.5.4 Enterprise Cloud and Oversight Services (ECOS)
If your high-risk IT procurement will be leveraging Cloud services as part the solution, your agency must follow all required Enterprise Cloud and Oversight Service (ECOS) processes. High-risk solicitations for Cloud services must include an ECOS Assessment form, which Cloud solution providers must complete and submit as part of their proposal.
Additionally, all high-risk solicitations for Cloud computing services must include an Exhibit of Additional Cloud Services Contractual Terms and Conditions. These are to be negotiated after proposals have been evaluated, and select Suppliers have been invited to contract negotiations. An SCM Cloud Sourcing Specialist and Enterprise Services expert, if necessary, must be present during contract negotiations. For additional guidance, refer to the ECOS Procedure Checklist, located at the following link: ECOS Procedure Checklist for Cloud Solicitations and Contracts.
Once your agency has determined which Supplier(s) will move forward to contract negotiations, your agency must submit a request for an ECOS Assessment of the remaining Supplier(s). This assessment must be complete prior to the conclusion of contract negotiations.
A high-risk IT contract for Cloud services cannot be awarded until the Supplier has passed the ECOS Assessment, prior to VITA CSRM written approval of any Security Exceptions, or prior to final negotiations to the Exhibit of Cloud Services Additional Contractual Terms and Conditions.
Contact scminfo@vita.virginia.gov for the most current version of the Exhibit of Additional Cloud Terms and Conditions.
Search the manual by key words or common terms.