Your browser does not support JavaScript!

Resource Table

Table of Resources for High-Risk Procurements

Note: Most items in this table are also helpful for other types of IT procurements that are not considered high-risk.

General Information

Chapter 30 of VITA's IT Procurement Manual

Provides useful information on the high-risk procurement process.


VITA templates for IT solicitations and contracts

VITA recommends agencies always use these templates for their IT procurements. To ensure that agencies are using the most up-to-date versions, VITA also recommends that agencies request these templates each time they are ready to begin a new IT procurement. Templates are not available on VITA’s website and must be obtained by emailing:

Minimum Contractual Requirements Matrix

Matrix that needs to be completed by agencies and submitted for review to VITA with delegated, major, and high-risk IT solicitation and contract packages. The procurement officer should complete the matrix and provide it to their agency AITR to submit, along with the complete high-risk IT solicitation or contract document package, in Planview Enterprise 1.

Performance metrics tool

Guide with examples for creating performance measures/service level agreements for request for proposals (RFPs) and contracts.


Project Milestones and Deliverables Template

A template for preparing a milestones and deliverables plan for your solicitation or contract. VITA recommends that agencies include a milestones and deliverables table for each high-risk procurement.


Negotiation Strategy and Risk Analysis Worksheet

A resource to help agencies develop a strategy to maximize their success in negotiating with suppliers.


Training Videos

Performance Measures Training Video

Performance Measures Transcript

Provides insight into drafting clear and distinct performance metrics, enforcement provisions, and remedies, including how they work together to make a strong contract. Also covers examples of compliant and noncompliant performance measures to help our customers when creating their contract performance measures. Transcript of the video with additional information and resources is available.


VITA Review Process Video

VITA Review Process Video Transcript

Focuses on VITA’s delegated thresholds, the IT governance groups involved in the review process, submission requirements, and process steps for major projects, cloud and high-risk IT procurements. Transcript of the video with additional information and resources is available.

Cloud Procurements and ECOS Process Training Video

Cloud Procurements and ECOS Process Transcript

Defines cloud-based solutions and lays out the steps in the ECOS (enterprise cloud oversight service) process including, the steps to follow for RFPs with cloud-based solutions and how to award a cloud contract with or without an RFP. Transcript of the video with additional information and resources is available.

Please note that as of January 2024, Information Security Standard 525 (SEC525) has been changed to Information Security Standard 530 (SEC530).  All references to SEC525 now refer to SEC530.  

Software as a Service (SaaS/Cloud)

ECOS/COV Ramp Procedure Checklist for Cloud Solution Solicitations and Contracts

Step-by-step guide to assist agencies with cloud procurements.


Cloud Services Additional Contract Terms and Conditions ("Cloud Terms")

Terms to be included in solicitations and contracts for supplier-hosted (cloud) solutions. It is important to use the most up-to-date version of the cloud terms, as they are subject to change. The cloud terms may be obtained by emailing

Cloud Service Assessment Form

This must be included in solicitations for cloud-hosted solutions. Go to VITA service portal, and search for "Cloud Service Assessment" and then scroll down to "Attachment for 1-1003" and download the form. The assessment form will be completed by the supplier and reviewed by VITA to verify the supplier's ability to meet the Commonwealth security and governance requirements for non-premise based (cloud) services.

Enterprise Cloud Oversight Service (ECOS)

A description of the Enterprise Cloud Oversight Service, which provides oversight functions and management of cloud based services.

Please hover over the Procurement tab at the top of this page for other useful information concerning information technology procurements.

Back to overview Would you like to provide SCM feedback on its site?