This chapter focuses on how the process of technology acquisition is different from other types of commodity and services sourcing. It also explains why IT procurements require special diligence and the application of specialized best practices to obtain best-value IT solutions for the Commonwealth. IT procurement differs in complexity and analysis from commodity-driven procurements because technology is constantly changing due to new service offerings like cloud computing, constant technical improvements, software changes like open source software and security enhancements Unlike general commodities, IT goods and services may have very complex interdependencies, continuity requirements or serious risk considerations that support the operational backbone of the Commonwealth's public safety and citizen services.
Additionally, the Code of Virginia has evolving procurement requirements, based on annual legislative changes. These changes involve the Commonwealth's IT strategic planning and reporting, which ensures that technology projects are planned in accordance with the Commonwealth's overall IT strategy. The CIO of Virginia is required to develop policies, standards and guidelines that require that any contract for information technology entered into by the Commonwealth's executive, legislative, and judicial branches and independent agencies be made in accordance with federal laws and regulations pertaining to information security and privacy, as defined by § 2.2-2009 of the Code of Virginia. In addition, in accordance with House Bill 1221, all agencies are required to have cybersecurity policies that meet or exceed the Commonwealth's cybersecurity policy. The CIO is required to conduct an annual comprehensive review of cybersecurity policies of every executive branch agency, with a particular focus on breaches in information technology that occurred in the reviewable year and any steps taken by agencies to strengthen cybersecurity measures in accordance with § 2.2-2009.
Refer to Chapter 1 for discussion on IT procurement delegation and authority and unique processes and procedures that agencies are required to comply with.
VITA is committed to using technology procurement processes supported by the Virginia Public Procurement Act and industry best practices. These IT procurement business processes will enable VITA and the Commonwealth to achieve an IT sourcing environment which: