These VITA Rules have been developed by VITA and other public bodies, institutions, commissions and other subdivisions of the commonwealth receiving services under a VITA contract (“customers”). VITA Rules apply to suppliers’ performance or delivery of all information technology goods or services. 

Suppliers must deliver their goods and perform their services at all times in a manner that allows for and supports compliance by the public body(ies) receiving, using, or consuming the goods and services.

In addition to, and without limiting any of, the specific standards and policies listed below, all hardware, systems and services provided to the commonwealth, or that may be used to access, process, or store commonwealth data, must comply with all applicable commonwealth and federal laws, regulations, policies, guidelines, and standards in effect at the time of delivery of the goods and services.

Information Technology Resource Management (ITRM) Policies, Standards and Guidelines

  • The policies, standards and guidelines for commonwealth ITRM, including those for commonwealth security, enterprise architecture, project management, program management and supply chain management are found on the following page: 

Federal Laws, Regulations, Policies and Standards

Without limiting any contractual obligation a supplier may have to comply with applicable federal laws, regulations, standards and policies, following is a list of federal laws, regulations, policies and standards that VITA hereby incorporates as a part of VITA Rules: 

Agency-specific Regulations, Rules, Policies and Procedures

Industry-specific Standards

  • Payment Card Industry – Data Security Standard (PCI-DSS)