Approval Processes
IT Procurement Approval Process for Participating Agencies
Prior to procurement for an IT good or service, a participating agency must obtain approval from DoIT. The request may be submitted prior to issuing an RFP, pursuant to an established Master Agreement, or prior to executing an SOW. The approval is obtained by submitting an IT Procurement Request form found at the link at the bottom of the page. This approval is required when one or more of the following factors are present:
- Costs of $25,000 or more;
- 750 agency staff hours or more;
- Involves substantial information-security concerns, including but not limited to the sensitivity or confidentiality of the data involved; the location of the system, data to be stored therein, or both; or the data involved is subject to state or federal regulatory requirements governing data security, confidentiality, or integrity; or
- Involves significant compatibility, interoperability, or connectivity concerns.
Ongoing approvals are not required unless there is a change in the acquisition resulting in an increase in costs of 10% or $25,000, whichever is less, or a change impacting the storage or processing of sensitive data or infrastructure concerns. If an agency is unsure whether these concerns are implicated, it may consult with DoIT.
For purchases in which a reseller has been identified to provide the good/service, the agency will be required to affirmatively state that more than one reseller was contacted for a quote. If more than one reseller offers the good/service, the agency is expected to choose the lower cost unless there’s a sufficient reason not to.
Once the form is submitted, and the participating agency has acquired all appropriate approvals from its leadership, DoIT strives to provide a response to the request within 2 weeks.
DoIT reviews the proposed procurement in order to:
- Determine whether the procurement complies with IT governance requirements.
- Propose or advise an appropriate method for procurement.
- Determine whether the procurement is necessary and in the best interest of the state.
The IT Procurement Request form requires the following information:
- Estimated cost
- A description of the procurement
- How the agency intends to procure
- What types of data will be processed or stored, and where will that data reside
When the proposed procurement indicates that sensitive information will be processed or stored, an additional review by the cybersecurity office is required. The agency may be required to abide by additional standards imposed by Security and/or further consultation with Security may be necessary.
Every submission will require the agency’s finance officer and director approval. The submission is also reviewed by a Department of Management analyst. If the request requires clarification, the Office may contact the submitting agency to clarify via email or phone. DoIT may also return the submission for clarification to be made within the submission itself. DoIT must have sufficient understanding of the procurement in order to identify potential security or infrastructure concerns.
DoIT’s approval may offer contingencies or conditions. If DoIT denies a request, the Office will notify the agency of its options.
Once the agency has received an approval for an IT acquisition, the agency may proceed with the procurement process or purchase.
(Iowa Admin. r. Code 129—10.7(8B))
Contact Us
If you have questions regarding the information technology procurement process, please contact us at OCIOprocurement@iowa.gov.