Presentation is loading. Please wait.

Presentation is loading. Please wait.

Purchasing & IT Security Originally Presented at Fall ACCBO

Published byAugustin Brousseau Modified over 5 years ago

Similar presentations

Presentation on theme: "Purchasing & IT Security Originally Presented at Fall ACCBO"— Presentation transcript:

1 Purchasing & IT Security Originally Presented at Fall ACCBO

2 Background During the 2016 Fall ACCBO Conference, all subject matter related to the Procurement side of this discussion was presented by Clarence Rogers, Associate Director, Procurement Services, from the System Office. Clarence was unable to attend IIPS for this presentation. 1/14/2019

3 Background The intent of this presentation to the Business Officers/ACCBO was to encourage IT participation throughout the purchasing process for all IT contracts and initiatives. 1/14/2019

4 Why the Change? Recent changes in Session Law and the contract approval process with DIT now require Purchasing and IT Security to partner together to be successful. This discussion will put some of the pieces together of how the new process works and about the evolving requirements for managing IT Contracts. 1/14/2019

5 IT Contracts The State CIO shall provide a report of all contract awards approved through the Statewide Procurement Office. The report shall include the amount of the award, the contract term, the awarded vendor, the using agency, and a short description of the nature of the award. 1/14/2019

6 Exception Requests Complete required Exception Request Forms Sourcing
Contract beyond 3 years Limited Waiver (Brand Specific) Waiver (Sole Source) Use of Another Agency Contract/Cooperative Agreement Standards Hosting Data Center Other Security 1/14/2019

7 Purchasing The role of procurement services is to create an effective work flow process and issue binding agreements. Clarence or Sharon will facilitate 1/14/2019

8 Exception Requests Early engagement and partnership between business owners, IT, procurement, and your other internal agency stakeholders is key when defining your submission. 1/14/2019

9 Purchasing The submittal of a requisition after the Business Owner has identified the need is the key to begin the procurement process. 1/14/2019

10 Purchasing The SOW is the most important section of the document.
1/14/2019

11 Purchasing Procurement Office submits solicitation documents (RFQ, IFB, RFP, RFI) and Exception Request to DIT for review and approval to post or issue RFQ to vendor, if waiver of competition. Clarence or Sharon 1/14/2019

12 Purchasing Procurement Office will issue purchase order.
Clarence or Sharon 1/14/2019

13 IT Security 1/14/2019

14 IT Standards & IT Security Exception Request Reviews
Contracts for IT products and services requires the Contract Admin to partner with IT Security and the vendor for success. Contact Administrator Responsibilities w/ IT Security Support Completion of required DIT documentation and forms for the Exception Request Collection of vendor IT security compliance reports and artifacts Annual requirement to recertify IT security compliance 1/14/2019

15 IT Standards & IT Security Exception Request Reviews
What are the Standards for IT Contracts? IT Standards: North Carolina General Statutes 147, Article 3D Session Law and amended in S.L Security Deviation: Statewide Information Security Manual (ISO27001, soon to be NIST) Federal Standards, Policies, Laws: FERPA, HIIPA, PCI-DSS, GLBA, FISMA 1/14/2019

16 IT Standards & IT Security Exception Request Reviews
Conditions that require an Exception Request $0 threshold for IT Contracts needing an Exception Request Session Law , Section 7.9.(b) State agencies shall use the State infrastructure to host their projects, services, data, and applications, except that the State Chief Information Officer may grant an exception if the State agency demonstrates any of the following: (1) Using an outside contractor would be more cost effective for the State. (2)  The Department of Information Technology does not have the technical capabilities required to host the application. Valid security requirements preclude the use of State infrastructure, and a vendor can provide a more secure environment. Session Law amended 7.9.(b) to add: With the prior approval of the State Chief Information Officer, applications that are natively or commercially sold and delivered as cloud‑based solutions are not subject to the requirements of this subsection Deviation from the Statewide Information Security Manual 1/14/2019

17 IT Standards & IT Security Exception Request Reviews
Forms required to address IT Security for DIT Exception Requests DIT Exception Request Forms Always download the latest form from Exception - Form B: Standards DIT Privacy Threshold Analysis (PTA) Form Security Statement by the Agency Security Liaison. (me!) 1/14/2019

18 IT Standards & IT Security Exception Request Reviews
Vendor Documentation and Artifacts This list will vary based on the type of data, transmission, and storage of the data. Cloud can be SaaS, IaaS or PaaS. Cloud based services (not hosted at DIT or on State Infrastructure) Must provide evidence of a major IT Security Compliance assessment SOC 2 Type 2 SSAE 16 ISO Certification FedRAMP A credentialed vulnerability scan Must be Open Vulnerability Assessment Language (OVAL) compliant Support CVE reporting for identification of Critical, High, Medium and Low vulnerabilities Other documentation regarding data flow, security protocols and review process as identified or requested. 1/14/2019

19 IT Standards & IT Security Exception Request Reviews
Most importantly…. This is a new and evolving requirement! 1/14/2019

20 Touchdown System Temporary endeavor Has a start and end date
Applies to the System Office and provided here for information All Information Technology (IT) projects must be tracked in the DIT Touchdown system. IT project defined: Temporary endeavor Has a start and end date Results in an IT product, system or service being implemented or delivered There are no dollar thresholds All IT RFPs must be tracked in the DIT Touchdown system. Includes: Project charter approvals, System Office and State Level Presentation to the Executive Leadership Council Additional reviews/approvals at the State level including RFP review and Contract Award decision points All IT RFIs must be entered in the Touchdown system and in the Business Concept phase. 1/14/2019

21 Roles and Responsibilities of Contract/Business Owner
Contract or Business Owner:  The VP of the Division of the System Office seeking the goods or services provided under the contract.  Role: The VP is the person who has the authority to sign the contract.  Responsibilities: The VP would assign people within his/her division to draft the scope of work, obtain the financial information and obtain other information necessary for a draft agreement or submission to Procurement Services. Applies to the System Office and provided here for information 1/14/2019

22 Roles and Responsibilities of Contract Administrator
Contract Administrator:  Usually the person who is the project Team leader assigned by the Division VP to submit the contract and other necessary documents to Procurement Services.  Roles: This person is the contact person for Procurement Services, Finance and Operations and Legal Affairs for ensuring that changes to the draft are reviewed by the project team.  Responsibilities: This person should be aware of the start and end dates of a contract and the technical terms and requirements of the contract.   Applies to the System Office and provided here for information 1/14/2019

23 Q&A 1/14/2019

Download ppt "Purchasing & IT Security Originally Presented at Fall ACCBO"

Similar presentations

Project Name: Project RFP/RFQ No.: Date: Time: Location:

Project Name: Project RFP/RFQ No.: Date: Time: Location:
DHHS COE Meeting Agenda November, 2013 □Contract Compliance Reporting □Contract Update □Questions and Answers.

DHHS COE Meeting Agenda November, 2013 □Contract Compliance Reporting □Contract Update □Questions and Answers.
JOHN DEIGHAN CHIEF PURCHASING OFFICER ALLEGHENY COUNTY DEPARTMENT OF ADMINISTRATIVE SERVICES DIVISION OF PURCHASING.

JOHN DEIGHAN CHIEF PURCHASING OFFICER ALLEGHENY COUNTY DEPARTMENT OF ADMINISTRATIVE SERVICES DIVISION OF PURCHASING.
Procurement.

Procurement.
(Enter Agency name or logo) Pre-Proposal Conference State of Idaho RFP0(enter IPRO number) RFP issued (enter date) Pre-Proposal Conference (enter date)

(Enter Agency name or logo) Pre-Proposal Conference State of Idaho RFP0(enter IPRO number) RFP issued (enter date) Pre-Proposal Conference (enter date)
Idaho State Historical Society Pre-Proposal Conference State of Idaho RFP02491 RFP issued (October 23, 2012) Pre-Proposal Conference (October 30, 2012)

Idaho State Historical Society Pre-Proposal Conference State of Idaho RFP02491 RFP issued (October 23, 2012) Pre-Proposal Conference (October 30, 2012)
Bidder’s Conference January 7, 2014 State of Vermont Agency of Human Services Pharmacy Benefits Management (PBM) RFP.

Bidder’s Conference January 7, 2014 State of Vermont Agency of Human Services Pharmacy Benefits Management (PBM) RFP.
PROCUREMENT SERVICES DEPARTMENT “How We Do Business”

PROCUREMENT SERVICES DEPARTMENT “How We Do Business”
Department of Transportation Support Services Branch ODOT Procurement Office Intergovernmental Agreements 455 Airport Rd. SE, Bldg K Salem, OR 97301-5348.

Department of Transportation Support Services Branch ODOT Procurement Office Intergovernmental Agreements 455 Airport Rd. SE, Bldg K Salem, OR
1 Purchasing and Procurement Processes Module Four Revision Date: 2/06/2015.

1 Purchasing and Procurement Processes Module Four Revision Date: 2/06/2015.
Office of Business Development Training

Office of Business Development Training
ZHRC/HTI Financial Management Training

ZHRC/HTI Financial Management Training
WELCOME TO THE PROCUREMENT SEMINAR Procurement and Contracts An Overview of Contract Administration.

WELCOME TO THE PROCUREMENT SEMINAR Procurement and Contracts An Overview of Contract Administration.
Department of Economic Opportunity WelcomeTo Contract Review Form Training.

Department of Economic Opportunity WelcomeTo Contract Review Form Training.
Application Security Management Functional Project Manager (s) ERP Project Director ERP Campus Executive University & Campus Administration Security Policy.

Application Security Management Functional Project Manager (s) ERP Project Director ERP Campus Executive University & Campus Administration Security Policy.
Washington Metropolitan Area Transit Authority Pre-Proposal Conference Sourcing and Contracts Management System (CMS) Solution Request for Proposal FQ-12166.

Washington Metropolitan Area Transit Authority Pre-Proposal Conference Sourcing and Contracts Management System (CMS) Solution Request for Proposal FQ
A SOUND INVESTMENT IN SUCCESSFUL VR OUTCOMES FINANCIAL MANAGEMENT FINANCIAL MANAGEMENT.

A SOUND INVESTMENT IN SUCCESSFUL VR OUTCOMES FINANCIAL MANAGEMENT FINANCIAL MANAGEMENT.
The Office of Purchasing and Contracts provides efficient, professional, non- intrusive support to the University community in meeting their procurement.

The Office of Purchasing and Contracts provides efficient, professional, non- intrusive support to the University community in meeting their procurement.
PROCUREMENT SERVICES DEPARTMENT “How We Do Business”

PROCUREMENT SERVICES DEPARTMENT “How We Do Business”
Submitting IT Purchasing Statements of Work to DIR SB 20 COMPLIANCE FOR TEXAS STATE AGENCIES TECHNOLOGY SOLUTIONS FOR GOVERNMENT AND EDUCATION.

Submitting IT Purchasing Statements of Work to DIR SB 20 COMPLIANCE FOR TEXAS STATE AGENCIES TECHNOLOGY SOLUTIONS FOR GOVERNMENT AND EDUCATION.

Similar presentations

Ads by Google