CIO-050 Enterprise Procurement of IT Assets Policy

Office of the Chief Information Officer Enterprise Policy

CIO-050: Enterprise Procurement of Information Technology Assets Policy

Effective Date: 12/15/2014
Revision Date: 01/13/2017
Review Date: 01/13/2017

Policy Statement:  The purpose of this policy is to describe responsibilities and processes regarding the procurement, ownership and tracking of information technology (IT) assets.
 
Policy Maintenance:  The Asset Management Branch within the Office of IT Service Management is responsible for maintaining and updating this policy.
 
Authority:  KRS 42.726 authorizes the Commonwealth Office of Technology (COT) to develop policies that support and promote the effective application of information technology within the executive branch of state government, as well as information technology directions, standards, and necessary management processes to assure full compliance with those policies.
 
Applicability:  This policy is to be adhered to by all executive branch agency staff and staff of non-executive branch agencies that voluntarily consolidated their IT infrastructure operations under COT, including employees, contractors, consultants, temporaries, volunteers, vendors and other workers that wish to procure IT assets.
 
Responsibility for Compliance:  Agencies and staff outlined above in ‘Applicability’ are expected to understand and follow these guidelines.  Each agency is responsible for assuring that staff and users under its authority have been made aware of the provisions of this policy, that compliance by the staff member is expected, and that intentional disregard for this policy may result in disciplinary action pursuant to KRS 18A up to and including dismissal.  It is the responsibility of each Executive Cabinet agency to enforce and manage the application of this policy.
 
Review Cycle:  This policy will be reviewed at least every two years.
 
Definitions:
Asset: a piece of equipment or a component thereof that can be identified by an IT-related commodity code in the Commonwealth’s accounting system, or that interfaces directly with the enterprise data network.  This includes, but is not limited to hardware, software, and service offerings that provision pieces of IT infrastructure in a shared environment.
Information Technology Standards Committee (ITSC): The mission of the ITSC is to govern information technology standards for the executive branch of Kentucky State Government.
Kentucky Information Technology Standards (KITS): The KITS is comprised of formalized IT standards covering the broad spectrum of technology environments to include software, hardware, networks, applications, data, security, access, communications, project management and other relevant architecture disciplines.
 
 
Policy:  This policy governs the procurement and inventory processes used to manage the lifecycles of IT assets, at both the strategic and operational levels.  Excluded from this policy will be the purchase and tracking of consumable items which are not covered by COT rated services and have a cost lower than $500.00, such as CDs, DVDs, USB “thumb drives”, external optical disc drives (CD/DVD), laptop bags, etc.     
 
Procurement
 
Requests for new IT services or enhancements to existing services shall be submitted by an authorized Agency IT Services Contact to COT via the Commonwealth Service Desk (CSD).  Upon receipt of the request, the CSD will engage the appropriate COT team of subject matter experts for review.  During the review process, COT reserves the right to request additional information, and/or suggest alternatives to the proposed procurement.  In cases where COT offers a rated service that reasonably meets the agency’s requirements, this will be the favored solution.  If COT determines that procurement of additional IT assets is necessary in order to deliver the desired outcome under a rated service, COT will negotiate and carry out those purchases.
 
Agencies requesting products or services outside the parameters of the Kentucky Information Technology Standards (KITS) must, regardless of cost, submit a Request for Exception/Addition/Modification outlining the business case supporting the purchase.  This process is described in detail at http://technology.ky.gov/Governance/Pages/ExceptionstoArch.aspx. 
 
For purchases that provide an agency-specific function, or that are outside the scope of COT rated services, COT may elect to delegate one-time procurement authority to the requesting agency.  Alternatively, COT may procure IT assets that are not included in a rated service and are specific to a particular agency, but only in cases where the contract enabling the purchase applies exclusively to COT.  Expenditures associated with procurement of these assets will be passed through to the agency.  Requests for IT assets with a cost of $1,000 or greater must go through the Strategic Procurement Request (SPR1) review process prior to purchase.
 
Ownership and Tracking
 
IT assets that have been purchased by COT and provisioned by a COT rated service will be owned by the Finance & Administration Cabinet and tracked as inventory by COT.  In addition, COT will track as inventory any asset procured by the Agency prior to subscribing to the associated COT service.  Examples include, but are not limited to telephone systems and computers purchased for a specific use case.
 
IT assets that have been purchased by COT for an agency-specific function and are not provisioned by a COT rated service will be owned and tracked as inventory by the agency that initiated the purchase. 
 
IT assets procured by an agency under delegated, one-time procurement authority from COT will be owned and tracked by the agency that initiated the purchase.

 

This page was last modified 4/14/2017 8:19 AM
 

Return to CIO Policies Home Page.

 

 

 

 

 

  

References: