Title VI, Section 405 – Request for Review of All Information Technology Related Purchases: Software Applications and/or Services
This procedure describes the method by which County departments are required to submit all information technology related purchases of software applications and/or services (except those purchases exempted below) to the Information Services Department for review and prior to the submittal of requisitions (for purchase orders) and prior to the commencement of Invitation for Bids (IFB), Request for Quotations (RFQ), Request for Proposals (RFP), and/or contract negotiation processes.
A. PURPOSE OF REVIEW
The Information Services Department is required to review and make recommendations regarding all information technology related purchases of software applications and/or services. The purpose of this review is to determine if a “Security and Disclosure Certification and Agreement” (SDCA) must be included as a required attachment to applicable purchase orders or contracts.
The purpose of the SDCA is to protect the County’s information and systems from unauthorized access, use or disclosure, and to ensure compliance with State and Federal laws and regulations regarding the protection of certain information. The SDCA will be required for all County issued purchase orders or contracts involving work on the County’s networks, systems or application, whether in conceptual, pilot or operational form.
B. EXEMPTIONS
1. Section 410 purchases (including leases and lease purchases) are exempt:
a. Personal computers (PC’s), PC hardware, and/or component parts
b. PC software, including all desktop publishing software
c. Printers, fax machines, scanners, and copiers.
2. Section 413 purchases (including leases and lease purchases) are exempt:
a. Personal computers and component parts purchased through Personal Computer Replacement (PCR) Program.
C. PROCEDURE
Prior to the submittal of requisitions (for purchase orders) or prior to the commencement of Invitation for Bids (IFB), Request for Quotations (RFQ), Request for Proposals (RFP), and/or contract negotiation processes, County departments will submit all information technology related purchases of software applications and/or services (except as exempted above) to the Information Services Department for review, by completing and submitting an ISD405 form.
Information requested on ISD405 will include, but is not limited to, the state of work (i.e., the software applications and/or services to be purchased), whether vendor access to the County’s computer network, data, or applications is required (and if so, provide a description), and if Information Services Department support is needed. A copy of the purchase specifications must be attached to the ISD405 form. Additional Information may also be requested of the department, or of the potential vendor(s), in order to complete this review. The department or organization director or their designee must sign the ISD405.
After the review has been completed, the ISD405 form will be returned to the requesting department with indication of approval and whether a Security and Disclosure Certification and Agreement is required.
- For purchase orders: After receiving the ISD405 form back from ISD, submit this form, plus completed SDCA (if required), as supporting documentation for the requisition.
- For contracts: Include a completed SDCA as an attachment to the contract, if required by the ISD405 review, prior to submission of the contract to County Counsel/Risk Management for their review.
D. TIME SCHEDULE FOR REQUESTS
Requests for review of information technology related purchases of software applications and/or services may be submitted at any time during the fiscal year. However, requests for review of purchases forecast for the coming fiscal year must be made between January 1 and March 30 of each year, and will receive priority for review over mid-year requests.
E. INFORMATION SERVICES DEPARTMENT CONTACT
Questions regarding the ISD405 form and/or the review process may be directed to the ISD Applications Division Manager at 454-2896.
G. SECURITY AND DISCLOSURE CERTIFICATION AND AGREEMENT [Click here]