BIT Technology Review Process 101

For most of us, negotiating contracts and reading legal language rank at about the same level as hitting our thumb with a hammer--twice.  Luckily for you and your agency, you do not have to because BIT has staff to do that for you. Your agency Point of Contact (or POC) can help with appropriate technical contract language.   

When beginning the technology review process for the first time, you may get the sense that it is complicated. It can be, but that is because the information and technology industry is complicated and changes rapidly. Signing a contract or making a significant purchase without the support of BIT may seem like a good idea at purchase time because the process may move faster with just you and a smiling salesperson in the room. However, unless you have a solid understanding of current technology trends, what may seem like a harmless contract agreement can result in expensive surprises for you, your business and ultimately the citizens of this state. 

The most important thing you can do to make the process as painless as possible is to engage your BIT POC before you publish a Request for Proposal (RFP), ask for bids, or in any other way ask for a price quote from a vendor. When you show a vendor the applicable terms that apply at the same time you ask for costing, more often than not they will accept the terms up-front to get your business. In those few cases where they won’t accept the terms, they will generally minimize their objections to just a few items. Contact your BIT POC to arrange a technician-to-technician discussion to work out the details on valid cost information and IT-related legal terms. 

Items BIT takes into consideration for you during the technology review process:

  • Disaster Recovery (DR)
  • Continuity of Operations (COOP)
  • High availability computing (HA)
  • Hypervisors (the cloud)
  • Physical hardware limitations (cores, processors, MSUs, sockets)
  • Network protocols
  • Security controls, risks, scans, threats and defenses
  • Patch cycles and processes
  • Licensing considerations
  • Audit requirements

Each section of the contract has clauses for specific purposes. The terms in the HIPAA section apply only to those terms recommended by the federal government in all contracts associated with HIPAA systems or data. The terms in the Hosting section apply when an outside vendor hosts your system rather than using the existing state infrastructure. The terms in the federal tax information section only apply to projects involving federal tax information.

You do not need to engage your BIT POC when:

  • Making a technology purchase off an existing state contract.
  • The system you are buying is for a single desktop license for a one-person application. In these cases, a moratorium request is processed.
Often vendors will resist clauses that hold them accountable or that grant you the ability to determine whether they are handling your data, and our citizens’ data, in a responsible manner. We have found nationally known vendors who, on close inspection, were putting their clients’ private data at risk due to poor security standards. We have also had vendors who, after several years, have come back to the state and attempted to levy fines and fees made possible due to weaknesses in contract language. 
The bottom line is that if a vendor resists the clauses contained in the technology template, it raises a red flag and must be investigated.  Red flags reveal significant business risks that you need to understand in order to make an informed buying decision. A vendor may have legitimate business reasons to object to any of the clauses or other contract language, and if that is the case, a meeting can be held with the vendor and your IT advocates at BIT to help determine that and weigh out other solutions. 

The BIT POCs are here to help you through the technology review process; whether it is documenting a Memorandum of Understanding (MOU), working together on a contract, drafting and finalizing a Request for Proposal (RFP) or reviewing a Purchase Order. Our staff can assist with the review of technology purchases to allow for fiscal responsibility in keeping costs as low as possible and helping to maintain a secure and reliable avenue for the State of South Dakota's technology needs.

Popular Posts