Easy Peasy
How much delegated authority does DBHDS have for Cloud agreements?
How much delegated authority does DBHDS have for IT Procurements?
Zero -Zilch - Nada- None Dude!
Agency's have $250K delegated authority for IT Procurements.
What does PGR stand for?
Procurement Governance Request
What does ECOS stand for?
What Executive Order does it fall under?
Enterprise Cloud Oversight Service
EO19
Where are the most recent Cloud Terms and Conditions?
VITA Website
Just to ensure you have the correct version, please reach out to Liz.Chandler@vita.virginia.gov
Thing One - There is a process and we are now using VITA's Template, exclusively. True or False?
True
What does BUY IT Manual stand for?
When is it used?
How often is it updated?
Is it aligned to the APSPM or VPPA?
Buy Information Technology Manual
The manual is used for everything IT, just like the APSPM is used or non-IT procurements.
It is updated annually at the beginning of the fiscal year and changes are in accordance with Virginia legislative changes to the law.
The BUY IT manual is aligned to the VPPA
When is a PGR required?
All procurements over $250K
Which types or services can DBHDS conduct an ECOS for? SaaS, PaaS or IaaS
What are Agency's delegated authority for SaaS solutions?
SaaS
Agency's have $0 delegated authority.
Zero, zilch, nada, Nothing Dude! Do you get the picture?
To ensure that I am using the most recent version, who can I reach out to?
Reach out to Liz Candler at VITA for most recent templates.
Liz.Candler@vita.virginia.gov
Thing Two - List the components that make an IT Procurement High Risk?
1. Cost in excess of $10MM for the initial term, or
2. Cost is in excess of $5MM for the initial term and either the goods/services are being procured by two or more state public bodies; the anticipated term of the initial contract, excluding renewals, is greater than 5 years, or the state public body procuring the goods/services has NOT procured similar goods/services within the last 5 years.
What are 4 key elements to a success procurement?
Objective, Business Sponsorship, Scope, Project Team, Roles and Responsibilities, Planning, Market, Communications, Requirements and Process!
Tada!
Who/what department initiates the PGR Process
DBHDS IT Department
What do SaaS, IaaS and PaaS stand for?
SaaS = Software as a Service
IaaS = Infrastructure as a Service
PaaS = Platform as a Service
When should the minimum requirements document be included?
What do those requirements include and why?
This matrix should be used for all IT RFPs and contracts.
The matrix ensures that the Contract will include all VITA required terms and conditions, security policies and required standards and guidelines are met.
Thing Three - If it is a High Risk contract who must review the contract? How long does each have to review the contract? Would that be in tandem (simultaneously) or separate reviews?
Both VITA and your OAG must review the contract.
Each has 30 business days in which to read the contract.
Those reviews should be done simultaneously to save time.
Who are some key contacts at VITA to help you in creating a successful IT Procurement?
Doug Crenshaw - Just about anything; plus High Risk Training
Sonja Headley - Just about anything including Cloud questions
Debi Smith- Cloud / ECOS
Demetrias Rodgers - ECOS
Elizabeth Candler (Liz) - VITA Templates
When is the PGR process completed?
Once all departments have signed off on the procurement electronically.
When should an ECOS Assessment be given to a prospective vendor during an RFP? After Proposals are received, During negotiations, Send with the RFP or none of the above?
Send with the RFP
This is easy, what is the difference in a Cloud solution vs a non Cloud Solution
A cloud solution is a vendor hosted SaaS solution.
A non cloud solution is not a hosted by the vendor and for our proposes is not a SaaS solution.
Thing Four - What types of requirements should be gathered?
Who should gather these requirements?
Who should be on the evaluation panel?
Business, Functional and Technical Requirements should be gathered as part of your RFP.
The business owner/CA should gather these requirements from the SMEs.
At least one person from each SME area. Too many people in the pot, takes too long to review/score and complete the process. Also, trying to get on even more calendars to gather for team discussions can be rather daunting, to say the least!
What do SCM and VITA stand for?
SCM - Supply Chain Management
VITA - Virginia Information Technology Agency
What does the ECOS Assessment ensure guidance around?
Ensures contractual terms are adhered to, in order to mitigate risks later, it ensures the potential vendor meets both SEC 501 and SEC 525 requirements are met. (look it up :) ). Ensures vulnerability scans and intrusions detections are conducted. It ensures architectural standards are met. It monitors performance against SLAs.
Who submits the vendor completed ECOS Assessment?
If areas of the assessment or negotiated Cloud terms are not approved, does that stop the presses?
DBHDS IT Security submit the vendor completed ECOS Assessment through what they call Keystone Edge (KSE). Helps with tracking and oversight.
No, if an area of the ECOS Assessment or the negotiated Cloud terms is not approved by VITA, DBHDS can submit a Security exception request to VITA and take on the responsibility should the vendor not adhere to DBHDS requirements.
Who conducted the first IT RFP Procurement with Cloud terms using the VITA Template at DBHDS?
Scott, Gabriel, Denise, Dan or Connie
GABRIEL Washington and he did an Fantastic job! Thanks Gabriel for a job well done!!
Now you may need to buy some Just for Men hair dye after all you went through to get here, but you did it! And a stellar job, I might add!
Thing Five - Some IT solutions can be non-cloud, where we opt not to have them host anything, however, that is rare. We just don't have the bandwidth to host solutions ourselves.
What is a best practice when a short listed supplier submits a proposal for a Cloud hosted solution? What/Who should your first stop be?
VITA should be one of your first stops, along with DBHDS IT Security (a member of IT Security should be on your evaluation panel). You need to submit the completed ECOS Assessment, the final negotiated Cloud terms and any security exceptions to VITA before or during negotiations because any contractual requirements must be added to the Cloud terms.
VITA IS YOUR FRIEND!