1

Information Technology Contracts

State Controller Policy

Effective Date: 08/26/2019

Approved by: Robert Jaros, CPA, MBA, JD, Colorado State Controller

Policy

This policy is a State Controller Contract, Grant, and Purchase Order Policy under the State Fiscal Rules. All Information Technology (IT) Contracts entered into by a State Agency or Institution of Higher Education (IHE) shall comply with this policy.

Definitions

  • IT Contract. A contract or agreement that involves IT or IT-related services.
  • Information Technology (IT). IT and computer-based equipment and related services designed for the storage, manipulation, and retrieval of data by electronic or mechanical means, or both. IT includes, without limitation, the following:
    • Any technology, equipment, or related services described in CRS §24-37.5-102(2); and
    • Other existing or emerging technology, equipment, or related services that may require knowledge and expertise in IT, in accordance with the policies of the Governor’s Office of Information Technology (OIT).
    • Major Information Technology Project. A project of State government that has a significant IT component including, without limitation, the replacement of an existing IT system (see CRS §24- 37.5-102(2.6)). “Significant” means the project has a specific level of business criticality and manifests either a security risk or an operational risk as determined by a comprehensive risk assessment performed by OIT.
    • OIT State Agency. Any of the departments, divisions, commissions, boards, bureaus, and institutions in the executive branch of the state government, except for the Department of Education, the Department of Law, the Department of State, the Department of the Treasury, or state-supported Institutions of Higher Education. “OIT State Agency” does not include the legislative branch or the judicial branches of State government. See CRS §24-37.5-102(4).

Pre-approval of IT Contracts

  • Pre-approval of all IT Contracts. Any IT Contract that requires the State Controller or a member of the CCU to sign the IT Contract under the State Controller Contract, Grant, and Purchase Order policy entitled “Review and Approval – Delegated Agencies” shall be pre- approved by the State Controller or a member of the CCU prior to being sent to the vendor for signature.
  • Pre-approval of IT Contracts involving OIT State Agencies. Any IT Contract from an OIT State Agency shall be pre-approved by OIT in accordance with OIT policies prior to being sent to the vendor for signature.

OIT Approval

IT Contracts require approval by OIT in accordance with OIT policies. Except as otherwise required by OIT policy, OIT approval of IT Contracts is required as follows:

  • Major Information Technology Projects. In accordance with CRS §24-30-202(2), all State Contracts for Major Information Technology Projects entered into by OIT State Agencies must be signed by the State’s Chief Information Officer (CIO), or an authorized delegate of the CIO, prior to approval by the State Controller, a member of the Central Contracts Unit (CCU) The State Controller, a member of the CCU, or any delegate of the State Controller shall not sign a State Contract for a Major Information Technology Project for an OIT State Agency prior to the signature of the CIO or an authorized delegate.
  • All Other IT Contracts with OIT State Agencies. All IT Contracts entered into by an OIT State Agency, other than State Contracts for Major Information Technology Projects, shall be reviewed and approved by OIT in accordance with OIT policies. OIT approval for these IT Contracts shall be evidenced by an authorized signature for OIT on the IT Contract or any other approval as determined by OIT policies.
  • IT Contracts with non-OIT State Agencies. State Agencies and IHEs that are not OIT State Agencies may request OIT approval on any IT Contract at the discretion of the State Agency or IHE. State Agencies and IHEs that are not OIT State Agencies must obtain OIT approval on IT Contracts if the IT Contract will require the contractor to modify or interface with any IT overseen by OIT.
  • Final Approval. An OIT State Agency shall obtain OIT’s approval as required in this section before sending the IT Contract to the State Controller or the State Controller’s delegate for approval. Final approval by the State Controller or the State Controller’s delegate is required for IT Contracts to be effective.

 State Controller Policies