Approved Date – 02/22/2021
Published Date – 02/22/2021
Revised Date – 05/25/2021
To establish the policy for information technology (IT) procurement and IT project approval.
DC Official Code § 1-1401 et seq., provides the Office of the Chief Technology Officer (“OCTO”) with the authority to provide information technology (IT) services, write and enforce IT policies, and secure the network and IT systems for the District. This document can be found at: https://code.dccouncil.us/dc/council/code/sections/1-1402.html.
This policy applies to all District workforce members responsible for application identity and role definition on behalf of the District, and/or any District agency/District/entity who receive enterprise services from OCTO. In addition, this policy applies to any providers and third-party entities with access to District information, networks, and applications.
This policy applies to all IT procurements, projects, and related activities.
OCTO’s interest in reviewing all IT procurements by the Office of the Chief Financial Officer (OCFO) is in keeping with the Office of Chief Technology Officer Establishment Act (“OCTO Act”), effective March 26, 1999 (DC Law 12-175; DC Official Code §1-1401 et seq. (2001)), which gives OCTO broad authority to regulate “the acquisition, use, and management of information technology and telecommunications systems throughout the District government”. DC Official Code §1-1403(1) (2005 Supp.). Concerning procurement of IT systems, OCTO is authorized by its Act to review all IT procurements and “recommend approval or disapproval to the Chief Procurement Officer.” DC Official Code §1-1403(2) (2005 Supp.).
4.1. IT Procurement
This policy applies to all IT procurements including the following:
- Software, hardware, services, and data acquisitions.
- Configuration and deployment of hardware, software, and data.
- Infrastructure development and deployment.
- Operations and maintenance services for hardware, software, and data.
- Consulting and analytic services performed to define and prepare for IT projects.
- Projects encompassing some or all of the above.
Types of technology in the IT category include telecommunications, geospatial, and other imaging products, as well as video and audio that are integrated or intended to integrate with applications or be broadcast as a networked service.
4.2. IT Projects
All IT projects within the Scope of Authority defined above must be approved by the District of Columbia CTO before money can be spent. The requesting agency is responsible for preparing and presenting to the CTO a request for approval and required documents, and for ensuring that related requisitions are submitted per the approval requirement. OCTO is responsible for defining the approval procedure, setting the approval standards, coordinating the approval process, and responding to Agency requests and inquiries related to approval actions and related requisitions. The Contracting Officer (OCP) is responsible for ensuring that requisitions be approved and Purchase Orders and contracts issued only after the required CTO approval is obtained.
4.2.1. Roles and Responsibilities
The roles and responsibilities include:
- All District Government IT Project Managers must adhere to this policy.
- Each agency is responsible for its employees' and contractors' compliance with this policy and is expected to familiarize each user with this policy.
- The interpretation and implementation of this policy have been assigned to the Chief Technology Officer (OCTO) Program Management Office (PMO), which will publish further procedures and guidelines as required.
- The OCTO Architecture Review Board (ARB) shall review proposed IT projects for compliance with established Enterprise Architecture standards to maximize opportunities for migration from the current architecture to the desired future architecture.
- The OCTO Change Control Board shall review changes to IT production systems on OCTO-managed hardware.
OCTO managers shall review proposed IT projects for conformity with enterprise product standards and IT strategies, as determined by the OCTO PMO upon review of the Agency request.
Exceptions to this policy shall be requested in writing to the Agency’s CIO and the request will be escalated to the OCTO Chief Information Security Officer (“CISO”) for approval.
The definition of the terms used in this document can be found in the Policy Definitions website.