Statutes, codes, and regulations
Iowa Administrative Code
Agency 129 - CHIEF INFORMATION OFFICER, OFFICE OF THETitle I - GENERAL OFFICE PROCEDURES
Chapter 10 - PROCUREMENT OF INFORMATION TECHNOLOGY
Rule 129-10.8 - Consultation

Iowa Admin. Code r. 129-10.8

Download
PDF
Current through Register Vol. 47, No. 8, October 30, 2024
Rule 129-10.8 - Consultation
(1)When required for nonparticipating agencies. The office of the governor and the offices of elective constitutional or statutory officers are not required to obtain prior approval from the office before acquiring information technology pursuant to rule 129-10.7 (8B). However, pursuant to Iowa Code section 8B.23(2), the office of the governor and the offices of elective constitutional or statutory officers must consult with the office prior to procuring information technology, consider the information technology standards adopted by the office, and provide a written report to the office relating to decisions regarding such acquisitions upon request by the office.
(2)Encouraged for non-information technology acquisitions. Even where an information technology acquisition is not appropriately deemed an information technology acquisition, the office may provide advice to or consult with any governmental entity regarding the acquisition of goods, services, or an outsourcing of state functions when the acquisition includes a substantial information-technology component, includes a substantial information-security component, or would grant a third party access to the state's sensitive or confidential information. Such consultation is generally encouraged to ensure, by way of example only:
a. Appropriate contractual protections or compensating controls are incorporated or implemented to safeguard sensitive or confidential data or information.
b. The chosen vendor is able to comply with any applicable state or federal regulatory requirements governing data security, confidentiality, integrity, or otherwise.
c. The vendor's information-technology systems comply with applicable information technology governance requirements.
d. The vendor's information-technology systems are adequately designed or architected in a manner that will adequately safeguard the state's sensitive or confidential information.
e. The vendor's information-technology systems will be capable of adequately and securely connecting to or interfacing with state information-technology systems, to the extent necessary.
(3)Master information technology agreements and invitations to qualify. In accordance with and as further set forth in paragraphs 10.4(2)"c" and 10.5(8)"b," all governmental entities must notify the office of their intent to utilize master information technology agreements or to acquire information technology from a vendor prequalified by the office in accordance with the office's prequalification and subsequent solicitation processes and to consult with the office about any such proposed acquisition.

Iowa Admin. Code r. 129-10.8

Adopted by IAB December 18, 2019/Volume XLII, Number 13, effective 1/22/2020