Download the Enterprise Information Technology Acquisition Policy docx format of Enterprise Information Technology Acquisition Policy


Ent-Pol-Sec/Tech- 02

Issue 2

Issue Date: December 18, 2012


Executive Summary

This Enterprise Information Technology Acquisition Policy (Policy), jointly issued by the Executive Office of Technology Services and Security (EOTSS) and the Operational Services Division (OSD), provides requirements and evaluation guidelines for entities making “IT Acquisitions.” The Commonwealth has a responsibility to ensure that information technology solutions are procured through an open, fair, and competitive process and ultimately selected based on Best Value.   The purpose of this Policy is to ensure that all viable solutions, including those that may not be otherwise represented by IT vendors during the procurement process, are identified and evaluated by Applicable Entities as part of their Best Value selection.

Who this policy applies to

The following entities must adhere to this Policy (Applicable Entities):

  • Executive Department Agencies[1]; and
  • Non-Executive Department Entities when such entities are using Commonwealth Information Technology Capital Funds administered by EOTSS to acquire the Information Technology commodities and/or services.

Other Commonwealth entities are encouraged to adopt, at a minimum, policies and requirements in accordance with this Policy or more stringent policies that address the entity’s specific business-related directives, laws, and regulations.

Policy Statement

This Policy encompasses IT Acquisitions, including but not limited to those pertaining to new products and Major Upgrades.   In addition to following all procurement laws, rules, and requirements including but not limited to those under 801 CMR 21.00 and the Procurement Information Center, the following are additional requirements for all IT Acquisitions:

  • Applicable Entities must utilize available Enterprise and Secretariat solution, services or component offerings prior to pursuing the purchase of a new solution, service or component, if such solutions, services or components meet EOTSS' accessibility requirements.
  • Applicable Entities must solicit responses under existing statewide contracts if an appropriate statewide contract has been established.
  • Applicable Entities must ensure that all IT Acquisitions purchased through existing statewide contracts or independent competitive procurements are purchased in alignment with and support of all applicable enterprise goals and enterprise purchasing targets.  This includes but is not limited to compliance with Executive Orders such as 504 for Security and Confidentiality of Personal Information; 515 for Environmental Purchasing; and 532 for Enhanced Efficiency of IT Systems. 
  • If an Applicable Entity believes that an existing statewide contract does not meet its business requirements and, therefore, wants to solicit responses for information technology procurement through their own RFR, the Applicable Entity must first seek permission from OSD in accordance with OSD Policy Guidance 05-19 - Procurement and Contract Management Policy Changes. This applies only to the purchase of commodities and services for which a statewide contract exists. If the procurement value is equal to or greater than $200,000 and the procuring entity is within the Executive Department, OSD will only review and accept requests that are submitted by the Applicable Entity’s SCIO.
  • Applicable Entities must conduct the most competitive procurement that is reasonably possible by, at a minimum, doing the following:
    • Soliciting responses under all relevant statewide contracts in accordance with each statewide contract’s established rules or procedures (e.g. for a software procurement, soliciting responses under the reseller contract as well as any statewide contracts established with particular software publishers);
    • Posting solicitations or notices of intent which are brand agnostic when possible.
    • Brand specific solicitations or notices must follow the “Due Diligence Posting” requirements of OSD’s “ Exceptions to Competitive Procurements docx format of except
” policy and be one of the following:
      • Additional units of  assets already in use and under the control of the Applicable Entity and wherein the existing assets were acquired through a competitive procurement focused on the asset rather than the reseller (e.g. an agency seeks to buy additional software licenses for a brand of software that it procured two years ago using a brand agnostic solicitation open to all software publishers on statewide contract and all software publishers willing to sell through the state’s software resellers);
      • Additional assets where the Applicable Agency has, either as a result of a virtual vendor monopoly in the marketplace, a prior procurement conducted by the agency, or near 100% usage of a single proprietary technology in their agency, standardized on a particular configuration and brand of the asset (e.g. the procurement of additional desktop office applications)[1]; or
      • An asset identical to another entity’s asset where the Applicable Agency’s acquired asset must interoperate with the other entity’s asset (e.g. the Applicable Agency must acquire software licenses in order to use another entity’s existing system).


Evaluation Criteria

In making IT Acquisitions based on Best Value, Applicable Agencies must consider the procurement guidance in OSD’s Procurement Information Center (PIC).  In addition, Applicable Agencies must consider at a minimum, the IT-specific criteria below when evaluating vendor responses to solicitations for IT Acquisitions.  The weight of each factor should be determined by each procurement management team given that it will depend on the nature of the IT Acquisition.  Applicable Agencies may include additional Evaluation Criteria, such as experience and/or references, etc.

  • The return on investment and the total cost of ownership over the entire period the IT solution will be used (wherein total cost of ownership includes such costs as installation, configuration, customization, testing, implementation, data migration, licensing, maintenance, third party software and hardware  and services, etc.);
  • The extent to which the IT solution satisfies the identified business or functional requirements and the technical requirements, including but not necessarily limited to reliability, performance, scalability, security, maintenance requirements, legal risks, ease of configuration or customization, and ease of migration.
  • The extent to which the IT solution maximizes flexibility and reuse of the underlying technology.
  • How well the IT solution enables, where relevant, the consolidation of platforms, scalability, and economies of scale.
  • In instances where the IT Acquisition will be used by end users (e.g. a web based interface that will be exposed to the public), the ability of the IT solution to facilitate the use of and access to Information Technology Resources for all individuals, including those using various versions of standard operating systems, desktop suites, browsers, and  assistive technology.
  • Alignment with the published Enterprise Architecture policies, standards and guidelines, including Enterprise Technical Reference Models.

Roles and Responsibilities

The roles and responsibilities associated with implementation of and compliance with this Policy are as follows:

Assistant Secretary for Information Technology/Commonwealth’s Chief Information Officer

  • The chief information officer is responsible for review and approval of any planned information technology development project or purchase by any agency under the authority of the governor for which the total projected cost exceeds $200,000, including the cost of any related hardware, software or consulting fees, and regardless of fiscal year or source of funds before such agency may obligate funds for the project or purchase.
  • Coordination with the Assistant Secretary for Operational Services, approval and adoption of this Policy and its revisions.
  • Establishing Enterprise Information Technology Policies and Standards for all Executive Department Agencies.

The Executive Office of Technology Services and Security (EOTSS), (led by the Assistant Secretary for Information Technology/the Commonwealth’s Chief Information Officer)

  • Providing guidance and consultation to Applicable Entities regarding IT Acquisitions and solution alternatives.
  • Providing guidance and consultation for IT Accessibility related to IT Acquisitions through the EOTSS Assistive Technology Office.
  • In IT Acquisitions where the IT Accessibility Compliance Program applies, overseeing a mitigation planning process when procuring a solution including applicable commercial off the shelf (COTS), software as a service (SAAS) or application service provider (ASP) software that cannot meet all of the Enterprise Information Technology Accessibility Standards and Enterprise Web Accessibility Standards.
  • Before granting approvals for Capital Funded projects, reviewing agency IT Investment Briefs.
  • In coordination with Applicable Entities’ legal counsel, providing Applicable Entities advice and counseling regarding: (1) the required terms in solicitations and other contract documents and assistance in technology contract negotiation; and (2) IT procurements.

Assistant Secretary for Operational Services (also known as the Commonwealth’s Chief Procurement Officer and State Purchasing Agent)

  • In coordination with the Assistant Secretary for Information Technology, for the approval and adoption of this Enterprise Information Technology Acquisition Policy and its revisions.
  • Establishing the sourcing/procurement policies and procedures for all Executive Department Agencies.

Operational Services Division (OSD) (led by the Assistant Secretary for Operational Services)

  • In addition to providing specific operational services, administers the procurement process by establishing statewide contracts for goods and services that ensure Best Value, provide customer satisfaction and support the socioeconomic and environmental goals of the Commonwealth.

Secretariat Chief Procurement Officer (SCPO) and Agency Chief Procurement Officer (ACPO), who report directly to their respective Secretariat and Agency and, on a dotted line basis, to the Assistant Secretary for Operational Services

  • Responsible for adhering to all procurement laws, regulations (801 CMR 21.00), Executive Orders, policies and procedures, issued by the Operational Services Division and for adhering to this Enterprise Information Technology Acquisition Policy issued jointly by the Information Technology Division and the Operational Services Division.

Secretariat Chief Information Officers (SCIO) and Agency Heads

  • Responsible for exercising due diligence in adhering to the requirements contained in this Policy.
  • Provide communication, training and enforcement of this Policy that support the enterprise, architecture, Accessibility, security and procurement goals of the Secretariat, its agencies and the Commonwealth.

Applicable Entities

  • Ensure compliance with this Policy for all prospective IT Acquisitions, including adherence to this Policy by all personnel conducting or participating in procurements on behalf of the Applicable Agency where such personnel includes but is not necessarily limited to employees, contractors, volunteers, and interns.
  • Identify potential candidate code owned by the Commonwealth for sharing among public entities.

Related Documents



Key terms used in this policy have been provided below for your convenience.  For a full list of terms please refer to the Information Technology Division’s web site where a full glossary of Commonwealth Specific Terms is maintained.

Accessibility:  The access to and use of information and data, maintained on information technology resources, by individuals with disabilities that are comparable to the access and use of the same information and data by individuals without disabilities.

Applicable Entities: Those entities identified under Section II of this Policy.

Best Value Procurement: See definition of “Best Value” in 801 CMR 21.02.  Best Value Procurement is further defined as: Obtaining goods or services at the best possible total cost of ownership, in the right quality and quantity, at the right time, in the right place and from the right source for the direct benefit of government, generally via a contract.  Procurement can refer to sourcing, buying, outsourcing, etc. of any resources.

Best Value:  The Commonwealth’s procurement principles state that it is in the best interest of the Commonwealth for solicitation Evaluation Criteria to measure factors beyond cost.  For IT Acquisitions, a best value evaluation should, at a minimum, consider total cost of ownership over the entire period the IT solution is required, identified business requirements, reliability, performance, scalability, security, maintenance requirements, legal risks, ease of customization, and ease of migration.

Capital Funded: A funding source for IT Acquisitions derived from the Legislature’s passage of a bill that enables the issuance of bonds for the funding of IT Acquisitions. Thus, the IT Acquisition is prioritized, authorized, planned and funded through the Commonwealth’s capital budget, which is separate and distinct from the annual operating budget. EOTSS' Capital Project Management Office (PMO) provides oversight for the identification and funding of Capital Funded projects.

Evaluation Criteria:  The manner in which a response is evaluated against the stated goals and requirements of procurement.  Examples are identified under Section IV of this Policy.

IT Acquisition:  Acquisitions that include but are not limited to: information technology and telecommunications-related commodities and/or services, such as hardware and software, software as a service or cloud commodities and/or services; software license and hardware maintenance, including renewals; and related installation, integration or other consulting services.

Proprietary Software:  Software typically subject to a use fee under a license that limits access to and modification of the underlying source code, and restricts redistribution to others.

Open Source Software:  Refers to software whose underlying source code is available for inspection and modification by the licensee, may be available for re-distribution, and may be deployed without a license fee.

Public Sector Code Sharing:  Software source code that is owned by a public entity and is made available to other public entities for use and modification without royalties.

Major Upgrade:  Determining whether the system upgrade is a major upgrade versus a minor enhancement is a judgment call that should be made by the project manager, business sponsor, and CIO. The team should analyze such factors as: the expected cost of the project; whether the upgrade will include a complete re-design or re-write of existing code; whether the upgrade will incorporate substantial new features and functionality; the expected person hours required to complete the upgrade; and the expected project duration (e.g. a two week project versus a nine month project). A major upgrade would tend to require a significant financial investment; include new code components or require a major re-write of existing code; require significant person hours for completion; and typically be completed over the course of many months rather than days or weeks. A minor upgrade would tend to address bug fixes, minor enhancements to the functionality, and could include code optimizations. However, such an upgrade would typically not include major code re-write or functionality revisions to the system.



Applicable agencies must, with respect to all procurements funded through capital funding:

  1. Use Requests for Quotes (RFQs) for acquisitions from Statewide Contracts. Agencies seeking procurements under any information technology or telecommunications statewide contract administered by either OSD or EOTSS must:
    • Post an RFQ on COMMBUYS for all procurements whose estimated value is $50,000 or more.
    • Issue an RFQ via email for all procurements whose estimated value is less than $50,000.
  2. Post Winning Bids on COMMBUYS. Post on COMMBUYS all winning bids submitted in response to RFQs or Request for Responses (RFRs) previously posted on COMMBUYS.  
  3.  Include a Public Records Notice.  Include in all RFRs and all RFQs, in conspicuous type and location, the following statement:
  4. Include Clear Evaluation Criteria. Include in every RFR and RFQ a clear description of the agency’s evaluation or evaluation criteria. While agencies need not disclose their full evaluation criteria, they must give bidders at least a general understanding of their priorities in selecting a vendor. Attachment C hereto is an example of an acceptable description of evaluation criteria.




The responses to this Request for Response will be evaluated based on the criteria listed below. The following subsections are listed in the descending order of importance with the most important criteria listed first:

Ability to Meet Requirements

Points will be assigned reflecting the Bidder’s ability to meet business, functional, and technical requirements.

Overall Solution Cost

Points will be assigned with the lowest total price receiving the maximum points in this category.


Points will be assigned based on technical feasibility and technical design. Higher points will be assigned to responses that require the least amount of Commonwealth resources to design, install and maintain.

Implementation and Support Plan

Points will be assigned for timely implementation based on the Bidder’s capability for providing individual site completion within service intervals and acceptance criteria.

Customer Service Plan

Points will be assigned based on the Bidder’s proposed customer support including service issues.

Previous Experience/References

Points will be assigned for previous experience and references based on Bidder’s capability for providing a description of its local service organization, including financial viability; years of experience in providing services required in this RFR; qualified service personnel; and a list of installation sites where the proposed services, support, and products have been successfully installed.


Appendix C:  Document History


Effective Date

Next Review Date
12/18/12Document Published12/18/1212/18/13
12/21/15Accessibility remediation; changed Comm-PASS to COMMBUYS. (No policy changes.)2/22/161/17/17


[1] The Executive Department is comprised of the Executive Branch minus the Constitutional Offices, i.e., the State Auditor, State Treasurer, the Attorney General, the Secretary of the Commonwealth, and the Governor’s Office.

[2] Except where they are procuring office suite software, Applicable Entities relying on the standardization exception must seek permission of EOTSS' General Counsel via an email explaining the basis for standardization. 

[3] Procurement documents include solicitation documents such as Request for Responses (RFR) (for those IT Acquisitions for which such Applicable Entities have received permission from OSD to post their own RFR); Request for Quotes (RFQ), or Quick Quote, and the resulting statement of work, master services agreement, or purchase order, etc.
[4] The procurement requirements required for Capital Funded projects are attached hereto as Appendix B.