IT Procurement Guidelines

N.D.C.C. § 54-59-11 requires state agencies and institutions, excluding higher education institutions, to participate in the IT Planning process established by NDIT, unless exempted by the Chief Information Officer. NDIT uses these plans to develop a statewide information technology plan, as required by law, with emphasis on agency strategic goals, business objectives, and alignment to statewide technology initiatives.  

See IT Planning for more information or contact the NDIT Project Management Office. 

If you have a IT business need or are planning an IT procurement, submit a North Dakota Information Technology (NDIT) Self-Service Portal Initiative Intake Request and a NDIT Customer Success Manager (CSM) will contact you. NDIT will help you determine if your business needs can be met by an existing IT source or new IT procurement. 

Before starting an IT procurement, the following activities may need to be performed depending on the cost and complexity of the procurement: 

• Market research 

• Business Process Modeling (BPM)  

• Business analysis to create outcome-focused requirements  

See Initiative Intake for more information or contact the NDIT Project Management Office. 

N.D.C.C. § 54-59-11.1 requires that state agencies, excluding higher education institution, considering the development of an IT project with an estimated cost of $100,000 or more shall involve NDIT in the planning and study of the project.  A state agency must receive a recommendation from NDIT prior to proceeding with any study related to the project. 

Submit an Initiative Intake to NDIT when the business needed is identified to involve NDIT in the early stages of planning the project.  

See Initiative Intake for more information or contact the NDIT Project Management Office. 

Using an existing IT source saves time and money and some are mandatory. The procurement and contract negotiation have been completed and volume pricing may be available. 

An NDIT IT Review is still required prior to the purchase using an existing IT source. 

NDIT Services:  Agencies can obtain IT services from NDIT. An agency can also solicit bids or proposals from NDIT during a competitive solicitation.  

State Contracts:  Agencies can obtain hardware and software from State Contracts. The contract summary describes what is offered, any special procedures, and the contact person.  

Mandatory IT Sources: 

• Application and Hosting Services:  Agencies, unless exempted, must obtain application and hosting services through NDIT per NDCC § 54-59-22.  

• Desktop Support Services:  Specific agencies must obtain centralized desktop support services from NDIT per NDCC § 54-59-22.1. NDIT’s service provides a holistic approach to managing all of the personal computing devices within an organization, including laptops, desktops, tablets, and mobile phones. 

• Telecommunication and Network Equipment and Services:  All telecommunication and network equipment and services must be purchased through NDIT’s communication services, including telephones and telephone systems (other than cellular phones), automated attendant systems, call sequencers, lines, circuits, all data and video communication equipment and services, routers, switches, and data circuits per NDCC § 54-59-05.  

If your IT business need cannot be met by an existing NDIT service or state contract, you can initiate a new purchase following IT procurement procedures.  

NDIT is responsible for reviewing and approving all IT procurements by state agencies per NDCC § 54-59-05 (5). To fulfill this obligation, agencies must initiate an IT Review for all new IT procurements. If the purchase is not in conformance or compliance, NDIT may disapprove the purchase, ask for changes to be made, or require justification for the departure from standards. Involve NDIT early to streamline your IT purchases. 

The NDIT IT Review may consist of the following: 

• Cataloging the IT Solution 

• Evaluating and tracking compliance with the IT Standards​ 

• Assessing consistency with enterprise architecture 

• Verifying if Third-Party Risk Management (TPRM) applies 

• Confirming adherence to IT procurement best practices 

Any IT acquisition/purchase - Initiate NDIT IT Review 

IT purchases that occur within the context of IT Projects may trigger additional requirements that the agency must follow per the Project Management for Information Technology Standard. 

The Procurement Officer and Project Manager will coordinate the project. The Procurement Officer is responsible for the procurement process, and the Project Manager is responsible for complying with NDIT project management standards.  Project Management requirements make IT procurement very different from other types of purchases.  

See for more information about Project Management. 

Pursuant to N.D.C.C. § 54-59-01 and N.D.C.C. §  54-35-15.2, "Major information technology project" means a project that meets one or more of the following criteria, as determined by the chief information officer:  

• An estimated total cost, as defined by the department, of five million dollars or more;  

• Requires one year or longer to reach operational status; or  

• Requires oversight due to its potential benefits, risks, public impact, visibility, or other significant reason. 

N.D.C.C. § 54-35-15.2 further requires NDIT to make reports to the Legislative IT Committee regarding the status of major IT projects.  

1. N.D.C.C. § 54-59-32. State agencies, excluding higher education institutions, proposing to conduct a major information technology project, the department, and the office of management and budget, in consultation with the attorney general, shall collaborate on the procurement, contract negotiation, and contract administration of the project.

   The agency, the department, and the office of management and budget, in consultation with the attorney general, shall approve the solicitation, contract, or agreement, and any amendments relating to the project before submission to the oversight committee as provided in subsection 3.  

2. The procurement officer and primary project manager for a major information technology project must meet the qualifications established by the department and the office of management and budget.

   The Procurement Officer will be an Office of Management and Budget State Procurement Officer unless the State Procurement Office delegates special purchase authority to the state agency or institution.  The delegation decision will be based upon the procurement experience of the state agency employee proposed to be the Major IT Procurement Officer.  The agency procurement officer must have demonstrated experience with multiple complex Request for Proposals and work in coordination with an assigned State Procurement Officer.

   The Project Manager must comply with NDIT standards and requirements for Major IT Project Managers. 

3. An oversight committee must be appointed to oversee a major information technology project. The chief information officer shall appoint a chairman of the committee. The oversight committee may include the director of the office of management and budget or a designee of the director, the chief information officer or a designee of the officer, the head of the agency contracting for the project or a designee, the project sponsor, and a large project oversight analyst designated by the chief information officer. The oversight committee shall monitor the overall status of the project and make recommendations to the head of the agency contracting for the project or a designee, and the project sponsor, regarding project decisions, negotiation and execution of contracts, approval of project budgets, implementation of project schedules, assessment of project quality, and consideration of scope changes.   

4. An agreement or contract, including an amendment, revision, or scope change, for a major information technology project may not be entered unless signed by the head of the contracting agency or a designee and the chief information officer or a designee of the officer. 

See Major IT and ESC Law Change more information or contact the NDIT Project Management Office. 

When contracting for IT solutions that are expected to be used for an extended period, it is appropriate to include a renegotiation option in the solicitation and contract. The Office of the Attorney General contract drafting manual provides guidance on the appropriate use of this clause and recommended language. 

Begin the renegotiation process well in advance of the contract expiration to avoid a contract lapse. Typically, the renegotiation option is used to amend IT contracts to add additional term, renewals, extensions, and update cost for the new term (to align with what is allowed in the contract such as the Consumer Price Index (CPI), max percentage, etc.). In rare situations, an IT contract is “renegotiated” by entering into a brand-new contract. If the IT contract is for a major IT project and there is a need to enter into a new contract using the renegotiation option, consult NDIT and the State Procurement Office to determine whether the requirements of N.D.C.C. § 54-59-32 apply to the contract renegotiation and signature requirements.   

IT Review through NDIT, which includes Third-Party Risk Management (TPRM), is required when renegotiating an IT contract. 

Your agency does not need to submit an alternate procurement to the State Procurement Office if you are renegotiating the IT contract for a new contract period or updated cost. Be sure to use the most current contract provisions as found in the contract drafting review manual and current contract templates. 

Your agency does need to submit an alternate procurement to State Procurement Office for a “contract amendment exception” if your agency is making changes to the scope of work.  Examples include adding a new module or upgrading to a different version at an additional cost. 

N.D.C.C. § 32-12.2-15 creates authority to make a purchase when the contractual terms are inconsistent with law, if the agency, in consultation with the attorney general's office and the office of management and budget, determines the purchase poses no reasonable risk that an improper contractual obligation will be imposed against the agency or of loss that cannot be limited under this section given the nature of the product's intended use, including data and system security. This law establishes a purchase limit of product $20,000 or less that can be can be considered routine or standardized products.  

Examples include IT products that cost less than $20,000 containing terms in shrink wrap documents, third-party end user license, or click-through agreements that are not consistent with limitation of liability laws.  

A state agency or institution contemplating a purchase must have the terms and conditions reviewed by its legal counsel and consult the Office of Management and Budget Risk Management. The purchase can be made if Risk Management determines the purchase poses no reasonable risk of loss that cannot be limited under this section given the nature of the product's intended use, including data and system security. 

This law allows state agencies and institutions to properly negotiate appropriate terms consistent with state law while recognizing there may be third-party systems that are used in the product the agency is purchasing that contains click-through or shrink wrap terms that are contrary to the law. Also, this legislation will allow for the purchase of routine commercially available products from third-party sellers where there is no need for, or even option to have, an independently negotiated contract addressing the limitation of liability provisions.  

For questions related to the click-through agreement legislation, contact Tag Anderson, OMB Risk Management.