Welcome » IT Booklets » Development and Acquisition » Acquisition » Acquisition Standards
Management should establish acquisition standards that address
the same security and reliability issues as development standards.
However, acquisition standards should focus on ensuring security,
reliability, and functionality are already built into a product.
Acquisition standards should also ensure managers complete
appropriate vendor, contract, and licensing reviews and acquire
products compatible with existing systems.
Key tools in managing acquisition projects include
invitations-to-tender and request-for-proposals.
Invitations-to-tender involve soliciting bids from vendors when
acquiring hardware or integrated systems of hardware and software.
Request-for-proposals involve soliciting bids when acquiring
off-the-shelf or third-party developed software. However, the terms
are sometimes used interchangeably.
Management should establish acquisition standards to ensure
functional, security, and operational requirements are accurately
identified and clearly detailed in request-for-proposals and
invitations-to-tender. The standards should also require managers
to compare bids against a project's defined requirements and
against each other; to review potential vendors' financial
stability and commitment to service; and to obtain legal counsel
reviews of contracts before management signs them.
Note: The risks associated with using general
business purpose, off-the-shelf software, such as a word processing
application, are typically lower than those associated with using
financial applications. Therefore, the acquisition of general
business purpose, off-the-shelf software typically requires less
stringent evaluation procedures than acquiring hardware or software
specifically designed for financial purposes. However, the level of
evaluation will depend on how risky the application is and how
critical it is to the institution.