Management should establish acquisition standards that address the same security and reliability issues as development standards. However, acquisition standards should focus on ensuring security, reliability, and functionality are already built into a product. Acquisition standards should also ensure managers complete appropriate vendor, contract, and licensing reviews and acquire products compatible with existing systems.
Key tools in managing acquisition projects include invitations-to-tender and request-for-proposals. Invitations-to-tender involve soliciting bids from vendors when acquiring hardware or integrated systems of hardware and software. Request-for-proposals involve soliciting bids when acquiring off-the-shelf or third-party developed software. However, the terms are sometimes used interchangeably.
Management should establish acquisition standards to ensure functional, security, and operational requirements are accurately identified and clearly detailed in request-for-proposals and invitations-to-tender. The standards should also require managers to compare bids against a project's defined requirements and against each other; to review potential vendors' financial stability and commitment to service; and to obtain legal counsel reviews of contracts before management signs them.
Note: The risks associated with using general business purpose, off-the-shelf software, such as a word processing application, are typically lower than those associated with using financial applications. Therefore, the acquisition of general business purpose, off-the-shelf software typically requires less stringent evaluation procedures than acquiring hardware or software specifically designed for financial purposes. However, the level of evaluation will depend on how risky the application is and how critical it is to the institution.
Acquisition Project Guidance