|
Booklet:
Development
and Acquisition Section: Acquisition Subsection: Acquisition Standards |
|||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||
Management
should establish acquisition standards that address the same security
and reliability issues as development standards. However, acquisition
standards should focus on ensuring security, reliability, and functionality
are already built into a product. Acquisition standards should also ensure
managers complete appropriate vendor, contract, and licensing reviews
and acquire products compatible with existing systems.
Key tools in managing acquisition projects include invitations-to-tender
and request-for-proposals. Invitations-to-tender involve soliciting bids
from vendors when acquiring hardware or integrated systems of hardware
and software. Request-for-proposals involve soliciting bids when acquiring
off-the-shelf or third-party developed software. However, the terms are
sometimes used interchangeably.
Management should establish acquisition standards to ensure functional,
security, and operational requirements are accurately identified and clearly
detailed in request-for-proposals and invitations-to-tender. The standards
should also require managers to compare bids against a project’s
defined requirements and against each other; to review potential vendors’
financial stability and commitment to service; and to obtain legal counsel
reviews of contracts before management signs them.
Note: The risks associated with using general business
purpose, off-the-shelf software, such as a word processing application,
are typically lower than those associated with using financial applications.
Therefore, the acquisition of general business purpose, off-the-shelf
software typically requires less stringent evaluation procedures than
acquiring hardware or software specifically designed for financial purposes.
However, the level of evaluation will depend on how risky the application
is and how critical it is to the institution.