There are three types of IT procurement exceptions that state agencies can submit:
Procurement exception (Form A) - required when a state agency:
- Determines there is limited or no competition
- Wants to enter a contract beyond 3 years or
- Wants to use a cooperative agreement or other agency contract
Standards exception (Form B) - required when a state’s:
- Infrastructure will not be used or
- Identify and Access Management Solution (NCID) will not be used
Standards exception (Form C) - required for situations where the state agency will be:
- Deviating from the Statewide Information Security Manual
Exception requests for active IT procurements are submitted in the NC eProcurement Sourcing Tool during steps 4 and 7:
Step 4 - Review and Approve Sourcing Event (Use Form A)
Step 7 - Conduct NCDIT Review (Use Forms B and C)
Procurement Exception Request (Form A)
State agencies that want to request a procurement exception must complete Form A and submit it to NCDIT for approval through the NC eProcurement Sourcing Tool.
Key Information to Know
- Whether it is an IT project
- Contact information for the agency procurement stakeholder and business owner
- If the contract is a renewal or if it expired
- The procurement exception category:
- Contract beyond three years – Explain why the contract term must be longer than three years and what benefits the state would receive or gain.
- Brand-specific or sole source waiver of competition - Explain why the product or service is the only one able to meet the requirements of the user and must conclusively support the determination that no other product or service can fulfill the user’s needs.
- Cooperative agreement/use of another agency contract - Explain why you want to use this contract and provide documentation that the state contract holder and the contract vendor both agree to let you use this contract.
Standards Exception Request (Form B)
State agencies that want to request a Standards Exception should complete Form B.
Agencies seeking an exception must demonstrate justification in one of the following areas:
- Using an outside contractor would be more cost-effective for the state.
- The department does not have the technical capabilities required to host the application.
- Valid security requirements preclude the use of the state infrastructure, and a vendor can provide a more secure environment.
Key Information to Know
- Whether it is an IT project
- If the exception category is related to hosting or something else.
If the standards request is related to an active IT procurement in the sourcing tool, or an active contract amendment or renewal in the contracts tool:
- Submit the form through either the NC eProcurement Sourcing Tool for active IT solicitations or NC eProcurement Contracts Tool for active IT contract amendments or renewals.
- The sourcing and contracts tools will first route the Standards Exception Request Form to the state agency’s IT security liaison for approval.
- Once the IT security liaison approves the request, the form will automatically route to NCDIT.
If the standards request is not related to an active IT procurement in the sourcing tool or an active contract amendment or renewal in the contracts tool, submit the form one of two ways:
Use the sourcing tool for an active IT procurement or the contracts tool for an active IT contract amendment. Download the latest Standards Request Form from the NCDIT Exceptions website. See Form B for more information and instructions.
Send the completed form and supporting documentation to dit.exceptions@nc.gov. NCDIT will enter the request into the sourcing tool on the state agency’s behalf.
Security Exception Request (Form C)
State agencies that want to request a security exception should complete Form C and submit it to NCDIT for approval.
If the security exception request is related to an:
- Active IT solicitation – use the NC eProcurement Sourcing Tool
- Active contract amendment or renewal – use the NC eProcurement Contracts Tool
What Happens Next?
The sourcing tool or contracts tool will first route the Security Exception Request Form to the state agency’s IT security liaison for approval.
Once the IT security liaison approves the request, the form will automatically route to NCDIT.
If the security exception request is not related to an active IT procurement in the sourcing tool or an active contract amendment or renewal in the contracts tool, submit the form one of two ways:
- Use the sourcing tool for an active IT procurement or the contracts tool for an active IT contract amendment. Download the latest Standards Request Form from the NCDIT Exceptions website. See Form C for more information and instructions.
- Send the completed Security Exception Request Form and supporting documentation to dit.exceptions@nc.gov. NCDIT will enter the request into the sourcing tool on the state agency’s behalf.
Additional Resources
N.C. Department of Information Technology Exceptions Request Process