Vendor Engagement Resources

Column Paragraph

Doing Business with Statewide IT Procurement

The N.C. Department of Information Technology’s Statewide IT Procurement Office works with many different vendors across the state to deliver technology goods and services for state agencies, local governments and community colleges.

As a first step to conducting business with the state, vendors should sign up on the North Carolina electronic vendor portal, which allows them to:

•    Participate in the electronic procurement process
•    Participate in the state’s Historically Underutilized Business Program 
•    Participate in the North Carolina Small Business Enterprise Program
•    Receive information on upcoming bids

In the portal, vendors can register for all applicable commodities, goods and services. Registered vendors also receive vital information about bid opportunities that match their interests. In most cases, vendors also submit proposals using the portal.

Help tools and a customer service team ( are available to help vendors navigate through the process.

Tab/Accordion Items

Required Architecture Diagrams

The following are templates for architectural diagrams required upon RFP submission:

For additional information on these diagrams, see the descriptions below.

Network Architecture Diagram

This diagram describes the means of communication, the method of sending and receiving information, between the assets in the Technology Architecture.  

The diagram will take logical connections between client and server components and identify network boundaries and network infrastructure required to physically implement those connections. It does not describe the information format or content but will address protocol and capacity issues.

Technology Stack Diagram

Technology stack, also called a solution stack, is a set of software components that compose a logically complete platform for running a service or supporting an application. It is the set of software that provides the infrastructure for a solution. The stacks differ based on the deployment location (e.g. client, server, mainframe). The technology stack diagram depicts the relationships and critical communication paths between the solution’s software components.


The goals listed below reflect the overall strategy of NCDIT to find better ways to leverage and share what is common across the state in terms of IT. Key elements of the vision include providing agile, world-class technology solutions, with an emphasis on digital services, delivering value through a disciplined approach to the management of technology across the enterprise of state government, increasing overall productivity of agencies and their employees, meeting the Governor’s directive to increase the use of shared data and analytics among agencies, and protecting government systems and citizen information from unauthorized access.

Updated Statewide Information Technology Goals

  1. Secure IT systems and infrastructure: Provide a resilient infrastructure that mitigates risk, supports business continuity, provides security and privacy of the State’s and citizens’ data, and supports secure collaboration and information sharing.
  2. Deepen trusted partnerships: Support and empower the business of state government by improving processes, enhancing cross-agency collaboration and cooperation, and establishing and managing IT standards.
  3. Improve the management and transparency of IT: Better utilize the state’s IT resources by increasing visibility into what the State has, what it costs, and how the State uses it.
  4. Modernize and centralize IT operations: Modernize and centralize technology operations to effectively support a 21st century government.
  5. Empower our citizens through technology: Provide transparent, easy-to-use, and customer-focused government and student services.
  6. Promote better decision-making through analytics: Leverage the state’s data to make more informed decisions, policies, and laws.

Strategic Resources


An enterprise approach optimizes IT security and risk management activities performed at the statewide level, allowing the state to gain economies of scale and helping to ensure security program consistency.

Security Resources


The Government Data Analytics Center is developing a comprehensive master data management tool to document the state’s data sources and definitions, as well as any quality issues associated with the data in terms of accuracy, currency, and completeness. Evaluating a data source at the enterprise level with varying business perspectives can point out these types of data quality concerns. Based on this knowledge, the GDAC can work with the data source agency to identify ways to improve and expand the capture of quality data to support more accurate analysis and decisions.


North Carolina constituents expect outstanding digital experiences when interacting with state government. NCDIT's objective is to provide content, resources and services seamlessly, across all devices and at any time. We prioritize user-centered digital services, focusing on accessibility, simplicity and consistency, while maintaining the utmost standards of security and reliability.

Digital Commons

NCDIT administers Digital Commons, a tailored content management platform built on the open-source Drupal framework (currently Drupal 10) and hosted on FedRAMP-compliant Amazon Web Services. Serving as the state's enterprise web content management system, Digital Commons sets the standard for delivering web and digital content.
The platform sustains more than 80 websites for various agencies, boards, and commissions, including the constituent portal.



NCDIT provides over 40 services to state agencies and other local government entities. NCDIT’s technical services range from networking to platform and hosting to productivity and collaboration. 

Key NCDIT Services


The State Chief Information Officer strives to simplify electronic transactions with North Carolina State Government. The SCIO is required to ensure this happens in a secure manner. This is accomplished through authentication of users and controlled access to applications and services.


To achieve this, the SCIO requires all inter-agency and external facing solutions/applications that create content use the State’s Identity and Access Management solution (“NCID”).

More information about the NCID service.

NCID is used to integrate with numerous systems to synergize the end-user experience by providing authentication/authorization to State applications and solutions.

All solutions requiring NCID authentication must externalize identity and access management and support one of the following protocols:

  • Security Assertion Markup Language (SAML v2)
  • OAuth/OIDC
  • Lightweight Directory Access Protocol
  • Web Services (SOAP/WSDL)

As existing solutions are upgraded or replaced, they will be required to support the above protocols.

A formal exception is required to use a solution other than NCID. The agency must provide just cause for the exception to be approved.

Find the exception form and additional information about exceptions.