University of Washington Policy Directory

Print This Page
*Formerly part of the University Handbook
Administrative Policy Statement
2.3



Information Technology, Telecommunications and Networking Projects and Acquisitions Policy

(Approved by the Vice President for Finance and Facilities by authority of Administrative Order No. 9 and the Vice President for UW Information Technology and Chief Information Officer by authority of Executive Order No. 63)



1.  Purpose

Technology plays a vital role in programs and operations throughout the University of Washington. New technology—added on a continual, ongoing basis—can provide capabilities that are needed to fulfill missions and goals. Such investments can involve significant resources, and require public accountability in making cost-effective technology decisions. The purpose of this policy is to provide a framework to ensure appropriate decisions are made, documented, and approved in compliance with requirements of the state of Washington.

Accordingly, every University information technology (IT) acquisition and project must comply with:

  • All federal and state legal requirements;

  • The rules and policies of the state of Washington including the state's Chief Information Officer (State CIO), the University's Board of Regents, and any relevant funding agencies;

  • The provisions of this policy; and

  • The University of Washington Information Technology (UW-IT) Investment Procedures.

2.  Scope of Policy

This policy and all related procedures apply to every IT acquisition or project conducted within any unit or by any individual throughout the University including all campuses, colleges, schools, departments, centers, hospitals, clinics and/or other units administered by the University, and irrespective of the source of funding. The scope of this policy is to be construed broadly and includes any and all IT-related equipment, services, contracts, and content including, but not limited to:

  • Hardware including all computers, processing modules, memory, storage systems, network or communications equipment, displays, imaging devices, input and/or output devices, and other peripherals

  • Hardware maintenance contracts and services

  • Software, software services, software licenses or updates, and/or maintenance services

  • Data processing, data conversion, and/or data collection, or other associated services

  • IT applications and/or technology consulting services

  • Electronic content

  • Mobile and/or social applications

  • IT-related systems engineering, systems analysis, software engineering, network engineering, programming, project management, quality assurance, or other services and/or contracts

  • Business process engineering or improvement efforts, when they are related to the implementation of a new IT system

  • Networking, telecommunications and telephony equipment; software and/or services including either or both wireless and wired capabilities

  • Cloud-based services, or any service and functionality delivered across the Internet with underlying hardware, software, and/or infrastructure supported by an external service provider

  • Internal staffing and other internal resources related to any of the above.

3.  University IT Coordination and Stewardship

With its different sources of funding and wide range of IT needs, the University has a decentralized approach to making technology investment decisions. There are, however, overarching guidelines that need to be considered for the responsible planning and management of resources, regardless of the technology being acquired or implemented, or whether the technology is implemented centrally or by individual University units or departments. These considerations include, but are not limited to:

  • Value—Ensuring that the investment brings good "business value" to the University and supports its mission and strategic goals, whether directly or through an enabling, support function.

  • Use of Institutional Resources—Avoiding duplication, making efficient and effective use of technology investments.

  • Compatibility—Ensuring system and data integrity and the ability to interface and integrate with other IT systems when needed.

  • Accessibility—Helping ensure that technology-based tools and resources are accessible to and usable by all who use them.

  • Sustainability—Contributing toward the energy conservation and efficiency goals of the University.

  • Data Security—Promoting a culture and practice of information security and privacy.

  • Compliance—Ensuring compliance with applicable procurement rules and regulations, as well as applicable institutional, state, and federal regulations and practices.

The Vice President for UW Information Technology and Chief Information Officer (Vice President for UW-IT and CIO) has delegated authority in Executive Order No. 63 to provide leadership, guidance, and oversight for all aspects of IT investments. In addition, the University's IT governance boards have oversight responsibilities for IT investments.

4.  Definitions

Concept Plan—An early stage document outlining the general intent of the project.  It identifies the business problem or opportunity to be addressed with a technology solution, the benefits to be achieved, and includes a preliminary determination of the oversight level.

Investment Plan—A formal document for justifying and obtaining approval for the project being proposed. It describes the purpose of the investment, states the business justification including benefits, assesses risk and severity of impacts, describes the acquisition process, the timeline for implementation, and lists costs, including project cost and ongoing operations cost.

Investment Plan Amendment—A revision to the original investment plan, when there is a significant increase in the project cost, or expansion of scope or schedule, which occurs after the project has been approved (due to, for example, unforeseen additional expenses or an extended project duration). An increase is significant if the change escalates the project to a higher oversight level or might disqualify it from a small project exemption or other exemption.

Large Project—A project or acquisition that has an oversight level of 1; and has an project cost greater than a specific amount (initially $1 million) or has a system life cost over a specific amount (initially $2.5 million), or otherwise does not meet the definition of a small project.

Major Project—A project or acquisition that has an oversight level of 2 or 3, regardless of whether it is exempt or not from State CIO approval.

Ongoing Operations Cost—All the costs to operate and maintain the technology investment once it has been implemented. This includes expenses such as support staffing, license renewals, subsequent hardware and software purchases and services as needed to keep the system operational, lease and other recurring costs, such as cloud-based expenses, and applicable taxes. Also, University employee staff time, with fully-loaded dollar value, must be included in these costs.

It should be noted that if the project will involve a shift from an internal, "on-premise" IT system to a cloud-based system (whether Software as a Service, or Infrastructure as a Service), that the types of costs—both investment and operational—will differ in some significant ways. Additional information about the nature of those different types of costs can be found in the UW-IT Investment Procedures.

Oversight Level—An assessment of the risk and severity levels of the project, determined using State CIO assessment procedures (see Section 5 and the UW-IT Investment Procedures).

  • Level 1 projects within University's delegated authority may proceed without any state involvement, but are subject to approval and oversight by the Vice President for UW-IT and CIO (see Section 8.A).

  • Major projects (Levels 2 and 3) require prior State CIO approval, and are subject to additional reporting in accordance with state IT standards and policies.

Project Cost—The development and implementation costs required to make an IT resource/project fully operational. Project cost includes, but is not limited to: all purchases, lease or finance costs for hardware, software, networking and telecommunications equipment, and related services; installation, training, personal and purchased services; internal University resources; and all applicable taxes. University employee staff time, with its associated dollar value, including benefit load, must be included in these costs, irrespective of how that staff time is funded.

Project Plan—The project plan documents the baseline that will be used to measure and report project progress. It describes a management methodology that is appropriate to the scope, size, risk, cost, and duration of the specific project, and employs project management principles and methods that reflect leading IT practices.

Small Project—A project or acquisition that has an oversight level of 1, below a specific amount (initially $1 million) in project cost, has a system life cost below a certain amount (initially $2.5 million), requires no central resources or new central system integration interfaces, and has no impacts on other departments or services outside the unit undertaking the project or acquisition.

System Life Cost—The combination of project cost and ongoing operations cost, for a specific period of time (initially, five years) following project completion.

5.  State of Washington Approval and Oversight

Unlike the purchase of other goods and services, the University does not have statutory authority to acquire business and administrative IT equipment, software, services or contract items of any kind, regardless of the source of funds. The legislature, in Chapter 43.105 RCW, has delegated the authority for approval of all IT acquisitions to the state's Chief Information Officer (State CIO), subject to certain exemptions, with the ability to delegate such authority to agencies of state government. The State CIO has delegated to the University's Vice President for UW-IT and CIO the authority to approve certain IT projects in accordance with state IT policy and standards.

State of Washington approval and oversight for IT is based on two considerations that are different from the acquisition of other types of goods and services:

  • A determination of the level of risk (rated on effort, technical stability/familiarity, preparedness) and severity (assessing impact, visibility, consequences)—as defined by the State CIO guidelines and procedures—which together determine the required oversight level by the State CIO.

  • Consideration of the system life cost, which must identify all project costs, which include, for example, the external costs for acquisition of goods and services to implement the project, all internal implementation expenses such as employee staff costs, as well as the ongoing operations costs for five years.

In addition, financial or administrative system investments may require approval by the Washington State Office of Financial Management (OFM), which will be requested by the Vice President for UW-IT and CIO.

As part of planning for an IT project, it is necessary to identify all costs associated with the project, and to submit requests for approval.

Note: The office of the State CIO may from time to time make changes to the policies and requirements for IT project approvals. Any subsequent changes will be reflected as updates in the UW-IT Investment Procedures, and those updates will prevail over the requirements defined in this policy.

6.  Exemptions from State Approval and Oversight

An acquisition and/or project is only exempt from state approval and oversight when that exemption is explicitly determined and documented by the Vice President for UW-IT and CIO, as a project or acquisition meeting the state and University requirements for exemption (see Section 8.A). The exemptions include:

  A. Academic Exemption

An "Academic Exemption" is only available to technology acquisitions or projects that are primarily for conducting research, or other scholarly activities, or for instructional activities. However, proposed academic applications that are enterprise-wide in nature relative to the needs and interests of other state institutions of higher education must be disclosed by the Vice President for UW-IT and CIO to the State CIO.

    #1 Projects and acquisitions that qualify for the above criteria are exempt from the following sections of the policy: Section 5, State of Washington Approval and Oversight; Section 10.B, Quality Assurance; and except for Level 3, Section 10.C, Status Reporting. They must comply with all other provisions of the policy, except as noted in Items #2 and #3 below.

    #2 In addition, if the project or acquisition is Level 1, then it is also exempt from Section 9, Investment Plan.

    #3 Furthermore, if the project or acquisition is Level 1 and under $1 million in project cost and impacts only a single department, then it is also exempt from the following sections: Section 8.A, Vice President for UW-IT and CIO Approval of Investment Plan; and Section 10.A, Concept Plan and Project Plan.

    #4 Any such project or acquisition that is categorized as a major project (has an oversight Level 2 or 3), if longer than 12 months in duration, is subject to ongoing status reporting (see Section 10.C).

    Note: The following acquisitions and IT system projects are examples that do not qualify for an Academic Exemption: administrative, business, financial, billing, payroll, personnel, budget, student record, student billing, inventory, scheduling, document imaging or management, project management, facilities management, enterprise resource planning (ERP), purchasing, storehouse, web portal, contract and grant management, customer relationship management, point of sale.

Given the varied uses of technology at the University, any department head who believes an IT acquisition that has been unfairly denied for an Academic Exemption may write to the Vice President for UW-IT and CIO to request a review of the initial decision.

  B. Health Care-Related Exemption

A "medical, clinical, or health care application including business and administrative applications" is exempt from State CIO approval and reporting, but is subject to institutional reviews, approvals, and oversight. Any such project must be conducted in accordance with a memorandum of understanding (MOU) between the Vice President for UW-IT and CIO and UW Medicine, or for any University health care-related project that is outside the scope of the UW Medicine MOU, these will be treated as outlined for other projects, in terms of University approval and institutional oversight.

7.  Exemptions from University Approval and Oversight

An acquisition and/or project may be exempt from University approval and oversight (small project exemption) when that acquisition and/or project is under a certain cost (initially $1 million in total project cost, and under $2.5 million in system life cost), is a Level 1 project, and the impact is within a single department.

A small project exemption does require a determination of the oversight level and a determination of total system life cost, but does not require prior approval or oversight from the Vice President for UW-IT and CIO. However, the University department undertaking that acquisition or project must be able to demonstrate qualification for the oversight level and the system life cost to support the exemption upon request.

A project or acquisition does not qualify for this small project exemption if any of the following is true:

  • Requires use of central administrative systems or resources, including, but not limited to, new data interfaces or integrations

  • Impacts departments and/or services outside the unit which is undertaking the acquisition or project

  • Has a project cost over a specific amount (initially $1 million)

  • Has a system life cost over a specific amount (initially $2.5 million)

  • Has an oversight level of 2 or 3.

8.  University Executive Approvals and Institutional Oversight

While University leaders are responsible for key strategic technology issues, directions, policies, plans, and priorities within their areas of responsibility, all University IT projects and acquisitions that meet the criteria of this policy are subject to provisions of this policy, including the review and approvals stipulated below, before they proceed.

  A. Vice President for UW-IT and CIO Approval of Investment Plan

All University IT projects that meet the criteria of the State CIO oversight Level 1 and have a total project cost of more than a specific amount (initially $1 million) are subject to prior approval or concurrence of the Vice President for UW-IT and CIO.

All University IT major projects (those that meet the criteria of oversight Level 2 or 3) must have an investment plan in accordance with state requirements, regardless of the project cost or source of funds (see Section 5 above).

Each investment plan must be reviewed and approved first by the responsible dean or vice president, and, if approved, then also by the Vice President for UW-IT and CIO, who will forward any University-approved plans to the State CIO. In cases where the project cost is greater than University-delegated authority limits, approval by the Board of Regents will also be required prior to submission to the State CIO for approval.

  B. IT Governance Oversight

University IT governance boards provide oversight, advice, and recommendations on all major projects to the Vice President for UW-IT and CIO or to the President and Provost.

  C. Purchasing Acquisitions

New purchase requests for technology acquisitions are reviewed to determine:
  • How the acquisition brings business value and supports the University's mission and strategic goals.

  • Whether existing technology resources and solutions could satisfactorily meet the requester's needs.

  • What impacts the new acquisition may have on central systems and services, including data interchange, and the scheduling impacts to the UW-IT project portfolio.

  • Whether the new acquisition is part of a larger project or acquisition, and if so to what level of risk/severity oversight and approval it may be subject.

  • How this acquisition impacts the security and privacy of University data.

  • How this acquisition impacts accessibility of resources to a wide range of abilities and disabilities among students, faculty, and staff.

  • How this acquisition aligns with the University's goals for environmental sustainability.
The Vice President for UW-IT and CIO must approve the acquisition prior to University Procurement Services proceeding with competitive solicitations, contract negotiations, or contract award. In coordination with Procurement Services, the Vice President for UW-IT and CIO will prepare any project and/or acquisition materials needed for approval by the Board of Regents.

9.  Investment Plan

All official communications with the State CIO must be approved in advance by the Vice President for UW-IT and CIO. Official communications include, but are not limited to, concept plan, new or amended project investment plans and supporting information, and project status reports. UW-IT can provide guidance in preparing materials for submission to the state. Procedures and templates are available in the UW-IT Investment Procedures.

  A. State Requirements for Non-Exempt Projects and Acquisitions

The state requirements for non-exempt projects and acquisitions include:
  • Assessing the severity and risk levels for the project, to determine the appropriate level of state approval and oversight.

  • Determination by the Vice President for UW-IT and CIO whether project planning requires a request for information process, a feasibility study, and/or an external readiness review consultant.

  • Completion of a concept plan, which describes at a high-level: the business problem being addressed and other relevant factors, related business process changes and opportunities, funding, major outcomes, and major risks.

  • Preparation of an investment plan, which includes:

    • Business problem and justification;

    • Alternatives considered;

    • Risk assessment and mitigation plans;

    • Project costs and five-year ongoing operations costs;

    • Acquisition process;

    • Acquisition and implementation schedules;

    • Data security plan and risk assessment as applicable;

    • Any central resources required, including integrations with existing UW-IT systems;

    • Impacts on institutional business policies and practices;

    • Impact on accessibility; and

    • Impact on environmental sustainability.

  • Quality assurance plan, to provide independent review and reporting directly to the project sponsor regarding the quality of the deliverables at each stage of the project.

  • Approval from the state OFM for any financial or administrative system upgrades or implementations.
  B. University Requirements for Projects and Acquisitions Exempt from State Oversight

For projects and acquisitions that are exempt from state oversight, the University requirements include:
  • Completion of a severity and risk assessment, utilizing the state procedures to determine the oversight level (see Section 5 and the UW-IT Investment Procedures).

  • Completion of a project cost analysis.

  • If it is a Level 1 project or acquisition, and the total project cost (including all internal and external expenses to implement) is greater than $1 million, the project and oversight information must be reviewed by the Vice President for UW-IT and CIO for concurrence or approval.

  • If is a Level 1 project or acquisition, and the total project cost is under $1 million, the project or acquisition does not require prior approval by the Vice President and UW-IT and CIO. However, the department must maintain records to document the oversight level and the total project cost for a period of five years, or be able to demonstrate such compliance upon request.

  • Major projects and acquisitions that are exempt require a concept plan and an abbreviated University investment plan (see the UW-IT Investment Procedures).
  C. Investment Plan Amendments

Projects may need to make adjustments in scope, cost, schedule, and other factors during execution of a project, or at any other time after submitting the original investment plan. Project oversight/steering committees and sponsors must determine whether the project's prior approved status, as exempt or non-exempt, and its oversight level remain unchanged, and if either are changed, whether another review and approval by the Vice President for UW-IT and CIO is necessary.

10.  Project Management and Oversight

There are several established practices in the successful management of any IT project, including development of a concept plan, feasibility and readiness studies, development of a project plan, ongoing quality assurance assessments, and project status reporting. For certain types of projects, the following practices are required:

  A. Concept Plan and Project Plan

All projects which do not qualify for an exemption from state or University approval or oversight will provide a concept plan, to begin the discussion and determination of necessary requirements and approvals. Each approved IT project must also have a written project plan appropriate for the level and scope of the project effort.

    1) Concept Plan

The concept plan includes a description of the business problem addressed by a technology-based solution, other relevant factors such as compliance with regulations, potential sources of funding, anticipated performance outcomes, and the major concerns about the project at this early stage. A preliminary determination of risk and severity will indicate what oversight level may apply and determine the approvals that will be needed for the project.

This early stage is also a point for project planners, business owners, and system owners to consider business process modeling or re-engineering work as part of determining the scope and feasibility of the potential technology investment, and what process improvements and streamlining or simplifying may be appropriate in advance of defining the technology requirements. In addition, feasibility studies and readiness assessments are required for any project which will be submitted to the State CIO for approval.

    2) Project Plan

The basic stages for a project plan include:
  • Design
  • Development
  • Testing
  • Deployment.
Each stage must be broken into relevant action steps/milestones, and each step should have identified: duration, deliverables, required resources and who is responsible. The project plan documents the baseline that will be used to measure and report project progress. The plan must also identify the executive sponsor(s) to whom the project manager reports, and the project oversight/steering committee responsible for review and advice as needed during the course of the project.

  B. Quality Assurance

Each approved project must have some form of quality assurance (QA). For small projects with low risk, this may be done by University staff who are independent of the project management. Larger and higher risk projects require QA from external firms with demonstrated experience and expertise in project review and QA process. Selection of an external QA firm must be conducted through the University Procurement Office, and requires prior approval of the Vice President for UW-IT and CIO.

  C. Status Reporting

Any large project that will take more than 12 months for complete implementation requires a quarterly project status report to the appropriate University IT governance boards regarding progress and costs.

In addition to the quarterly progress report noted above, all major projects are required to provide the following reports:
  • Regular project status reports, including agreed upon QA reports.

  • Biennial report of project performance, through at least two years following implementation.
Note: Any major project or acquisition that qualifies for the Academic Exemption that is longer than 12 months in duration, is also subject to quarterly status reporting, to be submitted to the Vice President for UW IT and CIO, unless otherwise declared in the UW-IT Investment Procedures.

11.  Procurement Office Verification and Action

University Procurement Services will execute the acquisition or contract commitment once the appropriate action is taken by the Board of Regents in accordance with current Board of Regents Standing Orders, and upon being informed that all the approvals and requirements of this policy have been fulfilled.

12.  Summary of Requirements

Summary of Policy Requirements
(Note: Dollar thresholds in this table may change, with the most current amounts defined in the UW-IT Investment Procedures)

All IT acquisitions and investments must address the following, in addition to the specific requirements for different classifications of projects:
  • Stewardship for responsible planning and management of IT resources (Section 3)

  • Determination of oversight level based on risk and severity (Section 5)

  • Calculation of system life cost (Section 4)

  • Standard UW Procurement procedures (Section 11)
Academic Exemptions
(Limited to conducting research, scholarly or instructional activities)

Small Project
Oversight Level 1
Large Project
Oversight Level 1

  • Greater than $1 million investment cost; greater than $2.5 million system life cost—or lower cost but impacts other departments and/or requires central administrative system resources.

  • Concurrence by Vice President for UW-IT and CIO (Section 8.A).

  • Department ensures good project plan and management is provided (Section 10).
Major Project
Oversight Levels 2 & 3


Health Care-Related Exemption
(Limited to medical, clinical, or health care applications)

  • Health care-related projects under the management of UW Medicine are subject to the MOU with Vice President for UW-IT and CIO.

  • Health care-related projects outside the management of UW Medicine are treated as other acquisitions and investments (see below).
Other Acquisitions and Investments
(All other administrative and business-related IT systems and applications, including health care-related projects outside UW Medicine)

Small Project
Oversight Level 1
  • Under $1 million investment cost, under $2.5 million system life cost—impacts only a single department—does not require central administrative system resources.

  • Implementing department maintains records to document oversight level and system life cost (Section 7).

  • Department responsible for project QA and independent oversight (Section 10).
Large Project
Oversight Level 1
  • Greater than $1 million investment cost; greater than $2.5 million system life cost—or lower cost but impacts other departments and/or requires central administrative system resources.

  • Concurrence by the Vice President for UW-IT and CIO (Section 8.A).

  • Department ensures good project plan and management including internal QA and independent oversight is provided (Sections 10.A and 10.B).

  • If the duration is 12 months or more, quarterly project reports are required (Section 10.C).
Major Project
Oversight Levels 2 & 3

  • Requirements apply regardless of investment cost and system life cost.

  • Administrative system projects and applications require State CIO approval as requested by the Vice President for UW-IT and CIO, starting with preliminary concept plan (Section 5).

  • State OFM approval may also be required as determined by the Vice President for UW-IT and CIO (Section 5).

  • Investment plan required for approval by the Vice President for UW-IT and CIO (Section 8.A).

  • Comprehensive project plan required and monitored through monthly project reports, posted to the office of the State CIO (Section 10.A).

  • QA required, generally external for Level 2 and always external for Level 3—monthly QA reports posted to the office of the State CIO (Section 10.B).

  • Quarterly project status reports to UW IT governing board (Section 10.C).
Authoritative and updated information about current requirements and procedures is available at:

July 14, 2005; May 11, 2016.