143B-1350. Procurement of information technology.

(a) The State CIO is responsible for establishing policies and procedures for information technology procurement for State agencies.

Notwithstanding any other provision of law, the Department shall procure all information technology goods and services for participating agencies and shall approve information technology procurements for separate agencies. The State CIO may cancel or suspend any agency information technology procurement that occurs without State CIO approval.

(b) The Department shall review all procurements to ensure they meet current technology standards, are not duplicative, meet business objectives, are cost-effective, and are adequately funded. G.S. 143-135.9 shall apply to information technology procurements.

(c) The Department shall, subject to the provisions of this Part, do all of the following with respect to State information technology procurement:

(1) Purchase or contract for all information technology for participating State agencies.

(2) Approve all technology purchases for separate agencies.

(3) Establish standardized, consistent processes, specifications, and standards that shall apply to all information technology to be purchased, licensed, or leased by State agencies and relating to information technology personal services contract requirements for State agencies, including, but not limited to, requiring convenience contracts to be rebid prior to termination without extensions.

(4) Establish procedures to permit State agencies and local government entities to use the General Services Administration (GSA) Cooperative Purchasing Program to purchase information technology (i) awarded under GSA Supply Schedule 70 Information Technology and (ii) from contracts under the GSA's Consolidated Schedule containing information technology special item numbers.

(5) Establish procedures to permit State agencies and local government entities to use other cooperative purchasing agreements.

(6) Comply with the State government-wide technical architecture, as required by the State CIO.

(7) Utilize the purchasing benchmarks established by the Secretary of Administration pursuant to G.S. 143-53.1.

(8) Provide strategic sourcing resources and detailed, documented planning to compile and consolidate all estimates of information technology goods and services needed and required by State agencies.

(9) Develop a process to provide a question and answer period for vendors prior to procurements.

(d) Each State agency shall furnish to the State CIO when requested, and on forms as prescribed, estimates of and budgets for all information technology goods and services needed and required by such department, institution, or agency for such periods in advance as may be designated by the State CIO. When requested, all State agencies shall provide to the State CIO on forms as prescribed, actual expenditures for all goods and services needed and required by the department, institution, or agency for such periods after the expenditures have been made as may be designated by the State CIO.

(e) Confidentiality. - Contract information compiled by the Department shall be made a matter of public record after the award of contract. Trade secrets, test data, similar proprietary information, and security information protected under G.S. 132-6.1(c) or other law shall remain confidential.

(f) Electronic Procurement. - The State CIO may authorize the use of the electronic procurement system established by G.S. 143-48.3, or other systems, to conduct reverse auctions and electronic bidding. For purposes of this Part, "reverse auction" means a real-time purchasing process in which vendors compete to provide goods or services at the lowest selling price in an open and interactive electronic environment. The vendor's price may be revealed during the reverse auction. The Department may contract with a third-party vendor to conduct the reverse auction. "Electronic bidding" means the electronic solicitation and receipt of offers to contract. Offers may be accepted and contracts may be entered by use of electronic bidding. All requirements relating to formal and competitive bids, including advertisement, seal, and signature, are satisfied when a procurement is conducted or a contract is entered in compliance with the reverse auction or electronic bidding requirements established by the Department.

(g) The State CIO shall establish efficient, responsive procedures for the procurement of information technology. The procedures may include aggregation of hardware purchases, the use of formal bid procedures, restrictions on supplemental staffing, enterprise software licensing, hosting, and multiyear maintenance agreements. The State CIO may require agencies to submit information technology procurement requests on a regularly occurring schedule each fiscal year in order to allow for bulk purchasing.

(h) All offers to contract, whether through competitive bidding or other procurement method, shall be subject to evaluation and selection by acceptance of the most advantageous offer to the State. Evaluation shall include best value, as the term is defined in G.S. 143-135.9(a)(1), compliance with information technology project management policies, compliance with information technology security standards and policies, substantial conformity with the specifications, and other conditions set forth in the solicitation.

(h1) All contracts subject to the provisions of this Part shall include a limitation on the contractor's liability to the State for damages. Except as otherwise provided in this subsection, the limitation of liability shall be for damages arising from any cause whatsoever, regardless of the form of action. The amount of liability shall be determined based on the nature of the goods or services covered by the contract; however, there shall be a presumptive limitation of no more than two times the value of the contract. Limitation of liability pursuant to this subsection shall specifically include, but not be limited to, the contractor's liability for damages and any other losses relating to the loss of, unauthorized access to, or unauthorized disclosure of data.

The amount of liability for damages and any other losses relating to the loss of, unauthorized access to, or unauthorized disclosure of data may be raised to no more than three times the value of the contract if all of the following apply:

(1) The State CIO completes a risk assessment prior to the bid solicitation or request for proposal.

(2) The risk assessment determines that an increase in the liability amount is necessary to protect the State's best interests.

(3) The bid solicitation or request for proposal indicates that increased liability will be required for the resulting contract.

The State CIO shall report annually to the Joint Legislative Commission on Governmental Operations and the Joint Legislative Oversight Committee on Information Technology no later than March 1 regarding the contracts containing liability amounts of more than two times the value of the contract.

Prior to entering into any contract subject to the provisions of this Part, the Department or the separate agency, as applicable, shall reasonably determine that the contractor possesses sufficient financial resources, either independently or through third-party sources, such as insurance, to satisfy the agreed upon limitation of liability. The limitation of liability required by this subsection shall not apply to liability of the contractor for intentional or willful misconduct, damage to tangible personal property, physical injuries to persons, or any notification costs resulting from compliance with G.S. 132-1.10(c1). Nothing in this subsection (i) limits the contractor's liability directly to third parties or (ii) affects the rights and obligations related to contribution among joint tortfeasors established by Chapter 1B of the General Statutes and other applicable law.

(i) Exceptions. - In addition to permitted waivers of competition, the requirements of competitive bidding shall not apply to information technology contracts and procurements:

(1) In cases of pressing need or emergency arising from a security incident.

(2) In the use of master licensing or purchasing agreements governing the Department's acquisition of proprietary intellectual property.

Any exceptions shall immediately be reported to the Joint Legislative Oversight Committee on Information Technology and the Fiscal Research Division.

(j) Information Technology Innovation Center. - The Department may operate a State Information Technology Innovation Center (iCenter) to develop and demonstrate technology solutions with potential benefit to the State and its citizens. The iCenter may facilitate the piloting of potential solutions to State technology requirements. In operating the iCenter, the State CIO shall ensure that all State laws, rules, and policies are followed.

Vendor participation in the iCenter shall not be construed to (i) create any type of preferred status for vendors or (ii) abrogate the requirement that agency and statewide requirements for information technology support, including those of the Department, are awarded based on a competitive process that follows information technology procurement guidelines.

(k) No contract subject to the provisions of this Part may be entered into unless the contractor and the contractor's subcontractors comply with the requirements of Article 2 of Chapter 64 of the General Statutes.