To: Brian K. Flewelling, Public Works Committee Chairperson
From: Michael Dawisha, CIO
title
RE: Approval of proposed Genesee County Information Technology Procurement Review and Approval Policy
recommendation
BOARD ACTION REQUESTED:
Approval to adopt the Genesee County Information Technology Procurement Review and Approval Policy.
BACKGROUND:
Technology-related purchases occur across multiple County departments, but a formal County-wide process for IT procurement review and approval has not been established. With continued growth in systems, software, websites, devices, and connected services, a more standardized approach is needed to help address compatibility, cybersecurity, support, and alignment with existing County technology standards.
DISCUSSION:
Technology-related purchases, including software, websites and related services, have at times occurred without IT involvement or formal approval. This creates risk for the County in areas such as cybersecurity, compatibility with existing systems, supportability, duplication of services, and alignment with County technology standards. Adoption of the proposed policy will establish a formal County-wide process for IT review and approval before applicable purchases are made.
IMPACT ON HUMAN RESOURCES:
No direct impact on Human Resources. The proposed policy does not require additional staffing, reclassification, onboarding, or other personnel actions.
IMPACT ON BUDGET:
There is no impact on budget.
IMPACT ON FACILITIES:
No direct impact on Facilities. The proposed policy does not require changes to County facilities, physical space, or building operations.
IMPACT ON TECHNOLOGY:
Reviewed and submitted by IT.
CONFORMITY TO COUNTY PRIORITIES:
A formal IT review process supports the County priority of Long-Term Financial Stability by helping to avoid duplicative purchases, unsupported systems, compatibility issues, and higher long-term support costs.
resolution
TO THE HONORABLE CHAIRPERSON AND MEMBERS OF THE GENESEE COUNTY BOARD OF COMMISSIONERS, GENESEE COUNTY, MICHIGAN
LADIES AND GENTLEMEN:
WHEREAS, Genesee County is entrusted with sensitive information relating to its residents, employees, and governmental operations; and
WHEREAS, the increasing use of technology, software, websites, and cloud-based services presents cybersecurity, privacy, and operational risks; and
WHEREAS, it is in the best interest of Genesee County to ensure that all information technology purchases follow recognized security standards and best practices.
NOW, THEREFORE, BE IT RESOLVED, that this Board of County Commissioners of Genesee County, Michigan (this “Board”), hereby requires that all purchases of computer hardware, software, websites, software licensing, and information technology services be reviewed and recommended by the Genesee County Information Technology Department prior to purchase or contract execution.
BE IT FURTHER RESOLVED, that all such purchases shall be vetted for cybersecurity practices, data protection standards, data storage location, data access controls, and third-party data sharing.
BE IT FURTHER RESOLVED, that any vendor not approved by the Chief Information Officer or the Information Technology Department shall not be placed on the Board agenda or approved for use by Genesee County.
BE IT FURTHER RESOLVED, that this policy is adopted to promote security, transparency, and best practices in order to protect the residents and employees of Genesee County.
BE IT FURTHER RESOLVED, that to this end, this Board hereby adopts and authorizes the implementation of the attached Information Technology Procurement Review and Approval Policy (“Policy”).
BE IT FURTHER RESOLVED, that this new Policy supersedes any and all current or past policies related to Information Technology procurement, that any other resolutions or policies previously adopted by this Board related to this topic are hereby rescinded, and that this Policy shall remain in effect until further action of this Board.
Attachment