36 Miss. Code. R. 2-1-201.3

Current through October 18, 2024
Rule 36-2-1-201.3 - 001-025 Approvals for Internet-based Applications and Services (State Agencies)

E-government applications and services require additional review and approval by ITS and by DFA (in contrast to traditional software applications.) Because of the multiple costing models used by vendors for e-government applications, as well as the necessity for ensuring appropriate security for all public-facing applications, the normal ITS procurement delegations to agencies do not apply for these types of acquisitions. In addition, DFA must approve and schedule any implementations that involve payments.

Agencies planning to acquire e-government software or services should follow the checklist shown below during the planning process. Preparing and submitting the information packet outlined in the checklist will ensure the acquisition has received required DFA and ITS reviews and approvals and help prevent delays in the implementation of the needed services. Submit the following information to both ITS and DFA at least 90 days prior to the procurement of the products or services. Additional time (120-180+ days) will be required for more complex projects or applications. Requests that are not submitted within the prescribed timeframes are subject to expedited processing charges from both ITS and DFA.

NOTE: All ITS and DFA approvals are specific to the project, scope, and contract term outlined in the request. Revisions to scope, extension of contract or hosting terms, addition of functionality (including adding or changing payment services), additional expenditures, and other changes to the project or to the vendor agreement require submission of an additional approval request. Approval of a specific application by DFA and ITS does not imply approval of future applications within the same application or across application models. Additionally, all approvals by DFA and ITS of waivers from the State's enterprise requirements are time-limited and may be revoked at any time if required to protect the substantial interests of the State.

[SQUARE ROOT]

Steps:

1. Define and document functional requirements.

2. Determine and document all payment methods that will be accepted: (Visa debit/credit; MasterCard debit/credit; Amex; e-check; other).

3. Determine and document all payment services needed (online; in person: counter; point-of-sale, ACH).

4. Complete the following checklist to determine if additional documentation and justification are required: (provide complete explanation, justification, and proposed technology and environment related to any question in a-d below that cannot be answered "yes.").

a. Hosted at the State Data Center? If not, provide a copy of the hosting company's security policy, disaster recovery plan, and 3 rd party financial audit if vendor is known.

[Alternately, this requirement will be incorporated into the competitive procurement process.]

b. If hosted at State Data Center: Verification that application utilizes software products and versions supported at the State Data Center? Attach verification form signed by State Data Center representative to this request.

c. Payments made via State's Enterprise Payment Engine? If a waiver is to be requested, this request as documented in the DFA Administrative Rule, Payment by Credit Cardor Other Forms of Electronic Payment to State Agencies, should be included in the submittal.

d. Application will use the State's Enterprise Payment Interface Component (EPIC) for payment processor interface?

5. If not hosted at State Data Center using State's enterprise payment system and processor, determine PCI DSS compliance requirements tier and responsibility. Provide a copy of most recent PCI audit from the proposed hosting and/or payment vendor if known.

[Alternately, this requirement will be incorporated into the competitive procuremen process.] (Note: If hosted at State Data Center, using State's Enterprise Payment Processor and Enterprise Payment Interface Component, ITS will certify PCI compliance.)

6. Document anticipated fee structure, including EOC fee. If requesting waiver of the EOC fee or if requesting to absorb EOC fee on customer's behalf, include letter from agency executive outlining that request.

7. Determine and document procurement approach:

a. Document anticipated lifecycle cost to agency.

b. Document anticipated lifecycle cost to consumer.

c. If total of a+b above is above quote threshold but less than bid threshold, obtain 2 written quotes and provide copies to ITS (Or request that ITS obtain the quotes as part of the procurement approval process).

d. If total of a+b above is above bid threshold, complete ITS competitive procurement form, exemption request form, or sole source form.

8. Submit all documentation to both ITS and DFA.

36 Miss. Code. R. 2-1-201.3

25-53-151
Amended 7/1/2015
Amended 11/18/2015
Amended 11/24/2017