Norwegian version of this page

IT procurement

Procedure for IT procurement

When acquiring new software or services, several considerations come into play. 

Assessments around need/utility, legislation (GDPR/privacy), Risk Assessment/IT security, Finance/agreements and documentation/support must be made for new acquisitions.

Feel free to check whether the program has been rejected and cannot be used.

The following online form must be completed by the person wishing to make the purchase:

Enter the Nettskjema form here

For questions contact: it-anskaffelser@hiof.no.

  1. Needs Assessment and Evaluation:

    • Assess whether there is a genuine need for the service or software.
    • Check if an equivalent service or software already exists in the catalog.
    • Note that educational or pedagogical services/software require approval from the Pedagogical Development and Learning Section.
    • Responsibility lies with the requester.

  2. Handling Personal Data and GDPR Compliance:

    • Determine if the service or software will process personal data or sensitive information.
    • Ensure compliance with GDPR and other relevant regulations.
    • Note that Schrems II ruling restricts data transfers to third countries outside the EEA.
    • If no data transfer occurs outside the EEA and your immediate supervisor approves, submit a request via the Nettskjema form.
      • All services/software handling personal data must be evaluated by HiØ’s Data Protection Officer.
      • Responsibility lies with the requester.

    • Risk and Vulnerability Assessment:

      • Conduct an ROS analysis considering legal basis, data processing agreements, utility, user-friendliness, security, support, robustness, backup, and deletion.
      • Clarify the purpose of using the service/software, access control, and responsibilities toward the supplier.
      • Collaborate with it-anskaffelser@hiof.no for Risk Assessments.
      • Responsibility lies with the requester and it-anskaffelser@hiof.no.

    • Procurement Method:

      • Direct procurement if offered through existing framework agreements or if costs don’t exceed the competitive bidding threshold.
      • Conduct a procurement competition if the threshold is exceeded.
        • Responsibility lies with the requester or procurement support.

      • Contractual Agreements:

        • Determine cost allocation for the service/software.
        • Identify the contracting party for HiØ.
        • Ensure quality assurance of agreements and any data processing agreements.
        • Sign and archive contracts in the system.
        • Responsibility lies with the requester and budget manager.

      • Documentation, Guidance, and Training:

        • Develop documentation, provide guidance, and conduct user training.
        • Responsibility lies with the requester.
Published May 14, 2024 2:40 PM - Last modified May 14, 2024 3:22 PM
E-mail this page