Explains when and how state agencies must request CIO approval for technology purchases.
Under West Virginia law (§5A-6), the Chief Information Officer (CIO) has the authority to review and make recommendations on IT purchases, contracts, and services including equipment and temporary staffing.
This policy applies to all state agencies within the executive branch unless specifically exempt under state code.
Use the steps below to determine if CIO review is required:
Is the commodity available on one of our IT statewide contract?
✅ Yes: CIO review is not required
❌ No: Continue to Step 2
Step 2: Does your request meet any of these Mandatory Review Criteria?
CIO Review is required if your project or purchase involves any of the following:
Cost: Any technology purchase over $5,000.
New Software: Any software not currently on the WVOT Approved Software List.
Cloud/SaaS: Any cloud services or systems storing state-owned data (requires a Data Protection Addendum).
Legacy Software: Any unsupported software, regardless of cost.
RFIs: Requests for Information at the concept stage.
Contract Changes: Reassignments that alter technical specifications.
Exemptions: Alternative procurements resulting from a Central Purchasing statewide contract exemption.
Submit Your Request
If your purchase requires a review based on Step 2, email your request to Consulting.Services@wv.gov following the guidelines below based on what you are purchasing:
Hardware
Include the following in your email:
Description – What do you need?
Justification – Why do you need it?
Estimated Cost – How much will it cost?
Software & Cloud Services
Include your Description, Justification, and Estimated Cost. You must also include:
Privacy Impact Assessment (PIA) form: The PIA is used to evaluate risks to personally identifiable information (PII) when new software is purchased, systems are created, or existing systems are significantly changed. Visit the PIA for more information.
Data Protection Addendum: Required if you are utilizing Cloud/SaaS or storing state-owned data in the cloud.
Are you purchasing IT-related services (not hardware or software)?
CIO review is still required
Email request to Consulting.Services@wv.gov
Agencies must purchase from an approved statewide contract.
If the statewide option does not meet your needs, you must request a waiver. (Waiver coming soon!)
Submit the waiver request and explanation to Consulting.Services@wv.gov
Email: Consulting.Services@wv.gov
Include the following (per Sections 3.3.1.1 – 3.3.1.3 of the policy):
Description (What do you need?)
Justification (Why do you need it?)
Estimated Cost (How much will it cost?)
PIA (if purchasing software)
Data Protection Addendum (for Cloud/SaaS)
Telecommunications Waiver (if telecommunications contract doesn’t meet your needs)
Contact your IRM if you have questions about the CIO review process.
W.Va. Code §5A-6-4(a)(1)
W.Va. Code §5A-6B-1,et seq.
W.Va. Code §5A-6B-1 et seq. West Virginia Cybersecurity Office
W.Va. Code §5A-6-8 Exemptions
Purchasing Handbook Reference is 7.2 (Special Acquisitions)