CIO Review

Purpose

Explains when and how state agencies must request CIO approval for technology purchases.

Under West Virginia law (§5A-6), the Chief Information Officer (CIO) has the authority to review and make recommendations on IT purchases, contracts, and services including equipment and temporary staffing.

This policy applies to all state agencies within the executive branch unless specifically exempt under state code.

• View the CIO Review Policy

Determine if CIO Review is Required

Use the steps below to determine if CIO review is required:

1. Is the commodity available on one of our IT statewide contract?

   • ✅ Yes: CIO review is not required

   • ❌ No: Continue to Step 2

2. Is the purchase under $5,000?

   • ✅ Yes: CIO review is not required if the item is on the pre-approved list (Appendix B) and is not using removable media.

   • ❌ No: Continue to Step 3

3. Are you purchasing hardware or software?
   
   Hardware:

   • CIO review is required

   • Email your request to Consulting.Services@wv.gov

   • Include:

     • Description – What do you need?

     • Justification – Why do you need it?

     • Estimated Cost – How much will it cost?

Software:

3. • CIO review is required

   • You must also complete a Privacy Impact Assessment (PIA) form.
     
     PIA is used to evaluate risks to personally identifiable information (PII) when new software is purchased, systems are created, or existing systems are significantly changed. Visit the PIA for more information

   • Email your request and completed PIA form to Consulting.Services@wv.gov

   • Include:

     • Description

     • Justification

     • Estimated Cost

4. Are you purchasing IT-related services (not hardware or software)?

   • CIO review is still required

   • Email request to Consulting.Services@wv.gov

Telecommunications Services 

• Agencies must purchase from an approved statewide contract.

• If the statewide option does not meet your needs, you must request a waiver. (Waiver coming soon!)

• Submit the waiver request and explanation to Consulting.Services@wv.gov

CIO Review Email Checklist 

Email: Consulting.Services@wv.gov
Include the following (per Sections 3.3.1.1 – 3.3.1.3 of the policy):

• Description (What do you need?)

• Justification (Why do you need it?)

• Estimated Cost (How much will it cost?)

• PIA (if purchasing software)

• Waiver (if telecommunications contract doesn’t meet your needs)

Questions?

Contact your IRM if you have questions about the CIO review process. 

Policy References:

• W.Va. Code §5A-6-4(a)(1)

• W.Va. Code §5A-6B-1,et seq.

• W.Va. Code §5A-6B-1 et seq. West Virginia Cybersecurity Office

• W.Va. Code §5A-6-8 Exemptions 

• Purchasing Handbook Reference is 7.2 (Special Acquisitions)