Explains when and how state agencies must request CIO approval for technology purchases.
Under West Virginia law (§5A-6), the Chief Information Officer (CIO) has the authority to review and make recommendations on IT purchases, contracts, and services including equipment and temporary staffing.
This policy applies to all state agencies within the executive branch unless specifically exempt under state code.
Use the steps below to determine if CIO review is required:
Is the commodity available on one of our IT statewide contract?
✅ Yes: CIO review is not required
❌ No: Continue to Step 2
Is the purchase under $5,000?
✅ Yes: CIO review is not required if the item is on the pre-approved list (Appendix B) and is not using removable media.
❌ No: Continue to Step 3
Are you purchasing hardware or software?
Hardware:
CIO review is required
Email your request to Consulting.Services@wv.gov
Include:
Description – What do you need?
Justification – Why do you need it?
Estimated Cost – How much will it cost?
Software:
CIO review is required
You must also complete a Privacy Impact Assessment (PIA) form.
PIA is used to evaluate risks to personally identifiable information (PII) when new software is purchased, systems are created, or existing systems are significantly changed. Visit the PIA for more information
Email your request and completed PIA form to Consulting.Services@wv.gov
Include:
Description
Justification
Estimated Cost
Are you purchasing IT-related services (not hardware or software)?
CIO review is still required
Email request to Consulting.Services@wv.gov
Agencies must purchase from an approved statewide contract.
If the statewide option does not meet your needs, you must request a waiver. (Waiver coming soon!)
Submit the waiver request and explanation to Consulting.Services@wv.gov
Email: Consulting.Services@wv.gov
Include the following (per Sections 3.3.1.1 – 3.3.1.3 of the policy):
Description (What do you need?)
Justification (Why do you need it?)
Estimated Cost (How much will it cost?)
PIA (if purchasing software)
Waiver (if telecommunications contract doesn’t meet your needs)
Contact your IRM if you have questions about the CIO review process.
W.Va. Code §5A-6-4(a)(1)
W.Va. Code §5A-6B-1,et seq.
W.Va. Code §5A-6B-1 et seq. West Virginia Cybersecurity Office
W.Va. Code §5A-6-8 Exemptions
Purchasing Handbook Reference is 7.2 (Special Acquisitions)