Software Procurement Processes
This runbook sets out the processes involved in procuring new software or renewing existing software.
This runbook does not cover procurement that would involve a full commercial tender. This is not covered here but will be identified as part of the Demand Process mentioned later, if required. If that happens then this runbook cannot help you.
This runbook does not cover any exceptional process that may vary from the standard Governence processes. Any variation from these process must be in agreement with Head of Hosting, Budget Holder, Finance, and Commercial.
Before you start
- You have satified, through Discovery, that there is a genuine user need you are meeting with the software
- You have data to support the decision to purchase the software
- You have approval from the Head of Hosting to purchase the software
- You have conducted some form of analysis/evaluation to confirm that the software being purchased is the most appropriate option
Procurng new software
Raise a request for a quote via Demand Management
Demand Management is the team that will help you through the software procurement process and ensure that Governance processes are being followed.
Raise a New Demand Request via ServiceNow.
As part of this process you will need to know the following: - Cost Centre - Business Entity Code - Brief summary of the requirement - Justification for the purchase
A Demand Manager will be assigned to your request and contact you for any additional information and advise you of next steps (which are set out in this runbook), and request a quote for the software based on the requirement provided.
Securty Review
Security have guidance of software usage
For new software you must request an assessment by the Security Team.
On approval of the assessment confirm the outcome to Demand Management. You will need this information for Triage and when you complete the Commercial Coversheet at a later stage.
Data & Privancy Impact Assessment (DPIA)
To understand and manage risks associated with the processing and handling of data you may need to complete a Data & Privancy Impact Assessment
Contact Data Privacy Teamto start a DPIA screening. Depnding on the type of data being processed the DPIA Team may ask you to complete a full assessment.
On approval of the assessment or screening confirm the outcome to Demand Management. You will need this information for Triage and when you complete the Commercial Coversheet at a later stage.
Budget Holder and Finance Business Partner(FBP) Approval
Email Budget Holder and FBP with a brief summary of the requirement and quote. Keep copies of the approvals which will be needed to request the purchase order.
As part of this step confirm whether the spend approvals are covered by the Triage or Delegated Authority Process. Most new requests will require Triage approval.
Triage
Complete Triage Form and send to Digital Assurance for the weekly Triage Board.
You will need to include: - copy of Budget Holder approval email - copy of FBP approval email - copy of Quote
Triage will approve, approve with condition, or reject a request. If approved you can proceed to next steps.
Delegated Authority
If Delegated Authority is appropraite complete the Justice Digital Delegated Authority form.
Complete Commercial Coversheet
Demand Management will provide you with a Commercial Coversheet to complete. This provides information to Commercial to assist in purchase of the software. This form will need to be provided to Finance to raise a PO.
Request a Purchase Order
Email the Finance Team with a request for a purchase order. The email must include: - copy of Budget Holder approval email - copy of FBP approval email - copy of Commercial Coversheet - copy of Quote
When the PO is created (which can take a couple of weeks) send a copy of the PO to the Software Asset Management(SAM) Team.
Status updates on the purchase and start date
These steps will vary depending on the software vendor onboarding process. However for updates on progress contact the SAM Team
Renewing software
The software renewal process is very similar to the process for procuring new software with a few exceptions which are detailed as follows:
Trigger to renew software
4 months prior to the expiry of the contract you will be contacted by the Software Assesst Management Team (SAM) about your intention to renew a subscription.
If you are intending to renew on the same terms you can confirm that you will renew and request a quote.
If you requirement is changing at renewal e.g. adding additional licences you will need to go via Demand and Triage as if this was a new request.
Data Privacy and Impact Assessment
Not required unless: - A DPIA does not currently exist for the software you are renewing - A DPIA exists but there has been a change to how the data is processed or held - A DPIA exists but the type of data held has changed
Security Assessment
Not required unless: - Your DPIA was not overseen by MoJ’s DPIA approval processes - There has been a change to how the software is storing data - There have been changes to the number or type of risks associated with this software
Spend Controls
As this is a renewal the subscription will already be in the budget. Unless you are making changes to the subscription this will be covered by Delegated Authority process mentioned earlier. Once the Delegated Authority form has been completed you can request a PO to be raised via the Finanace Team as per the process above.