Accessibility Skip to Top Navigation Skip to Main Content Home  |  Change Text Size  |  Contact IRS  |  About IRS  |  Site Map  |  Español  |  Help  

Part 2. Information Technology

Chapter 21. Requisition Processing for IT Acquisition Products and Services

Section 1. Introduction to Requisition Processing for Information Technology (IT)

2.21.1  Introduction to Requisition Processing for Information Technology (IT)

2.21.1.1  (01-01-2006)
INTRODUCTION

  1. This Internal Revenue Manual (IRM) covers purchases of Information Technology (IT) products and services. The requisition process described herein is included as part of a total acquisition life cycle.

  2. Web links for each major functional area (Disclosure, Section 508, Security, etc.) mentioned in this IRM have been included so that a Requisitioner (also defined as the Point of Contact) will have the capability of going to these sites and reviewing the functional area’s process and filling out the forms required as part of the requisition process. Most web sites will require scrolling the document for needed information.

  3. The web links included in this document are subject to change. Since revisions to IRMs are limited, it is recommended that a Requisitioner check a functional area’s website for the latest information. Refer to the web link below for all current web links:

    http://awss.procurement.irs.gov

2.21.1.1.1  (01-01-2006)
Purpose

  1. Modernization and Information Technology Services (MITS) Delegation Order 28 (D.O. 28) provides MITS executives with delegated signature authority for approving information technology purchases of goods and services. The CIO has responsibility for all IT purchases of products and services acquired by the Internal Revenue Service (IRS). The Director Client Services is the D.O. 28 delegated signature authority to approve IT requisitions initiated from the business units for all Functional Areas (aka PACS).

  2. The purpose of this document is to provide guidance to all IRS personnel on the critical elements necessary to complete the requisition approval process.

  3. MITS is the organization responsible for approving IT requisitions and, therefore, MITS Executives are accountable for ensuring their accuracy. IRS personnel involved in the processing of IT requisitions must follow the guidance contained in this manual.

  4. The Director Client Services is responsible for reviewing all IT requisitions initiated from business units and ensuring the requisitions have been routed through the appropriate DIO, all appropriate reviews are completed, the correct Internal Order (aka PCAS) code is assigned, and a requisition summary is attached to the requisition.

  5. This document is authorized by:

    • MITS Delegation Order No. 28

    • The Clinger-Cohen Act of 1996, also known as the Information Technology Management Reform Act (ITMRA)

    • IRM 1.1, Section 12, Chief Information Officer

    • IRS Policy Statement P-1-229 (new number will be P-2-4)

    • IRS Delegation Order No. 261

2.21.1.1.2  (01-01-2006)
Scope

  1. The signature authorities and associated re-delegations supported by D.O. 28 apply to requisitions for purchases of IT products and services; however, it does not apply to the following:

    • IT supplies or consumables, such as toner cartridges, printer paper, and printer ribbons

    • Recurring administrative or overhead expenses such as cell phone charges

    • Certain types of services, such as training.

  2. While most requisitions are for specific IT resources, many requisitions are for block funding, which is earmarked for IT resources and is to be applied to a Purchase Card. These process guidelines also apply to this type of requisition. Users of Purchase Cards are reminded to review the IRS Purchase Card Guide (Document 9185) link and the Restricted Purchase List link for instructions on how to use the card and buying restrictions. Be sure to note the restricted Purchase Card use regarding disclosures of taxpayer returns or return information. This restriction also applies to employee/personnel and Official Use Only (OUO) information. The following web links apply: http://erc.web.irs.gov and http://awss.procurement.irs.gov, respectively.

  3. There are also web links for Credit Card Services and the Treasury Commercial Vehicles (TCV) Purchase Card Program. The links are: http://awss.web.irs.gov/ess/CCS/ccs.htm and http://erc.web.irs.gov/Displayanswers/folderContent.asp?folderID=10, respectively.

2.21.1.2  (01-01-2006)
BUSINESS REQUIREMENTS

  1. All organizations within IRS are responsible for having Business Requirements as part of the requisition process for purchasing IT products and services.

2.21.1.2.1  (01-01-2006)
Business Requirements Identification

  1. All organizations within IRS are responsible for generating business requirements and ensuring the business requirements are part of their Strategic and Program Plan. When an organization identifies an information technology business requirement, contact must be made with the Business Systems Planner (BSP) to ensure that the requirement is addressed in the Strategic and Program Plan.

2.21.1.2.2  (01-01-2006)
Business Justification

  1. A Business Justification typically consists of: 1) the technical requirements of the acquisition, 2) how it supports the organization’s business requirement, 3) how the business requirement supports the Strategic and Program Plan, 4) a basis of cost estimate, and 5) any other relevant information. The Business Justification does not need to follow a particular format, as long as it includes the minimum items (1-4) above, and is incorporated as Item 1 in the Requisition Summary (see Exhibit 2.21.1-3 ). Below is an example of a generic Business Justification:

    Example: This technical requirement was initiated by [Name, Organization]. This requisition is for acquisition of contractors to incorporate legislative changes into project XXXXXXXX for filing season implementation. The contractor support will include requirements analysis, documentation, coding, unit and integration testing, implementation support and post-implementation support. If this requirement is not funded, project XXXXXXXX’s readiness for filing season implementation will be seriously jeopardized.

2.21.1.3  (01-01-2006)
REFINE REQUIREMENTS

  1. All requirements must be refined so that the Office of Procurement is able to procure the necessary acquisition.

2.21.1.3.1  (01-01-2006)
Point of Contact

  1. Requisitioners who are usually Points of Contact (POCs) are responsible for initiating the requisition process and for bringing all necessary Agency expertise and resources to the task in order to ensure the IT acquisition is ready to forward to the Office of Procurement.

2.21.1.3.2  (01-01-2006)
Point of Contact Responsibilities

  1. The responsibilities of the Point of Contact include the following and are also reflected in Diagram 1 - Parallel Process: Refine Technical Requirements.

    Point of Contact Responsibilities
    1. Work with the applicable IRS organization to transform the business requirement into a technical requirement.
    2. Enter a record into webRTS. For information on using webRTS, see the webRTS User’s Manual at:
    http://awss.procurement.irs.gov/webrtsum/newusermanual/toc.htm
    3. Refine the technical requirement documentation into a final form suitable for procurement action. Specifically:

    1. Identify a routing path in webRTS.

    2. Obtain a Security Review.

    3. Obtain a Technical Tier Review.

    4. Initiate Privacy Impact Assessment (new systems , systems undergoing major modifications, and systems that are being re-certified).

    5. Indicate whether Capability Maturity Model standards apply (Software Development only).

    6. Obtain a Section 508 Compliance Review.

    7. Obtain Office of Disclosure Review.

    8. Work with a Contracting Officer to initiate an acquisition strategy and document the acquisition plan, as appropriate, in the Requisition Summary; develop the appropriate acquisition documentation, such as a Statement of Work (SOW) or technical specification, including a Government Cost Estimate; and include the documentation with the Requisition Summary. Each file representing these items must be attached in webRTS. (See Section 2.21.1.3.4 Note)

    9. Fund new purchases of hardware and software and maintenance through PAC 9S for Tier 1 and Tier 2.

    10. Do a FCC of funds to PAC 9S and a base transfer of maintenance funds for out years for all Business Units making hardware or software purchases using funding other than Tier A, Tier B (a few exceptions will be worked on a case-by-case basis).

    4. Submit the requisition, including a Requisition Summary, for approval. IT requisitions initiated from business units must be routed to the appropriate DIO and the Director Client Services for review and approval.
    5. Maintain the required file copy of supporting documentation.

  2. Diagram 1 - Parallel Process: Refine Technical Requirements

    Figure 2.21.1-1

    This image is too large to be displayed in the current screen. Please click the link to view the image.

2.21.1.3.3  (01-01-2006)
Request for Information Services (RIS)

  1. A Request for Information Services (RIS) is required only for those requisitions that are expected to utilize MITS staffing resources. Requisitions for acquisitions that will not require such resources do not need a RIS. The web link for the process is:

    http://rtrs.web.irs.gov


2.21.1.3.4  (04-14-2006)
Submitting a Completed Requisition for Approval

  1. After completion of the required reviews and concurrences, update the Requisition Summary to certify all appropriate programmatic and technical reviews have been satisfactorily completed. IT requisitions initiated by a business unit routed through the appropriate DIO, to ensure all appropriate reviews are completed, the correct Internal Order (aka PCAS) is assigned, and a requisition summary is attached to the requisition prior to forwarding the requisition to the Director Client Services.

  2. For an approved E-300 Business Case, the question addressing this issue on the Requisition Summary must be answered. In addition, the Business Case Number and Date of Approval must be inserted into the spaces provided. The only remaining area that needs to be completed on the Requisition Summary is the Disclosure Section since disclosure is not fully accounted for in the Business Case. The web link below contains the Disclosure information required to be completed.

    http://mass.web.irs.gov/Privacy/safeguardscoverpage.asp

  3. Attach the Requisition Summary to the webRTS record using the webRTS Attachment Option, and submit the webRTS record to the first name on the requisition approval routing path. IT requisitions initiated from business units must include the Director Client Services in the webRTS approval path.

    Note:

    All attachments forwarded in Word must be saved as a WORD document using the Rich Text Format (.rtf file extension in lieu of the .doc extension), prior to using the webRTS attachment function. Do not "cut & paste " the attachment into webRTS.

2.21.1.3.5  (01-01-2006)
Tier Overview

  1. A Technical Tier Review may consist of an architectural, engineering, capacity, or standards review for the IT acquisition. There are four types of infrastructure Technical Tier Reviews as shown in the Table below. Each of the Technical Tier Reviews has different business processing rules and selection of the appropriate Technical Tier Review is based on the type of IT acquisition. Some acquisitions may require multi-Technical Tier reviews and concurrences.

2.21.1.3.6  (01-01-2006)
Identification of the Appropriate Technical Tier Review

  1. The table below identifies Tier responsibility and the equipment/software under their review:

    If the acquisition is for Go to section: Definition
    Tier I
    Supercomputers and Mainframes     		2.21.1.3.7 Supercomputers and mainframe hardware and software, including peripheral subsystems used in a mainframe system environment.
    Tier II
    Minicomputers     		2.21.1.3.8 Minicomputers (i.e. computers usually containing multiple microprocessors, capable of executing multiple processes simultaneously, and may serve multiple users by way of a communications network) including hardware, software, and peripheral subsystems used in that environment.
    Tier II
    Enterprise Servers     		2.21.1.3.8 These systems typically include any hardware operating under a multi-user UNIX operating system, such as Windows, LINUX, SCO, and DC/Osx, and Dynix. Typically, these systems support centralized, high-volume enterprise applications. Hardware and software maintenance associated with the above items, including performing system backups, hardware upgrades and maintenance, operating systems upgrades and preventive maintenance tasks. Support for providing backups and daily operation of these systems.
    Tier III
    Microcomputers     		2.21.1.3.9 Tier III - Business Server- These systems include all workstation devices and any hardware operating under a Windows operating system. Including all hardware used in a desktop environment: Workstations functioning with a single-user (stand-alone) operating system including UNIX workstations that run single-user versions of UNIX and workstations that run any Windows operating system. This includes desktops, laptops and docking stations, monitors and keyboards associated with these devices, Personal Digital Assistants (PDAs), scanners, and printers. Windows-based networking servers: Primary Domain Controllers (PDCs), Backup Domain Controllers (BDCs), Windows Internetworking Servers (WINS), file and print servers and their backup systems; Windows-based application servers; and Microsoft Exchange messaging servers. Tier III also includes new software, hardware and software maintenance associated with the above items, including performing system backups, hardware upgrades and maintenance, operating system upgrades and preventive maintenance tasks.
    Tier IV
    Data and Voice Telecommunications     		2.21.1.3.10 Data and voice (telecommunications) equipment, including switching equipment (i.e. private branch exchanges (PBXs); package switching equipment, etc., telecommunication networks and related equipment such as voice communications networks, local area networks, data communications networks; automatic call distributor/voice response units (ACDs/VRUs); modems, data encryption devices, fiber optics, terrestrial carrier equipment (multiplexers and concentrators); light wave, microwave, or satellite transmission and receiving equipment, telephonic equipment, and facsimile equipment.

2.21.1.3.7  (01-01-2006)
Tier I Review

  1. Tier I consists of mainframes, computer-related hardware, software, maintenance, and related services. The scope will vary depending on the nature of the acquisition. Concurrence should be referenced in the Requisition Summary. Refer to Exhibit 2.21.1-2, Points of Contact.

2.21.1.3.8  (01-01-2006)
Tier II Review

  1. Tier II consists of servers plus related hardware, software, maintenance, and services, supporting a centralized/corporate application environment, but NOT Office Automation. The scope of the review will vary depending on the acquisition. The following web link applies:

    http://unixsuppsvcs.web.irs.gov

2.21.1.3.9  (01-01-2006)
Tier III Review

  1. Tier III consists of end-user computing related hardware, software, server software, maintenance and related services, including desktops, laptops, and personal communications devices; Windows-based servers supporting this environment, including file and print servers; and domain controllers.

  2. Tier III acquisitions are handled directly by the Tier III owner, except when the Tier III requirement is initiated and funded from a business units financial plan (aka Funds Center). However, ad hoc requests for acquisitions of this type may be received. If this occurs, visit OS GetServices

    http://ds00001d.dcc.irs.gov:11170/oaa/login.jsp?

  3. OS GetServices is a self service desk tool that provides the capability to report a computer, printer, fax, or any other IT-related problem. IT products and services can also be requested. Software requests must come through OS GetServices unless the Business Unit is funding the purchase. The status of an existing request can be checked. OS GetServices web ticketing is available throughout the organization. The following web link provides more information:

    http://ds00001d.dcc.irs.gov:11170/oaa/login.jsp?

  4. Tier III Server Standards Review

    To ensure compatibility with established standards . The Server Standards group, within Technical Services, is required to review software that will reside on a Tier III server.

    Include Jane Trainham (512) 464-3529, Jane.A.Trainham@irs.gov (Server Standards) in the requisition approval path, prior to T3REVUSW (Technical Tier Reviewer) for server software. Concurrence should be referenced in the Requisition Summary.

2.21.1.3.10  (01-01-2006)
Tier IV Review

  1. Tier IV consists of telecommunications, including voice and data transmission hardware, software, and related services. Concurrence should be referenced in the Requisition Summary. Refer to Exhibit 2.21.1-2, Points of Contact.

2.21.1.3.11  (01-01-2006)
Security Review

  1. Security is an increasingly important aspect of the acquisition process. Mission Assurance & Security Services ensures products or services being acquired are in alignment with prevailing internal and external guidance and mandates, established internal systems, data and physical security policies, and technology standards. Detailed information on Security can be found in IRM 25.10.1.

  2. Requisitioners are required to complete a Security Compliance Review Checklist for IT requisitions. The Checklist can be found at:

    http://mass.web.irs.gov

  3. The Checklist provides the analysis required to determine whether a product is compliant, is considered an exception, or requires a waiver. An assertion in the Requisition Summary must be provided that such a review has taken place.

2.21.1.3.12  (01-01-2006)
Privacy Impact Assessment

  1. IRS requires that every system that contains sensitive But Unclassified (SBU) data and personal identifiable information to have a Privacy Impact Assessment (PIA). This includes new systems, systems undergoing major modifications, and systems that are being re-certified. Privacy issues must be addressed when systems are being developed, and privacy protections must be integrated into the development life cycle of these automated systems. The PIA process can be found at:

    http://mass.web.irs.gov/privacy

  2. The above site covers process information, including exceptions when requisitions do not need to be reviewed by Disclosure. For additional privacy process information, see IRM 11.3.14

2.21.1.3.13  (01-01-2006)
Capability Maturity Model Integrated - Software Engineering

  1. The Capability Maturity Model Integrated - Software Engineering (CMMI-SW) is an increasingly important aspect of the acquisition process for services involving software development. If a technical requirement calls for software development, then the contractor is required to have a minimum rating of CMMI-SW Level 2. If it cannot be determined that the acquisition is for software development or if the vendor is considered to be non-CMMI Level 2, contact the Office of Strategic Acquisition Initiatives.

  2. Once it is determined whether or not the acquisition involves software development, such information must be indicated in the "Item Description" field of the webRTS record. Also, provide information about the nature of the software development. This action notifies the Contracting Officer that certain clauses must be incorporated into the contract. CMMI compliance must also be annotated in the Requisition Summary.

  3. Additional information can be found at the following web links:

    http://awss.procurement.irs.gov/policy/pandp/pp39-1b.pdf

2.21.1.3.14  (01-01-2006)
Section 508 Compliance

  1. Effective June 25, 2001, the Federal government implemented Section 508 of the Rehabilitation Act of 1973, Amendments of 1998 (29 U.S.C. § 794(d)). Section 508 requires that the Federal government when developing, procuring, maintaining, or using electronic information technology (EIT), must ensure that the EIT allows Federal employees with disabilities to have access to and use of information and data that is comparable to the access to and use of information and data by Federal employees without disabilities. Section 508 also requires that individuals with disabilities, who are members of the public seeking information or services from a Federal department or agency, have access to and use of information and data that is comparable to that provided to the public without disabilities. Section 508 permits individuals to file a complaint against Agencies that are alleged to have denied the comparable access and individuals are permitted to file a civil action. If substantiated, Agencies may be found liable for both attorneys' fees and/or injunctive relief; but not compensatory damages.

  2. The Federal Acquisition Regulation, Part 2.101, definitions –

    "Electronic and Information Technology (EIT)" has the same meaning as "information technology" except EIT also includes any equipment or interconnected system or subsystem of equipment that is used in the creation, conversion, or duplication of data or information. The term EIT, includes, but is not limited to, telecommunication products (such as telephones), information kiosks and transaction machines, worldwide websites, multimedia, and office equipment (such as copiers and fax machines.)

    "Information Technology" means any equipment, or interconnected systems(s) or subsystem(s) of equipment, that is used in the automatic acquisition, storage, manipulation, management, movement, control, display, switching, interchange, transmission, or reception of data or information by the agency.

  3. For any EIT requirement, you must go to the IRS Information Resources Accessibility Program (IRAP) website and follow the instructions appropriate to your acquisition.

  4. When purchasing EIT supplies or services, requesters/requiring officials must: (1) establish their requirement, (2) compare the requirement against the Access Board's technology specific standard checklist, (3) select the applicable standard(s), (4) perform the necessary market research to determine if compliant supplies or services are commercially available, (5) prepare a determination and finding, and (6) check http://irap.no.irs.gov for IRAP approval requirements. In the event the supplies or services are not commercially available or only partially available, the requester/requiring official must address these circumstances within the determination and finding and, when applicable, attach the necessary exception documentation. If the requester/requiring officials make a determination and finding based on Undue Burden, they must attach the necessary exception documentation. A Determination and Finding must be completed for each proposed procurement which contains the furnishing of any EIT supply or service.

  5. The Federal Acquisition Regulation (FAR), Part 39, implements Section 508 requirements with regard to contracts and Section 508 documentation.

  6. For additional information on EIT definitions, forms and detailed requirements, refer to the following web sites:

    Technical Guidance and Training: http://irap.no.irs.gov

    Government Overview: www.section508.gov

    Procurement Policy: http://awss.procurement.irs.gov/policy

2.21.1.3.15  (04-14-2006)
Disclosure Review and Approval

  1. Disclosure Notification refers to the circumstances in which there may be proprietary or other sensitive information; this includes taxpayer data, employee information, and Official Use Only (OUO) data which may be gathered, managed, or obtained as a result of development of an information technology system. All IRS IT hardware, software, and files are designated as Sensitive But Unclassified (SBU) based on the potentially sensitive information they contain. Accordingly, the National Disclosure Approving Official requires all IT acquisitions to include appropriate Disclosure terms and conditions in the contract. Additional information can be found at the Disclosure website:

    http://mass.web.irs.gov/Privacy/safeguardscoverpage.asp

  2. The "Disclosure and Privacy Act" boxes in the webRTS record for any IT requisition that does not fall into one of the exception categories listed in Exhibit 2.21.1-3, Requisition Summary, must be checked. However, for all other requisitions, do not check the boxes. For more information on Disclosure requirements, see IRM 11.3 and IRM 11.3.24 regarding Disclosures to Contractors.

2.21.1.4  (01-01-2006)
REQUISITION APPROVALS

  1. Requisition approvals are an integral part of the requisition process for purchasing IT products and services.

2.21.1.4.1  (01-01-2006)
Approval Process

  1. Once all the appropriate reviews, concurrences, and notifications have taken place, a Requisition Summary must be developed summarizing and indicating these findings. It must be attached to the requisition using the Attachment Option. Refer to Exhibit 2.21.1-3 for the Requisition Summary Template and Instructions.

  2. Approvers are the individuals in the requisition approval path who review the requisition and, if the requisition is correct, release it to the next person in the approval path.

2.21.1.4.2  (01-01-2006)
Requisition Signatory Authority Approver

  1. The Requisition Signatory Authority approver is the person who, under D.O. 28, has the authority to sign requisitions at specified dollar amounts and who ensures that the requisition is fully compliant with IRS requirements prior to forwarding it to the Financial Plan Manager. The Director Client Services is the person who under D.O. 28 has the authority to sign requirements for IT requisitions initiated from business units for all Functional Areas (aka PACS) and must be included in the webRTS approval path. The Requisition Signature Authority list can be found at the following web link:

    http://mits.web.irs.gov/DirectivesMgmt/DOs.htm

  2. The webRTS record for this requisition must include evidence that an individual who is authorized to approve this requisition, as specified in the Requisition Signatory Authority list or in an appropriate re-delegation memorandum, has approved this requisition and the date of the approval. IT requisitions initiated from business units that include the Director Client Services in the webRTS approval path constitutes evidence of authorized approval.

  3. This evidence may be the actual processing of the requisition by the approver in webRTS or if the approver does not use webRTS, a note should be inserted into the history record indicating that the requisition was approved by (name/title/symbols of authorized approver and date approved). If you are unsure who your "authorized approver" is, refer to the Requisition Signatory Authority list:

    http://mits.web.irs.gov/DirectivesMgmt/DOs.htm

  4. If the person who approves the requisition in webRTS is " Acting" for the authorized approver, include the following phrase in the webRTS history record:

    "Acting for" (name/title/symbols of authorized approver and date approved)

2.21.1.4.3  (01-01-2006)
Financial Plan Manager

  1. The Financial Plan Manager ensures that appropriate funding is available, the correct Internal Order (aka PCAS) code is used, the correct signature is on the requisition, based on the D. O., and is always the last person in the requisition approval path before the requisition is forwarded to Procurement.

Exhibit 2.21.1-1  (01-01-2006)
GLOSSARY

Acquisition Strategy – includes but is not limited to ensuring requirements can be fulfilled, providing for adequate competition/best value, and ensuring FAR social- economic goals can be met.

Approver – an individual in the requisition approval path who reviews the requisition and, if the requisition is correct, releases it to the next individual for approval.

Block Funding – covers funding of numerous items to be purchased.

Business Justification – consists of the technical requirements of the acquisition, how it supports the organization’s business requirement, how the business requirement supports the Strategic and Program Plan, a basis of cost estimate, and any other relevant information.

Business Requirement – a gap in the performance of a business mission or function that can be satisfied by the application of appropriate resources.

Business Units – the major IRS organizational components which include LMSB, SB/SE, TE/GE, CC, AWSS, MITS, NHQ, CI, C&L, W&I, TAS, and Appeals.

Business Systems Planner (BSP) – person responsible for ensuring that a business unit’s identified information technology business requirement is addressed in its Strategic and Program Plan.

Clinger-Cohen Act of 1996 – also known as the Information Technology Management Reform Act (ITMRA).

Disclosure Notification – allow notice to ensure that requirements of Internal Revenue Code (IRC) Sections 6103, 6104, 6110, and the Privacy Act are addressed. Section 6103 governs disclosure requests initiated by a person with a material interest; a material interest is an important interest and is generally financial in nature. All information which cannot be disclosed under IRC sections 6104 or 6110 is subject to disclosure rules under IRC 6103 including account information involving taxable and employment tax returns. The Privacy Act governs taxpayer as well as employee data andmust be met before the data can be disclosed. OUO information is extremely sensitive in nature and is material generally intended for use only by the highest officials within the IRS or is addressed to officials of the Department of the Treasury.

Disclosure Review – a review to eliminate instances involving unauthorized disclosures of or granting unauthorized access to Sensitive But Unclassified (SBU) data or information being gathered, managed, or obtained as a result of the development of an information technology system.

E-300 Business Case – required by OMB in Part 7 of Circular A-11, "Planning, Budgeting, Acquisition, and Management of Capital Assets" to obtain funding for specific Electronic and Information Technology (EIT) projects.

Financial Plan Manager – the person who ensures that appropriate funding is available and that the correct signature is on the requisition and is always the final person in the requisition approval path.

Government Cost Estimate (GCE) – the in-house developed costs projected by the government to secure contractual goods or services.

Point of Contact (POC) - person responsible who initiates the documentation to refine technical requirements needed for the requisition process. Also serves as a technical contact for submitted requisitions. POC may be the Requisitioner.

Privacy Impact Assessment (PIA) – provides a means to assure compliance with applicable laws and regulations governing tax payer and employee privacy and is required for all new systems, systems undergoing major modifications, and systems that are being re-certified.

Requisitioner– person responsible for initiating the requisition process within RTS and for obtaining necessary agency expertise and resources to a task in order to ensure the Information Technology (IT) acquisition is ready for forwarding to Procurement. Requisitioner may also be the POC.

Requisition Signatory Authority Approver – the person under D. O. 28 who has the authority to sign a requisition at specified dollar amounts and who ensures that the requisition is fully compliant with IRS requirements prior to forwarding it to the Financial Plan Manager.

Security Review – ensures that IT products or services being acquired are in alignment with the prevailing internal and external guidance and mandates, established internal systems, data and physical security policies, and technology standards.

Section 508 Compliance Review– a review conducted with the specific purpose to determine compliance with Section 508 requirements for electronic information technology. Federal agencies are required to develop, procure, maintain, and use EIT that provides comparable access to and use by employees and members of the public with disabilities, unless an undue burden would be imposed on the agency.

Strategic and Program Plan – describes the most important mission priorities or business requirements of an IRS organization, whether these are new initiatives or a continuation of current initiatives.

Technical Tier Owner– IRS organizational area responsible for reviewing and approving a requisition for compliance with standards relating to specified hardware, software, and telecommunication equipment.

Technical Tier Review – consists of an architectural, engineering, capacity, or standards review for an IT acquisition.

webRTS – a web-based version of the Request Tracking System (RTS) which provides a multitude of functions including the following: creating, routing, approving and funding requests for goods and services; status of requests; electronic receipt and acceptance; contract access to facilitate the building of requests; and enhanced document attachment functionality.

Exhibit 2.21.1-2  (01-01-2006)
Points of Contact

Office Point of Contact Phone E-Mail Organization Symbols
Operations Support Norah Stevens
Directives Management 		202-320-2748 norah.s.stevens@irs.gov OS:CIO:SM:C:DM
IRM 2.21.1 Questions ALC Help Desk   alchelpdesk@irs.gov  
Business Unit Initiated IT Requisitions Clarence Dasherl 202-927-7498 clarence.w.dasher@irs.gov OS:CIO:I:OS:CS
Security Wayne Williams 202-283-5276 wayne.r.williams@irs.gov OS:MA:S
Disclosure Review Julia Reasoner 202-622-5719 julia.n.reasoner@irs.gov CL:GLD:AM2:HQ:S
  Blanche Howard 202-622-5487 blanche.m.howard@irs.gov CL:GLD:AM2:HQ:S
Privacy Barbra Symonds 202-927-5170 barbra.symonds@irs.gov OS:MA:P
  Susan Dennis 202-622-5438 susan.dennis@irs.gov OS:MA:P
CMMI Level 2 Carol Grohman 202-283-6910 carol.b.grohman@irs.gov OS:A:P:S:B
Section 508 (Technical Standards Questions) 508 Program 202-283-0283 508@irs.gov OS:CIO:ES:SE
Tier I Donna Milton 202-283-5460 donna.m.milton@irs.gov OS:CIO:I:EO:OR:WM:CM
Tier II Pat Reisberg 304-264-5718 pat.l.reisberg@irs.gov OS:CIO:I:EO:SS:SM
Tier III Calvin Roussell- Servers and server components 504-558-3314 calvin.j.roussell@irs.gov OS:CIO:I:EU:TS:T
  Dan Shelton - Workstations/ Printers/Scanners 405-297-4062 dan.w.shelton@irs.gov OS:CIO:I:EU:TS:R
  Jane Trainham-Server Standards 512-464-3529 jane.a.trainham@irs.gov OS:CIO:I:EU:TS:T:SS
  Tina Walters - Software 304-264-5869 tina.m.walters@irs.gov OS:CIO:I:EU:ESM:I
Tier IV Gerri Monroe 202-283-4679 gerri.d.monroe@irs.gov OS:CIO:I:EN:P:V
  Curtis Elliott 210-841-2061 curtis.b.elliott@irs.gov OS:CIO:I:EN:S

Note:

The Points of Contact are subject to change; therefore, any changes will be reflected in the revised IRM.

Exhibit 2.21.1-3  (04-14-2006)
Requisition Summary Template and Instructions

  1. This template is a guide for the development of the Requisition Summary. The author should tailor the contents to support a project. The text below each set of instructions is provided as an example.

  2. The author using this template should be familiar with this IRM.

  3. Use the "Save as" command in Word and save this template into a new document file using the ".rtf" (rich text format) file type in lieu of Word’s standard ".doc " file format. Complete the template for each specific requisition. This applies to attachments formatted in WORD.

  4. Attach the completed Requisition Summary in WebRTS using webRTS’ Attachment function.

  5. Additional instructions:

    Instruction Instructional text and examples are provided for most sections. This information is identified by a gray box. Remove the instructional text and examples when finished editing the document in your word processing program.
    1.1
    1.2
    1.3 Italicized text    		 In some cases, sample text in an italicized font follows the instruction text boxes. This text should be modified or removed as appropriate, and the italics should be removed when finished.
    < Point of Contact> Text in blue should be replaced. For example, perform a find/replace to insert the actual POC name. Note that there may be more than one POC name associated with a requisition. The POC for a given task is the individual who executed that task.
    Select the Appropriate Comment From this section, choose the correct statement and delete the others. If necessary, use the "comments" field to add more information.

For an approved E-300 Business Case, the question addressing this issue on the Requisition Summary must be answered. In addition, the Business Case Number and Date of Approval must be inserted into the spaces provided. The only remaining area which needs to be completed on the Requisition Summary is the Disclosure Section since disclosure is not fully accounted for in the Business Case. The web link below contains the Disclosure information required to be completed.

http://mass.web.irs.gov/Privacy/safeguardscoverpage.asp

1. Business Justification

A Business Justification typically consists of a description of 1) the technical requirements of the acquisition, 2) how it supports the organization’s business requirement, 3) how the business requirement supports the Strategic and Program Plan, 4) a basis of cost estimate, and 5) any other relevant information. The Business Justification does not need to follow a particular format, as long as it includes the minimum items (1-4) above, and is incorporated as Item 1 in the Requisition Summary. Below is an example of a generic Business Justification.

Sample Text: This requisition is for acquisition of contractors to incorporate legislative changes into projectXXXXXXXXfor filing season implementation. The contractor support will include requirements analysis, documentation, coding, unit and integration testing, implementation support and post-implementation support. If this requirement is not funded, project XXXXXXXX’s readiness for filing season implementation will be seriously jeopardized.

2. Link to Strategic Plan/Budget Approval Point of Contact

To determine that a business requirement is linked to, or supported by, the MITS Strategic and Program Plan and budget, provide the Business Justification to the budget contact. Subsequently, the Budget contact provides you with the accounting string data required to initiate a requisition. In some cases, your requirements may be unfunded. While the requirement may still move forward, all involved parties must work together to effect a Financial Plan Change, which realigns funding within an appropriation. In this case, there must be a clear statement from the MITS Senior Executive Staff, Financial Policies function, that the requisition is unfunded, but that it is approved for further processing.

This information provided by [Budget Contact Name, Telephone, Symbols] on [date].

Select the appropriate comment:

If this is an approved E-300 Business Case, insert the following information:

Business Case No:________________ Date of Approval__________________

For all other cases, provide the following information:

_____The [insert project name] Project is included in the Program Plan, and this acquisition is funded. This acquisition is an appropriate and in-scope use of [insert name of Organization/Business Unit fund] funding.

The Strategy and Program Plan and Operational Priorities can be found at:

http://ram.web.irs.gov/library.htm

Spending Plan Item (SPI) Number _____________________
SPI Approval Date________________________

Strategy and Program Plan Strategy No.________________________
Operational Priority___________________

Comments:

3. Technical Tier Reviews

a) Technical Tier Review

Select the appropriate comment:

_____ A Tier [indicate Tier number] Office concurrence has been granted by [Name, Telephone, Symbols] of the Tier Office on [Date].

_____ The acquisition information was forwarded to [Name, Telephone, Symbols] of the Tier [indicate Tier number] Office on [Date].

_____ The Tier III [indicate Tier number] Technical Review Office has been included in the RTS routing path for review and approval. Please refer to RTS history section for the actual name of Technical Tier Reviewer and Date of Tier Approval.

Comments:

b) Security Review

Complete the Security Compliance Checklist, and if so indicated, contact Mission Assurance & Security Services at 202-283-5276 for additional help.

The Compliance Review Checklist for IT Acquisitions, Mission Assurance & Security Services, was completed by [POC Name, Telephone, Symbols] on [Date].

Select the appropriate comment:

_____ The Checklist results indicate it is unnecessary to send forward this acquisition for further review by Mission Assurance & Security Services.

_____ The Checklist results indicate it is necessary to send forward this acquisition for review by Mission Assurance & Security Services. [Name, Telephone, Symbols] of Mission Assurance & Security Services provided concurrence to proceed with this acquisition on [Date].

Comments:

c) Privacy Impact Assessment

IRS requires every system that contains Sensitive But Unclassified (SBU) data and personal identifiable information to have a Privacy Impact Assessment (PIA). This includes new systems, systems undergoing major modifications, and systems that are being re-certified. Privacy issues must be addressed when systems are being developed, and privacy protections must be integrated into the development life cycle of these automated systems. The PIA process can be found at: http://mass.web.irs.gov/privacy/pias.html

Select the appropriate comment:

_____ The Privacy review is not applicable, as this acquisition is not for a system which gathers personal information. [POC Name, Telephone, Symbols]

_____ The Privacy review is required and the appropriate acquisition information has been shared with [Name, Telephone, Symbols] of the Office of Privacy on [Date].

Comments:

d) Capability Maturity Model Integrated (CMMI) - Software Development Requirement

CMMI Level 2 compliance only applies to software development. If this acquisition is for software development, indicate this in the " Item Description" field of the webRTS record. For assistance contact the Office of Strategic Acquisition Initiatives at 202-283-6910.

Select the appropriate comment:

_____ This acquisition is not for software development; therefore, the requirement is not applicable. [POC Name, Telephone, Symbols]

_____ The CMMI requirement is applicable to this acquisition, and the webRTS "Item Description" field has been annotated to inform the Contracting Officer. [POC Name, Telephone, Symbols]

Comments:

e) Section 508 Compliance

Complete a Section 508 Determination and Findings review. Additionally, the following documentation must be sent to Procurement before an award can be made. For assistance go to the following web link: http://irap.no.irs.gov

A completed Determination & Findings for Purchase Request and,
If applicable, an EIT Commercial Non-Availability Certification or,
If applicable, an Undue Burden Exception Determination and Certification.

Complete the following three statements:

  1. The website http://irap.no.irs.gov was checked on [Date] and it was determined

    1. ____IRAP is required to be on the RTS approval path.

    2. ____IRAP is not required to be on the RTS approval path.

  2. The requisition documentation, based on instructions on the IRAP Website:

    1. ____Did not require that it be shared with the IRAP Office

    2. ____Required that it be shared with the IRAP Office, which was done on [Date]; however, no approval from IRAP was required.

    3. ____Required that it be shared with the IRAP Office, which was done on [Date]; and the approval from IRAP is attached.

  3. The appropriate Section 508 Determination Form as indicated on the IRAP website has been completed by [POC Name, Telephone, Symbols], and , if applicable, the EIT Commercial Non-Availability Certification or Undue Burden Exception Determination and Certification has been attached to the requisition.

    Comments:

f) Disclosure Review

Review the criteria below for Disclosure Review and check the statement that applies to your specific requisition. Additional information may be found at the following web link: http://mass.web.irs.gov/Privacy/safeguardscoverpage.asp

Select the appropriate comment:

_____ This requisition does not need to undergo review by Disclosure, because it is written against a Contract, BPA, GSA Schedule, or IAG that has already been reviewed and approved by the Office of Disclosure, it contains all appropriate current disclosure, safeguards, privacy act, and security provisions, and it falls under one of the following three exceptions:

  1. ___ Requisitions are only to fund (usually increase funding) and there are no other changes/actions.

  2. ___ Requisitions are only to exercise an option year and there are no other changes/actions (Director, Safety & Security, Mission Assurance & Security Services, will be contacted pursuant to IRM 1.16.3.2.5 (Contract Recertification)).

  3. ___ Requisitions are only to exercise a negotiated option that allows for an increase in the level of effort wherein that effort will either:

    1. ___ increase the hours current contractor staff will work, or

    2. ___ bring on additional staff of the contractor awarded said contract (and MBI as well as any other assurances concerning contractor staffing, as may be applicable, are in the Contract, GSA Schedule, IAG, BPA, etc.)

_____ Requisitions that do not require access to Sensitive But Unclassified (SBU) data by contractors or vendors for contract performance; e.g., janitorial services, photocopy repair services, printer maintenance repair services. It also excepts purchases of IT hardware and software that do not involve contractor/vendor services that would give them systemic access to SBU data via installations or any other avenue.

_____ This acquisition does not fall into one of the above exceptions, and a Disclosure Review is required, and the Disclosure Notification and/or Privacy Act box(es) on the Forms 1334 in RTS has(have) been checked.

Note:

Route all requisitions for procurements that affect more than one IRS Region (e.g., services will be required at Detroit Computing Center and Martinsburg Computing Center) to Blanche M. Howard@ blanche.m.howard@irs.gov for review/approval with a copy to the National Program Manager for Disclosure review, Julia N. Reasoner @ julia.n.reasoner@irs.gov. Requisitions for procurements that are limited in scope to a single Region only require routing to the local Disclosure Approving Official for review/approval. Please contact Ms. Reasoner or Ms. Howard if you need to identify your local Disclosure Approval Official or if you have any questions concerning Disclosure policies relative to acquisitions. See Exhibit 2.21.1-2, Points of Contact, for their current phone numbers.

Comments:

4. Acquisition Documentation

The following acquisition documentation has been completed:

a) Statement of Work or Technical Specification

______ Yes, and it ___is or ___ is not attached in webRTS

______ No

b) Government Cost Estimate/Market Research

______ Yes, and it ___is or ___ is not attached in webRTS

______ No

c) Acquisition Strategy (select all that apply)

_____ Yes, and it ___is or ___is not attached in WebRTS

_____Consists of the following contract vehicle:[State vehicle]

_____Is under development with [Name of Contracting Official, Telephone, Symbols]

Comments:

5. Delegation Order 28 Signature Authority List

Answer the following question and provide comments as needed. Further guidance on required "evidence" is provided in the notes below.


The webRTS record provides evidence of approval of this IT requisition by the appropriate authorized official.

______ Yes ______ No

Comments:

Notes:

The webRTS record for this requisition must include evidence that an individual who is authorized to approve this requisition, as specified in the Requisition Signatory Authority List, which is based on Delegation Order 28 and its re-delegation letters, or in an appropriate re-delegation memorandum, has approved this requisition and the date of the approval. IT requisitions initiated from business units must include the Director Client Services in the approval path as evidence of authorized approval.

This evidence may be the actual processing of the requisition by the approver in webRTS or if the approver does not use webRTS, a note should be inserted into the history record indicating that the requisition was approved by (name/title/symbols of authorized approver and date approved). If you are unsure who your "authorized approver" is, refer to the Requisition Signatory Authority List.

If the person who approves the requisition in webRTS is " Acting" for the authorized approver, include the following phrase in the webRTS history record:

"Acting for" (name/title/symbols of authorized approver and date approved)


More Internal Revenue Manual