Requests For Exemption may be submitted for Enterprise Architecture (EA) Standards or for Information Technology Statutory Policy, which includes IT Procurement and IT Planning. Below you will find the required forms, additional documents that may need to be completed, and instructions for how to submit the requests.

Enterprise Architecture Standards

North Dakota Century Code (Chapter 54-56-09) mandates that NDIT and OMB must develop Information Technology standards, policies, and guidelines. This is accomplished collaboratively with participation from state agencies in the Enterprise Architecture program. All standards, policies, and guidelines are available online.

Requesting an Exemption from EA Standards and Policies

Agencies who are not able to comply with one or more EA Standards must follow the process below .

  1. The agency completes an Request for Exemption from Information Technology Standards or Statutory Policies (SFN 51687).
  2. The agency submits an electronic version of the document to NDIT.
  3. The Architecture Team (Application, Data, Security, or Technology) that is the owner of the EA Standard(s) for which the exemption is being sought conducts an initial review of the submission. Agencies may be asked for additional information and/or clarification.
  4. One or more of the remaining Architecture Teams may be asked by the owning Architecture Team to review the submission.
  5. The Information Technology Coordinators Council reviews the submission.
  6. The owning Architecture Team develops a recommendation to the CIO to approve the request, deny the request, or approve the request with conditions.
  7. The EA Program Administrator develops an online EA Survey for all EA participants to complete if they wish.
  8. The CIO reviews the survey results and makes a decision.

 

Statutory Hosting Policy

North Dakota Century Code (Chapter 54-59-22) mandates that NDIT must provide hosting services for electronic mail, file-and-print server administration, database administration, storage, and application servers.

Requesting an Exemption from IT Statutory Policy

Agencies who intend to award a hosted service or application to an external hosting provider must first request an Exemption from IT Statutory Policy. This request needs to be made after the intent to award but before the contract is signed. The process includes these steps:

  1. The agency completes a Request for Exemption from Information Technology Standards or Statutory Policies (SFN 51687).
  2. The vendor completes an IT Application Questionnaire.
  3. The vendor provides a SOC 2 Audit report.
  4. The vendor provides a Third Party Vulnerability and/or Penetration Test report.
  5. The agency submits electronic versions all four documents to NDIT.
  6. NDIT conducts an initial review of the submissions. Agencies may be asked for additional information and/or clarification.
  7. NDIT may schedule a meeting or series of meetings and/or conference calls with the agency, vendor, and NDIT.
  8. NDIT submits its recommendation to the Office of Management and Budget (OMB) for approval or denial of the request.
  9. NDIT notifies the agency regarding the final decision from NDIT and OMB.

NDIT's Service Level Objective is to complete the process within 30 days of receiving an agency's submission.  Due to complexity, some requests may require more than 30 days. Agencies are strongly encouraged to account for this process when building project schedules.

 

Information Technology Planning

North Dakota Century Code (Chapter 54-59-11) mandates that each executive branch state agency or institution participate in the IT Planning Process and submit an IT Plan every even-numbered year.

Requesting an Exemption from the IT Planning Process

  1. The agency completes a Request for Exemption from Information Technology Standards or Statutory Policies (SFN 51687).
  2. The agency submits an electronic version of the completed form to NDIT.
  3. NDIT conducts an initial review of the submission. Agencies may be asked for additional information and/or clarification.
  4. NDIT may schedule a series of meetings and/or conference calls between the agency and NDIT.
  5. The CIO will approve or deny the request and the agency will be notified.