Requests For Exemption may be submitted for IT Standards or for IT Statutory Policy, which includes IT Procurement and IT Planning. Below you will find the required forms, additional documents that may need to be completed, and instructions for how to submit the requests.

Information Technology Standards

North Dakota Century Code (Chapter 54-56-09) mandates that NDIT and OMB must develop Information Technology standards, policies, and guidelines. This is accomplished collaboratively with participation from state agencies with Enterprise Architecture program.

Requesting an Exemption from IT Standards and Policies

Agencies who are not able to comply with one or more IT Standards must follow the process below .

  1. The agency completes an Request for Exemption from Information Technology Standards or Statutory Policies (SFN 51687).
  2. The agency submits an electronic version of the document to NDIT.
  3. The Architecture Team conducts an initial review of the submission. Agencies may be asked for additional information and/or clarification.
  4. The Architecture Team develops a recommendation to the CIO to approve the request, deny the request, or approve the request with conditions.
  5. The CIO reviews the survey results and makes a decision.

 

IT Statutory Policy

North Dakota Century Code (Chapter 54-59-22) mandates that NDIT must provide IT services for electronic mail, file-and-print server administration, database administration, storage, and application servers.

Requesting an Exemption from IT Statutory Policy

Agencies who intend to award a service or application to an external provider must first request an Exemption from IT Statutory Policy. This request needs to be made after the intent to award but before the contract is signed. The process includes these steps:

  1. The agency completes a Request for Exemption from Information Technology Standards or Statutory Policies (SFN 51687).
    1. Request exemption from the IT Services Standard
  2. The vendor completes an IT Application Questionnaire.
  3. The vendor provides a SOC 2 Audit report.
  4. The vendor provides a Third Party Vulnerability and/or Penetration Test report.
  5. The agency submits electronic versions all four documents to NDIT.
  6. NDIT conducts an initial review of the submissions. Agencies may be asked for additional information and/or clarification.
  7. NDIT may schedule a meeting or series of meetings and/or conference calls with the agency, vendor, and NDIT.
  8. NDIT submits its recommendation to the Office of Management and Budget (OMB) for approval or denial of the request.
  9. NDIT notifies the agency regarding the final decision from NDIT and OMB.

NDIT's Service Level Objective is to complete the process within 30 days of receiving an agency's submission.  Due to complexity, some requests may require more than 30 days. Agencies are strongly encouraged to account for this process when building project schedules.

 

Information Technology Planning

North Dakota Century Code (Chapter 54-59-11) mandates that each executive branch state agency or institution participate in the IT Planning Process and submit an IT Plan every even-numbered year.

Requesting an Exemption from the IT Planning Process

  1. The agency completes a Request for Exemption from Information Technology Standards or Statutory Policies (SFN 51687).
  2. The agency submits an electronic version of the completed form to NDIT.
  3. NDIT conducts an initial review of the submission. Agencies may be asked for additional information and/or clarification.
  4. NDIT may schedule a series of meetings and/or conference calls between the agency and NDIT.
  5. The CIO will approve or deny the request and the agency will be notified.