Sample IT Purchasing Policy Template
Contents
The purpose of an IT purchasing policy is to define standards, procedures, and restrictions for the purchase of all IT hardware, software, computer-related components, and technical services purchased with {COMPANY-NAME} funds.
Purchases of technology and technical services for {COMPANY-NAME} must be approved and coordinated through the IT Department.
Free Security Policy Templates
Get a step ahead of your cybersecurity goals with our comprehensive templates.
Overview
Information Technology purchasing at {COMPANY-NAME} must be managed to ensure compatibility and to control costs of the technology and services requested.
Scope
The scope of this policy includes, but is not limited to, the following {COMPANY-NAME} technology resources:
- Desktops, laptops, smartphones/PDAs, cell phones, tablets, TCDs, TCRs, and servers
- Software running on the devices mentioned above
- Peripheral equipment, such as printers and scanners
- Cables or connectivity-related devices
- Audio-visual equipment, such as projectors and cameras
This policy extends to technical services, such as off-site disaster recovery solutions and Internet Service Providers (ISPs), as well as professional services, such as consultants and legal professionals hired through the IT Department.
These include, but are not limited to, the following:
- Professionals or firms contracted for application development and maintenance
- Web services provided by a third party
- Consulting professionals
- Recruiting services
- Training services
- Disaster recovery services
- Hosted telephone services
- Telephone network services
Data network services
Policy Detail
All hardware, software, or components purchased with {COMPANY-NAME} funds are the property of {COMPANY-NAME}. This also includes all items purchased using a personal credit card, for which the employee is later reimbursed.
All purchase requests for hardware, software, computer-related components, internet services, or third-party electronic services must be submitted to the IT Department, via the Service Desk, for final purchase approval. If the requested item is already in inventory, then it will be made available to the requestor, assuming that it meets organizational unit goals.
For Purchases Within IT
A procurement procedure is maintained by the VP of IT. Purchasing within the IT Department falls under four general categories.
- Standard Items
- Purchase of items, which have been pre-approved by IT management, that require only a Service Desk request.
- The standard items list, located in the IT procedure documentation, contains preapproved vendors and products which {COMPANY-NAME} has standardized. Standard items have been proven to be both supportable by the IT Department, as well as cost effective.
- Non-Standard Items
- Purchase of non-standard items/services, which are not classified as capital expenses, such as non-standard hardware/software that is expensed or contracted services.
- Non-standard purchases should be minimized as much as reasonably possible. Requests for non-standard items will go through a formal selection process that will involve thorough vendor sourcing. IT will review non-standard purchases for viability of support and compatibility.
- The selection process may vary depending on the type, cost, and other purchase significance factors. Before approval will be granted, employees or departments requesting non-emergency specialized software, or components, must submit a plan detailing how this item will be supported. Support options include assigning a staff member to maintain and/or support the component, arranging for external vendor support, or arranging for a service-level agreement with the IT Department.
- Individuals requesting non-standard items for purchase can suggest a potential vendor, if a pre-existing relationship exists between that vendor and {COMPANY-NAME}.
- Capital Expenses
- Purchase of non-standard capitalized hardware, software, or equipment.
- Capitalized expenditures, defined as hardware, software, or equipment above $2,500.00 or as specified in the {COMPANY-NAME} Fixed Asset Policy, which are capitalized by {COMPANY-NAME}, must go through the CFO and CEO for approval. These purchases may only be requisitioned by department managers. The purchase selection process for these expenditures will be evaluated by Senior Management.
- Employee Purchasing
- Items that do not require any purchase approval.
System Replacement
Major technology purchases are approved through the budgetary process. Equipment replaced during the course of any period shall be based on a minimum annual review of the asset management program and hardware replenishment schedule, hardware inventory, and fixed asset budget schedules.
Asset Management Program
Certain classes of {COMPANY-NAME} assets, as defined below (“Qualified Assets” or “Asset”), procured or curated by the {COMPANY-NAME} Information Technology department shall be duly managed with the objective of protecting them from misappropriation and unplanned obsolescence. Methods shall be devised and followed to allow for asset identification, assignment, tracking, lifecycle management, reporting, and disposition.
Included asset classes are as follows: Technology equipment, computer hardware, peripherals, and other items purchased by {COMPANY-NAME} IT or managed by same that are:
- semi-permanent in their end-user assignment (example: specific person, department) or purpose (example: loaner laptop, projector) AND
- are valued at greater than $300 AND
- are not high-turnover or frequently moved devices (example: small peripherals such as mice and ID scanners)
Reimbursable Expenses
Paying for and/or reimbursing employees will be handled with a completed Expense Report submitted to the VP of IT.
{COMPANY-NAME} will also include expenses incurred by employees and will reimburse the following, in addition to standard travel expenses, as indicated in the Employee Reimbursement Policy:
- Standard item peripheral hardware
- Business related shipping/courier expenses
Article by
Jason Firch, MBA
Jason is a proven marketing leader, veteran IT operations manager, and cybersecurity expert with over a decade of experience. He is the founder and CEO of PurpleSec.
Jason Firch, MBA
Jason is a proven marketing leader, veteran IT operations manager, and cybersecurity expert with over a decade of experience. He is the founder and CEO of PurpleSec.
Share This Page
Our Editorial Process
Our content goes through a rigorous approval process which is reviewed by cybersecurity experts – ensuring the quality and accuracy of information published.
Categories
The Breach Report
Our team of security researchers analyze recent cyber attacks, explain the impact, and provide actionable steps to keep you ahead of the trends.
Related Templates
An acceptable use policy outlines the use of computer equipment. Inappropriate use exposes the company to risks including virus attacks, compromise of network systems and services, and legal issues.
This policy defines the requirement for reporting and responding to incidents related to the company’s information systems and operations
A penetration testing policy provides guidance for managing a penetration testing program and performing penetration testing activities with the goal of improving defensive IT security
The purpose of an internet usage policy is to establish the rules for the use of company Internet for access to the Internet or the Intranet.
The company must prioritize its assets and protect the most critical ones first; however, it is important to ensure patching takes place on all machines.
