Procurement Review Checklist User Guide

O.C.G.A. 50-29-3 defines a technology investment or procurement as:

... the commitment of resources to any product or service that consists of or relies upon IT to capture, process, store, share, or otherwise manipulate data that is managed by a state entity.

One of the most critical elements of a successful procurement is making sure the supplier(s) understand what the state requires and desires of their products and services. The procurement review checklist (RFP checklist) contains a variety of suggested, sometimes mandatory, language that will assist you and the supplier(s) through the procurement, bidding, and engagement processes. The checklist helps everyone remain on the same page each step of the way.

The RFP checklist should be used on all agency procurements that contain a technology component.

It has been designed to help you determine which recommendations and specific language apply to your procurement. It is not considered a comprehensive source for all terms and conditions, but a basic guide with suggestions from experienced IT professionals.

You will be asked to confirm that you have reviewed your procurement documents using this checklist on all future submissions to GTA.


The Excel worksheet has two tabs, "general checklist" and "information security." These tabs have been segregated in case you want to distribute these sections to different members of your team.

Color-coded items are designated "mandatory" and must be addressed or could prevent timely approval. See the "mandatory items" section below.


Expand each item below for detailed information on what to expect in each of the checklist's columns.

  • Risk area

    Major areas of concern for technology procurements.

  • Category

    More targeted areas within each risk area that will help you refine your search. This column and "risk area" can assist you in distributing review responsibilities to various organizations and personnel.

  • Review criteria

    Questions and statements to assist you in determining where you need to include specific guidance for the supplier community. For example:

    • How will you ensure that the proposed solution can be utilized by all users both inside and outside your organization? - General checklist, line 59.
      • It will be important for the proposed solution to be compatible with browsers and software the state uses. There is generic language that will clarify this for your supplier.
    • The state requires that supplier employees who have access to state data undergo background checks. - General checklist, line 78.
      • You must make suppliers aware of this prior to bidding so they are prepared to comply.
    • Will there be a need for the supplier to generate a one-time or recurring billing to the state for their products or services? - General checklist, line 2.
      • If the answer to this question is yes, the state mandates that suppliers follow the Generally Accepted Accounting Practices (GAAP). There is suggested language for you to include in your documents to cover this.
  • Suggested language

    This column will include tested language for describing state business and technical requirements. It may also include links to state policies and legislation supporting the language.

  • Location

    Used to capture the document name and page number where each item is addressed in the documents. This can be used for your internal review or in communicating with GTA.

  • Internal review comments

    To capture comments from participants in internal reviews.

Mandatory items

GTA has identified some mandatory minimums that must be met prior to initiating review of agency procurement documents. These include:

  • Agency procurement review validation form
    • This form confirms that all appropriate stakeholders within your organization have reviewed and approved the documents prior to their submission.
      • Business owner
      • CIO
      • Information security officer
      • Agency procurement officer
  • Inclusion of state policies, standards, and guidelines (PSGs) language
    • The state has numerous PSGs that govern IT. GTA has developed boilerplate language that must, at a minimum, be included in procurement documents. This language can be found on row 8, column E of the general checklist tab.
  • Approval from DOAS to move forward with the procurement
  • Request for exemption from state PSGs
    • If your CIO, information security officer, or other stakeholders believe that this initiative will require an exemption from standing state PSGs, an exemption must be obtained prior to contemplating the procurement. A list of the state security PSGs is embedded in the checklist on the information security tab, cell 3D.


The checklist is a living document that will be updated and improved with every procurement we review and the help of your input.

Please submit your suggestions and feedback to [email protected].