The IT Lifecycle

A very brief description of the IT lifecycle can help us understand the importance of different aspects of the procurement process. Descriptions vary, but generally the IT lifecycle can be described in three broad parts:

• Development and integration: Hardware and software must first be well designed. When a piece of hardware or software is poorly designed, there may be no way for the buying organization to meaningfully secure it. When designed well, it must then be properly implemented and integrated into the election infrastructure. This integration is sometimes part of the procurement of the hardware or software or could be managed by a separate operations team.

• Patching and maintenance: Even with a successful initial configuration and integration, organizations need to manage their IT in a continually changing environment. This requires up-to-date training for personnel, well-defined and executed security processes, and ongoing and effective management of services.

• End-of-contract and end-of-life transition: Organizations must understand the expected life of the hardware or software upfront and have a reasonable plan for replacing it. Vendors, especially service providers, should be prepared to work with election officials to plan for this from the beginning. This should also include transitions if a different vendor wins the contract.