A Brief Summary of IT Procurement in Elections#

To successfully execute a procurement, election administrators should understand a few basic concepts. Learn more about these processes in the latter sections of this guide, including on security risk, the IT product and services lifecycle, and a more detailed primer on the IT Procurement Process.

Protecting Confidential Security Information#

Cybersecurity often implicates a tradeoff between confidentiality in security techniques and maximizing transparency of government activities. Many vendors are hesitant to share security information that, if disclosed, could benefit attackers or industry competitors. Yet government offices have a fundamental obligation to share information with the public.

Election offices should consult with their legal and procurement teams to better understand what information can be held closely, and what must be released. During procurements, this determination should be made clear to potential proposers as well as how to mark information as proprietary and confidential. If you are unable to protect vendor proprietary and confidential information from disclosure, you should expect to receive less detailed information from proposers.

The Players#

Typically, election officials and their teams, procurement teams, and IT teams all have a role to play in election IT procurements. In many jurisdictions, poll workers and the public are also involved, and elected officials often have a critical role in setting priorities and budgets. To the extent possible, this is good for transparency and may also provide opportunities to educate others about your approach to security.

Election officials are the customer, and procurement and IT teams are there to help the election officials achieve their goals. While these different entities may be in the same organization, they may not always see the problem the same way. Together, by focusing on their respective roles and communicating well, these teams can complete efficient and effective procurements.