IT Procurement and Asset Management Policy

.
Working together to drive excellence in

care for our patients and communities
our patients and communities
IT PROCUREMENT AND ASSET MANAGEMENT POLICY
Version 6
Name of responsible (ratifying) committee Finance & Infrastructure Committee
Date ratified 29 October 2018
Document Manager (job title) Head of IT
Date issued 15 November 2018
Review date 14 November 2020
Electronic location Management Policies

IT Security Policy, Standards of Business Conduct
Code of Financial Procedures, Local Fraud and
Corruption Policy, Detailed Scheme of Delegation
Policy, Standing Financial Instructions, Standing
Orders for Portsmouth Hospitals, Representatives
Policy, Information Governance Policy, Information
Related Procedural Documents
Governance Due Diligence Form, Information Asset
Owners – Responsibilities, Privacy Impact
Assessment, Procurement Requirements for
Portsmouth NHS Trust, NHS South of England
Procurement Services – Procurement Manual,
Business Case Policy
IT procurement, IT Systems, IT equipment, IT
purchase, procuring IT, IT Assets, managing IT
Key Words (to aid with searching)
systems, managing IT assets, software licencing, IT
contract management
Version Tracking
Version Date Ratified Brief Summary of Changes Author

6 29/10/18 General updates, corrections and additions plus addition of C Tite
references to annual Business Planning and Capital Planning cycles
5 26/01/16 In consultation with NHS South of England Procurement Services, full C Tite
review, refresh & update of policy
IT Procurement and Asset Management Policy

Version: 6
Issue date: 15 November 2018
Review date: 14 November 2020 (unless requirements change) Page 1 of 17
CONTENTS
1. INTRODUCTION..............................................................................................5
2. PURPOSE.......................................................................................................5
3. SCOPE............................................................................................................ 6
4. DEFINITIONS..................................................................................................6
5. POLICY STATEMENTS...................................................................................7
6. DUTIES AND RESPONSIBILITIES..................................................................8
7. PROCESSES.................................................................................................10
7.1 Planning & Control................................................................................10
7.2 Procurement of IT Assets......................................................................11
7.3 Procurement of IT Systems...................................................................11
7.4 Procurement of Maintenance................................................................12
7.5 Contract Management...........................................................................13
7.6 Asset Management...............................................................................13
8. TRAINING REQUIREMENTS........................................................................14
9. REFERENCES AND ASSOCIATED DOCUMENTATION..............................14
10. EQUALITY IMPACT STATEMENT................................................................14
11. MONITORING COMPLIANCE WITH PROCEDURAL DOCUMENTS............15
EQUALITY IMPACT SCREENING TOOL.................................................................16

Version: 6
QUICK REFERENCE GUIDE
For quick reference the guide below is a summary of actions required. This does not negate
the need for those involved in the process to be aware of and follow the detail of this policy.
1. Failure to engage with NHS South of England Procurement Services and the IT
Department within adequate timescales may result in delays, and possible
cessation, of procurements of IT Assets and Systems. Further, it could result in
purchased items not being fit for purpose or incompatible with the Trust’s wider IT
systems and network operation.
2. This policy is applicable to the day to day management of IT Assets and Systems
by each Trust Department and applies to all IT Assets and Systems purchased by
or on behalf of the Trust, including Computer Systems, individual pieces of
computerised equipment, software and any equipment that is to be connected to or
used with IT infrastructure (e.g. peripheral equipment, digital cameras, medical
equipment that electronically stores files/data on the Trust’s central file storage IT
Systems, and equipment that will transmit data across the Trust’s network.).
3. It is the policy of the Trust that all procurement of IT Assets and Systems (clinical
and non-clinical IT Systems) is led by NHS South of England Procurement Services
and undertaken and implemented by the IT Department in conjunction with the
Department or Client Lead.
4. All procurement will be subject to adequate controls, process and procedures being
applied, based upon its estimated value. In all instances the Trust’s Standing
Orders, Standing Financial Instructions, Procurement Policies and NHS South of
England Procurement Services requirements and codes of conduct apply when
procuring IT Assets and Systems and a business case needs to be approved when
required as per the Trust’s Business Case Policy. Special attention needs to be
given to NHS South of England Procurement Services Procurement Manual which
contains guidance regarding the exercise of procurement processes.
5. Single Tender Waivers are not a procurement process and their use shall be limited
to those circumstances specified within the Trust’s Standing Orders, Standing
Financial Instructions following prior discussion with and agreement from NHS
South of England Procurement Services.
6. Whole Life Costs must be considered including any extensions. Contracts for IT
Systems will have a determined duration; before contracts expire the Trust needs to
consider the market and the current Trust needs.
7. All IT Systems purchased shall be assigned Information Asset Owners (IAO) and
registered in the Trust’s information asset registers.
8. IT Assets and Systems shall only be used within their contracted and procured
limits.
9. All IT Assets and Systems shall be adequately administered and maintained to

ensure they remain fit for purpose and compliant with licenced conditions of use
during the whole life of the Asset or System.
10. The following diagram illustrates the Procurement process to be followed.

Version: 6
ASSETS SYSTEMS
Department Highlights need to Department Highlights need to

Purchase Purchase
(new, upgrade) (new, upgrade, development, annual
renewal)
Requestor highlights
need to purchase Contact Contact
(new, upgrade, etc.) IT procurement
Start of Pre-Procurement Stage

Requestor
Requestorsubmits
submits
request
requesttoto
Procurement
Procurementand andITIT 1. Strategic Fit
Department
Department 2. Priority Criteria Proceed?
3. Viability
Requestor submits
Procurement and IT 1. Technical compatibility
request to
Department review Criteria 2. Funding source confirmed Feasibility review
Procurement and IT
and Process request 3. Priority
Department
1. Technical compatibility
2. Benefit realisation
Yes 3. Resourcing priority Criteria Proceed?
Additional items Obtain costs for
required? items necessary 4. Whole Life Cost Funding
5. Information Governance
No
viable
IT Department
Not viable Business Case
advises requestor of
initial & on-going
costs
Continue with Trust approval

Yes
purchase? as per SFI’s
No
Develop specification
(as per SoEPS Develop evaluation
template)
No further action
Procurement Process=
Tender
Award
IT Responsibilities
CSC Responsibilities
Sign contract and raise
CSC/ IT Responsibilities - assisted by procurement requisition
Procurement Responsibilities
Raise Purchase Order

Version: 6
1. INTRODUCTION
This policy forms part of an overall set of Trust policies that define and control
deployment and use of the Trust’s IT Assets and set standards and practices for
information security management.
Information technology is a key asset used to support the delivery of the Trust’s
clinical services and management processes. The hardware and software that
makes up core IT Systems and infrastructure; the data processed and stored; and
information flows supported are vital resources for the Trust. They must be
procured, supported, maintained, protected and disposed of accordingly.
Poor procurement and asset management of IT Systems and individual
components pose grave risks to the Trust, its staff and patients. It can lead to
unplanned expenditure, wasted money and staff time, failure of Systems and
equipment to perform as required, disruption of core IT infrastructure (and thus
Trust services), prosecution or levy of fines for breach of software licensing and
inadequate supplier support in event of failure. Ultimately it can endanger the lives
and health of patients and staff.
All public sector procurement is subject to European and National Legislation.
There are strict processes and procedures that must be followed, based upon the
nature and value of items being purchased. The Trust ensures its statutory
obligations are met through the implementation of financial and procurement
policies, standing orders, requirements, guidelines and the engagement of
authorised and expert resources.
It is the policy of the Trust that all procurements of IT Assets and Systems must be
undertaken and implemented:
 by NHS South of England Procurement Services and the IT Department in
accordance with this document and the Trust’s Standing Financial
Instructions, Standing Orders, policies and requirements;
 in compliance with National and European Procurement Legislation; and
 comply with GS1 and PEPPOL Standards.
Failure to engage with NHS South of England Procurement Services and the IT
Department in necessary timescales may result in delays, and possible cessation,
of procurements of IT Assets and Systems, and could result in purchased items not
being fit for purpose or incompatible with the Trust’s wider IT systems and network
operation.
2. PURPOSE
This policy intends to create awareness of obligations related to the procurement
and management of IT Assets and Systems, and specifically aims to ensure that IT
Assets and Systems purchased for use by the Trust align with the Trust’s strategic
plans and route maps; comply with standards set through the Trust’s IT policies and
guidelines and; are compatible, supported and maintainable in line with the contract
agreed.
This policy is designed to:
 establish the process to procure and manage IT Systems and Assets;
 protect the Trust from risks associated with poor and inappropriate
procurement and management of IT Assets and Systems;
 lay out the requirements to ensure Systems are used within their defined and
contracted limits;

Version: 6
 ensure purchases align with the Trust’s strategic plans and comply with set
standards;
 ensure IT Systems are registered within the relevant Information Asset
Registers;
 ensure IT Assets are registered within the IT Department asset management
system; and
 ensure IT assets are compatible, supported, maintainable and correctly
licensed.
This Policy does not stand in isolation, and must be implemented in conjunction
with the wider range of procurement and financial policies, standing orders and
standards of the Trust.
3. SCOPE
3.1 This policy applies to all IT Assets and Systems purchased by or on behalf of the
Trust. Including:
 Computer Systems.
 Individual pieces of computerised equipment.
 Software.
 Equipment that is to be connected to or used with IT infrastructure such as
peripheral equipment, digital cameras, medical equipment that electronically
stores files/data on the Trust’s central file storage IT Systems, and equipment
that will transmit data across the Trust’s network.
3.2 This policy applies to IT Assets and Systems purchased via any funding source.
For the benefit of doubt this includes but is not limited to:
 Revenue budgets
 Capital expenditure
 Charitable and external funds
 Successful bids for external funding
3.3 This policy applies to all persons (including employees, voluntary and bank workers,
contractors, agency and sub-contract staff, locums, partner organisations, suppliers
and customers) who intend to procure or request the procurement of IT Assets and
Systems for use by or on behalf the Trust.
3.4 In the event of outbreak of an infection, flu pandemic or major incident. The Trust
recognises that it may not be possible to adhere to all aspects of this document and
in such circumstances, staff should take advice from their manager and all possible
action must be taken to maintain ongoing patient and staff safety.
4. DEFINITIONS
4.1 The term ‘IT System’ is used to cover the combination of application and operating
system software, databases, servers and other infrastructure and devices used to
access and use applications. Systems are usually intended for use by many
people.
4.2 The term ‘IT Asset’ is used to cover all items of computer hardware and software
used by or on behalf of the Trust and equipment that connects to it. This includes
devices (e.g. computers, lap tops, tablets and smart devices), peripheral equipment
(e.g. printers, cameras, scanners) and software for use on, or with, computer
equipment.

Version: 6
4.3 The “Information Asset Owner” or “IAO” is a senior member of staff who is the
nominated owner for one or more identified Information Assets of the Trust and is
responsible for the management and control of the Information Assets together with
their contracted arrangements.
4.4 “Information Asset” means IT System, paper system or any other identifiable
collection of data stored in any manner and recognised as having value for the
purpose of enabling the Trust to perform its business functions.
4.5 The “Client Lead” is a senior member of staff who is the nominated lead for the
requesting Service or Department wishing to procure an IT Asset or System. This
person may also be the IAO or Service / Department Manager responsible for
management of their Service / Department’s IT Assets or Systems, but is identified
separately in this document to distinguish procurement responsibilities from ongoing
IT asset management responsibilities.
4.6 “Software” means machine readable instructions, programs, libraries and
associated documentation that are used by computers to perform general and
specific tasks and functions.
4.7 “Whole Life Cost” includes but is not limited to the initial purchase cost, installation
and configuration, interfaces and integration with other systems, data migration and
any other bespoke development, training, software, escrow agreements, hardware
costs (initial and any projected mid-term refresh), consumables, licenses, and
annual support and maintenance costs totalled over both the initial core term and
any optional extension periods. It should also consider and include the possible
future expansion of the system in terms of functionality and scope and any increase
in the number of users that need to be licensed.
5. POLICY STATEMENTS
5.1 All IT Assets and Systems purchased by the Trust are the property of the Trust and:
o shall be deployed and utilised as deemed most effective to the Trust’s needs,
and objectively demonstrate best value for money is obtained;
o follow best procurement practice as per the Trust Policies and applicable
legislation
5.2 Procurement of IT Assets and Systems shall be subject to necessary controls that
ensure:
o The strategic fit, alignment and prioritisation of items being purchased
o Technical, operational and maintenance compatibility with appropriate
existing IT Systems and infrastructure
o Benefits of purchase are identified and realised
o Compliance with legislation and the Trust’s own governance and control
requirements (e.g. Information Governance) are met
5.3 In all instances the Trust’s Standing Orders, Financial Instructions, Business Case
and Procurement Policies and NHS South of England Procurement Services
requirements and codes of conduct apply when procuring IT Assets and Systems.
5.4 All procurement will be subject to adequate process and procedure being applied,
based upon its estimated Whole Life Costs, as defined in the Trust’s Standing
Financial Instructions and guided by NHS South of England Procurement Services.
5.5 Procurements of IT Assets and Systems must be undertaken and implemented by
the IT Department, who are responsible for engaging with NHS South of England
Procurement Services. Requesters intending to procure IT Assets or Systems for

Version: 6
use by the Trust must undertake such procurement through, or with the written
approval of, the Director of Procurement and Commercial services at NHS South of
England Procurement Services and the Head of the IT Department.
5.6 Based upon estimated Whole Life Cost (including extensions), as per Trust
Standing Financial Instructions, and as defined in requirements and guidance
provided by NHS South of England Procurement Services, all procurement within
the Trust is to be subjected to adequate processes and procedures being applied.
Contracts will have a determined duration (no rolling contracts are allowed) and
before contract expiry, the Trust will consider the market and the current trust
needs.
5.7 The IT Department shall not, without adequate and suitable further justification,
approve or proceed with the procurement of IT Assets and Systems that do not
comply with the requirements of this policy, plans, standards or expectations.
5.8 All IT Assets purchased (excluding consumable items, e.g. keyboards, mice, etc.)
shall be registered in the IT Department’s asset management system and asset
tagged before being issued or put into use.
5.9 All IT Systems purchased shall be assigned Information Asset Owners and
registered in the Trust’s information asset registers.
5.10 IT Systems shall only be used within their contracted and procured limits.
5.11 IT Assets and Systems shall be adequately administered and maintained to ensure
they remain fit for purpose and compliant with licenced conditions of use during the
whole life of the System and Asset.
5.12 The extension of the scope or functionality of an IT System beyond that originally
approved for purchase shall constitute and be subject to the same criteria as the
procurement of a new IT system.
6. DUTIES AND RESPONSIBILITIES

6.1 IT Committee
6.1.1 The IT Committee acts as the point of escalation for issues arising from this Policy.
6.2 NHS South of England Procurement Services
6.2.1 NHS South of England Procurement Services and its staff are responsible when
engaged by the Trust for:
 Ensuring that any requests for IT Assets or Systems received directly are
referred to the IT Department for review and technical approval before
procurement is initiated.
 Promoting compliance with European and National Procurement Legislation,
Trust Standing Financial Instructions and other related policies.
 Ensuring best value for money is obtained, taking into account lifetime costs
associated with purchase of goods and services.
 Provision of expertise, market intelligence, material and guidance to support
sourcing, specification, evaluation, negotiation.
 Working closely with the IT Department and the requesting Department
ensuring due process is followed.
6.3 The IT Department
6.3.1 The IT Department and its staff are responsible for:
 As part of the annual Trust Business Planning cycle, collating all IT
investment requirements notified to them by Services and Departments,
Version: 6
involving appropriate stakeholders in prioritising them in accordance with
Trust Strategy, gaining formal approval for the annual IT Development
Programme and notifying Services and Departments which investments will
be funded.
 Managing the procurement of all IT Assets and Systems on behalf of the Trust
in accordance with this policy, Standing Financial Instructions, European and
national legislation.
 Arranging the assignment of Information Asset Owners and Clinical Safety
Officers for core IT Systems and infrastructure.
 Engaging and working closely with NHS South of England Procurement
Services to provide specialist procurement support at every stage of the
procurement.
 Agreeing sources and channels for the provision of IT Assets with NHS South
of England Procurement Services.
 Reviewing IT Assets and Systems to verify that they align with the Trust’s
strategic plans, route maps and standard equipment lists and; comply with
standards set through the Trust’s IT policies and guidelines.
 Upkeep and maintenance of IT asset management procedures including
configuration and asset management databases.
 Registration and control of IT equipment.
 Supporting creation of specific required documentation to undertake a
procurement process such as specification and evaluation criteria or assist
the Client Lead when clinical systems are to be purchased.
 Compliance with agreed terms and conditions for the IT Assets and Systems
for which they have ongoing day-to-day responsibility.
 Contract and asset management of IT Assets and Systems for the IT Assets
and Systems for which they have ongoing day-to-day responsibility.
6.4 Service and Department Managers
6.4.1 In addition to the other responsibilities and duties detailed in this policy, Service and
Department Managers are responsible for:
 As part of the annual Trust Business Planning cycle, notifying the IT
Department of all IT investment requirements for the forthcoming financial
year with details of risks incurred by not making the investment, benefits of
doing so and likely funding sources.
 When notified by the IT Department of IT investments which may be funded,
following appropriate Trust approval routes to gain formal approval to make
the required investment, involving the IT Department and South of England
Procurement Services as necessary.
 Nominating an appropriate ‘Client Lead’ to represent the Service or
Department throughout any subsequent procurement.
 Ensuring that the IT Service Desk is informed, at the earliest opportunity, of
reallocation and relocation of IT Assets (providing all asset numbers and new
locations).
6.5 Client Lead (Budget Holders, System Requestors and Managers)
6.5.1 In addition to the other responsibilities and duties detailed in this policy, The Client
Lead is responsible for:
 Ensuring that their permanent and temporary staff and contractors involved in
IT Asset or System procurement have read and understood this policy.
 Ensuring timely engagement with the IT Department and NHS South of
England Procurement Services in the purchase of IT Assets and Systems.

Version: 6
Ideally this will be at initial ideas stage and, at latest it must be prior to any
decision making or approval.
 Ensuring that funding and expenditure for IT procurements is authorised in
accordance with this and the Trust’s wider policies and procedures and
aligned to central road map.
 Identifying Information Asset Owners, Information Asset Administrators and
Clinical Safety Officers for IT Systems which are not classified as Trust-wide
Information Assets.
 Providing documentation requested by the IT Department and NHS South of
England Procurement Services to undertake the procurement process, such
as specification of requirements and evaluation criteria when IT Systems are
to be purchased.
 Defining internal roles and responsibilities when participating on a tender
exercise and ensuring that staff involved in procurement decisions are
appropriately trained by NHS South of England Procurement Services.
 Committing time and resources to the procurement process as required.
 Ensuring that the IT Assets or Systems are compatible, supported and
maintained and in accordance with the terms of the license.
 Ensuring the use of IT Systems is in line with the terms and conditions agreed
with Suppliers and reviewed by NHS South of England Procurement Services.
6.6 Information Asset Owner (IAO)
6.6.1 In addition to the other responsibilities and duties detailed in this policy, The IAO is
responsible for:
 Registration of the IT System on the Information Asset Register.
 Ensuring that the IT Service Desk is informed, at the earliest opportunity, of
reallocation and relocation of IT Assets (providing all asset numbers and new
locations).
 Assignment of Information Asset Administrators for each IT System for which
they are responsible.
 Ongoing compliance with contract and license terms and conditions of IT
Asset and System usage.
 Day-to-day asset management including monitoring of licenced usage and
arrangement of adjustments in licenced capacity as might be required.
 Contract management of IT Assets and Systems.
 The provision of adequate ongoing support and maintenance arrangements.
 Ensuring timely engagement with the IT Department and South of England
Procurement Services in purchase of replacement IT Assets and Systems.
This must be sufficiently in advance of termination of an existing contract to
allow time for a competitive procurement to take place.
6.7 Staff
6.7.1 Every member of staff is responsible for ensuring that they comply with this and
related Trust and IT policies, processes related to this policy, guidelines and safe
working practices.
7. PROCESSES
7.1 Planning & Control
7.1.1 For provisions to be included in consolidated IT financial and resource planning,
requirements for IT Assets and Systems must be identified through one of the
following channels:

Version: 6
 The annual business planning and IT capital planning process; or
 The IT Department’s new business workflow.
7.1.2 In addition to the specific controls details in clause 5.2, procurement of IT Assets
and Systems are subject to the Trust’s controls and measures that operate at any
given time; including but not limited to approved business cases and ECF
(Expenditure Control Form)
7.2 Procurement of IT Assets
7.2.1 On behalf of the Trust, and in consultation and agreement with NHS South of
England Procurement Services, the IT Department is responsible for identifying and
managing sources and channels for the purchase of IT Assets.
7.2.2 Enquiries and requests for individual IT Assets (those that do not constitute a
system) must be submitted to the IT Department Service Desk and NHS South of
England Procurement Services in accordance with current ordering processes and
procedures.
7.2.3 Enquiries and requests will be processed by the IT Department Service Desk in
accordance with established procedures and published timescales, engaging NHS
7.2.4 Before finalising orders, the IT Department Service Desk will advise the requester
of:
 Additional hardware and software items and services that might be required to
fulfill the request.
 Changes to the requested items to meet the requirements of this policy and
Trust IT standards.
 The costs of the purchase (initial and on-going costs) with the input of NHS
7.2.5 Adequate procurement process shall be followed as per the Trust Financial
Instructions; and by utilising existing Framework agreements whenever possible
and as long as best value for money is provided. Single Tender Waivers (STW) are
not a procurement process and shall only be used in special circumstances as
specified in the Trust Standing Financial Instructions.
7.2.6 Once the details of the order are agreed, the IT Department Service Desk will raise
an electronic requisition on the SBS system and submit it to the budget holder for
approval together with technical approval. If all the information required is contained
within the requisition, a purchase order will then be raised and processed by NHS
7.3 Procurement of IT Systems
7.3.1 All IT System procurements will be undertaken and implemented as formal projects
which conform to the Trust’s adopted project management model (based upon
PRINCE2).
7.3.2 Subject to prioritisation within the Trust’s IT Development Programme, the IT
Department will assist the Client Lead in completion of a feasibility review, which
defines the proposal and takes account of all relevant factors to determine the
viability of the proposal, and which amounts to an Outline Business Case and
covers aspects including:
 Funding and capacity, including Whole Life Costs.
 Additional hardware and software items and services that might be required to
fulfil the request. e.g. licences, interfaces, maintenance and/or support.

Version: 6
 Completion of Information Governance Due Diligence Form and Privacy
Impact Assessment to ensure compliance with Data Protection Legislation.
7.3.3 Provided viability is proven, NHS South of England Procurement Services and the
IT Department Programme Team will assist the Client Lead with development of a
project brief (and business case if required) for presentation and approval by the
funding body.
7.3.4 Regardless of funding availability, procurement of any IT system (or proposal for
expansion, upgrade or development of existing system) and associated services
with costs exceeding thresholds set out in the Trust Standing Financial Instructions
must be approved by the relevant Trust body prior to any commitment of funding.
7.3.5 NHS South of England Procurement Services will advise how to follow the
appropriate procurement route. The Procurement process will depend on Whole
Life Cost and complexity, as per Trust Standing Financial Instructions.
7.3.6 NHS South of England Procurement Services shall provide a specification template
and specification questionnaire and evaluation model template (on request) which
highlights aspects to take into consideration when drafting a specification, questions
to test responses to tender and evaluation model to score the responses, taking into
account the number of licenses required.
7.3.7 The IT Department and/or Client Lead will provide an outline specification and
relevant information in relation to the IT system to be procured using NHS South of
England Procurement Services’ template specification. Such specification and
information shall include adequate consideration and documentation of all
requirements including functional, outcome, software usage and licencing,
implementation, maintenance and support. The IT Department will provide content
on the IT standards to be adhered to.
7.3.8 NHS South of England Procurement Services will advise on gaps and adequacy of
the specification and will assist the IT Department and/or Client Lead in putting
together evaluation criteria. Details regarding the Procurement Process are
contained within NHS South of England Procurement Services Procurement
Procedures Manual.
7.3.9 Once the appropriate procurement route has been followed and the procurement
outcome has been approved a requisition will be processed containing all relevant
documents (including but not limited to approval documentation, commercial
proposal accepted, and terms and conditions applicable) for NHS South of England
Procurement Service to raise a valid purchase order.
7.3.10 Single Tender Waivers are not a procurement process. Due procurement process
shall be followed unless there is a specific justification not to enter into competitive
process as per the Trust Standing Financial Instructions.
7.3.11 The Contract will have a determined duration which may or may not include
extensions depending on the Trust needs (extension cannot be longer than initial
term). At least six months before the contract expires or before the contract renewal
/termination notice period the Information Asset Owner or Client Lead will need to
engage with NHS South of England Procurement Services and the IT Department
to analyse the current Trust needs, the state of the market and re-start the
procurement process. This is especially important where existing licensing prohibits
the use of the IT System when the current contract expires.
7.4 Procurement of Maintenance
7.4.1 Maintenance can be purchased for IT Assets and IT Systems within the tender
process or as a separate process. The purchase of IT Systems shall consider the
Whole Life Cost including maintenance. When possible, suppliers shall be required
Version: 6
to provide a guarantee period and specify the costs of maintenance during the
duration of the contract (Whole Life Cost considerations) and tender documents
shall specify if the requirements include maintenance costs.
7.4.2 If Maintenance is to be purchased separately from the IT System the same process
shall be followed as per Section 7.3 above.
7.4.3 The Contract will have a determined duration. With sufficient time scale before the
contract is due to expire the Information Asset Owner or Client Lead will need to
engage with the IT Department and NHS South of England Procurement Services
to analyse the current Trust needs, the state of the market and re-start the
procurement process.
7.5 Contract Management
7.5.1 All IT Systems purchased shall be assigned Information Asset Owners and
registered by them in the Trust’s information asset registers.
7.5.2 Once the procurement outcome has been approved, and the requisition has been
raised, contract terms and conditions shall be completed with the input of the Client
Lead and the IT Department as per the terms and conditions specified within the
procurement process. The Contract shall be signed by a Trust authorised
representative as per the Trust’s Scheme of Financial Delegation.
7.5.3 Unless agreed to be a Trust-wide application, once the contract is in place the
System’s Information Asset Owner is responsible for the management of the
contract and asset. The IAO is expected to understand the overall business goals,
the terms of the contract and how the information assets contribute to and affect
these goals.
7.5.4 Any required changes in the contract will be consulted with the NHS South of
England Procurement Services and the IT Department, who will advise the need to
undertake a separate procurement process, or whether the changes are permitted
within the existing contract.
7.5.5 The IAO shall initiate actions to ensure that extensions and/or replacements of
contracts are undertaken with sufficient time scale being allowed for necessary
review, re-specification, procurement, contract award and signature. This should
commence at least 6-12 months before the current contract expires.
7.6 Asset Management
7.6.1 IAOs and other Department functions and roles with assigned responsibilities for
asset management of IT Assets and Systems shall establish and maintain local
processes that comply with other appropriate policies, IT guidelines and safe
working practices and procedures of the Trust.
7.6.2 IAOs will ensure that up to date asset records; including contract details, software
licences, conditions and media, etc. are either:
 Locally and securely controlled and stored in accordance with IT guidelines
and available for inspection and use at reasonable request; or
 Under prior agreement, held by the IT Department on behalf of the
Information Asset Owner with local records making such reference.
7.6.3 IAOs will ensure that usage is monitored to verify System and software licence
compliance, and will instigate corrective and remedial actions to maintain compliant
usage with contracted and licenced conditions.
7.6.4 IAOs will ensure that System / Asset utilisation is regularly review of and necessary
action instigated to ensure efficient and effective usage is being obtained.

Version: 6
7.6.5 IAOs will ensure IT Assets and Systems are retired, archived and disposed of, in
consultation with the IT Department.
8. TRAINING REQUIREMENTS
8.1 Members of staff are individually responsible for ensuring that they comply with
Trust policies and procedures.
8.2 Specific questions relating to IT procurement can be addressed to the IT
Department Service Desk.
8.3 General questions relating to procurement can be addressed to NHS South of
England Procurement Services, which also provides Bite Size procurement training.
8.4 Information Asset Owners are required to complete the mandatory Information
Governance / Risk Assessment training.
9. REFERENCES AND ASSOCIATED DOCUMENTATION

9.1 The Trust is obliged to abide by all relevant UK and European Union Procurement
Legislation.
9.2 The Trust follows all national NHS IT and information security requirements.
9.3 The Trust aims to adopt other standards and recognised best practice it considers
appropriate, including:
 IT Infrastructure Library (ITIL®)
 Projects in Controlled Environments (Prince 2®)
10. EQUALITY IMPACT STATEMENT

10.1 Portsmouth Hospitals NHS Trust is committed to ensuring that, as far as is
reasonably practicable, the way we provide services to the public and the way we
treat our staff reflects their individual needs and does not discriminate against
individuals or groups on any grounds.
10.2 This policy has been assessed accordingly.
10.3 Our values are the core of what Portsmouth Hospitals NHS Trust is and what we
cherish. They are beliefs that manifest in the behaviours our employees display in
the workplace.
10.4 Our Values were developed after listening to our staff. They bring the Trust closer
to its vision to be the best hospital, providing the best care by the best people and
ensure that our patients are at the centre of all we do.
10.5 We are committed to promoting a culture founded on these values which form the
‘heart’ of our Trust:
Working together for patients

Working together with compassion
Working together as one team
Working together always improving
10.6 This policy should be read and implemented with the Trust Values in mind at all
times
Version: 6
11. MONITORING COMPLIANCE WITH PROCEDURAL DOCUMENTS
11.1 This document will be monitored to ensure it is effective and to assure
compliance.
Minimum
Frequency Lead(s) for acting
requirement Reporting
Lead Tool of Report of on
to be arrangements
Compliance Recommendations
monitored
Summary of
Head of contractual vs Audit Head of
Monthly
Procurement non contractual Committee Procurement
spent
Summary report
Follow of known IT
Head of IT
Compliance to Assets not Audit Head of IT Service
Service Annually
the purchased by Committee Delivery
Delivery
requirements the IT
of this policy Department
Summary report
of IT Systems Head of IT
Head of IT Audit
not purchased Annually Programme
Programmes Committee
via the IT Management
Department
IT Procurement & Asset Management Policy

Version: 6
Review date:14 November 2020 (unless requirements change) Page 15 of 17
EQUALITY IMPACT SCREENING TOOL
To be completed and attached to any procedural document when submitted to
the appropriate committee for consideration and approval for service and
policy changes/amendments.
Stage 1 - Screening
Title of Procedural Document: IT Procurement and Asset Management Policy
Date of assessment August 2018 Responsible IT Department

Department
Name of person Chris Tite Job Title Head of IT
completing
assessment
Does the policy/function affect one group less or more favourably than another on the basis
of :
Yes/No Comments
 Age No
 Disability No
 Gender reassignment No
 Pregnancy and Maternity No
 Race No
 Sex No
 Religion or Belief No
 Sexual Orientation No
 Marriage and Civil Partnership No
If the answer to any of the above questions is NO,

the EIA is complete. If YES, a full impact
assessment is required: go on to stage 2, page 2
More Information can be found be following the link

below
www.legislation.gov.uk/ukpga/2010/15/contents
Stage 2 – Full Impact Assessment

Version: 6
What is the impact Level of Mitigating Actions Responsible
Impact (what needs to be done to minimise / Officer
remove the impact)
Monitoring of Actions
The monitoring of actions to mitigate any impact will be undertaken at the appropriate level
Specialty Procedural Document: Specialty Governance Committee

Clinical Service Centre Procedural Document: Clinical Service Centre Governance Committee
Corporate Procedural Document: Relevant Corporate Committee
All actions will be further monitored as part of reporting schedule to the Equality and Diversity
Committee

Version: 6

IT Procurement and Asset Management Policy

Uploaded by

Copyright:

Available Formats

IT Procurement and Asset Management Policy

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

IT Procurement and Asset Management Policy

Uploaded by

Copyright:

Available Formats

.

Working together to drive excellence in