Administrative Regulation 16.22

SUBJECT: Procurement of Software and Software Services ORIGINATING DEPARTMENT: Systems Management


It is the intent of the Citrus County Board of County Commissioners (“County”) to establish policy for the procurement of software and services. 


This policy covers the acquisition of computing software, software-as-a service (SaaS), Infrastructure as a Service (IaaS), Platform as a Service (PaaS), hosted servers, and all implementations of cloud computing (hereafter “Software”). The terms acquisition and procurement may be used interchangeably to refer to any process by which new software resources are obtained for the County. “Purchasing” is purposefully not used because acquisition/procurement is not limited to situations where payment is required.

Operational Technology, such as supervisory control and data acquisition (SCADA) systems or industrial control systems that do not connect to the County’s Information Technology systems are exempt from this policy. 


  1. All software procurements must be reviewed and approved by Systems Management. Systems Management must approve additional licenses or upgrades procured after the initial installation, or whenever there are changes in Terms and Conditions or the Service Level Agreements. Software that supports County-wide activities must be acquired by Systems Management. Software for enterprise or grant-funded cost centers must be approved by Systems Management, but for accounting purposes may be paid for by those divisions.
  2. Systems Management must review all software for compatibility with existing equipment and standards. Any software to be hosted on County servers and distributed through the County network must meet the current standards and specifications for security, performance, and infrastructure requirements. The software must be compatible with existing County resources already in place. Systems Management will not compromise security or performance standards if software is determined to be deficient or will have a negative impact on resources or security.
  3. Systems Management may deny requests for software that duplicate the capabilities and features of software currently being used by the County.
  4. Software that is actively being used by the County must be kept under active maintenance and support to receive critical security updates and to reduce downtime.
  5. Major software upgrades must be reviewed by Systems Management prior to installation to ensure compatibility with existing resources. Systems Management may deny the installation of upgrades that will cause conflicts or strain IT resources past planned limits.
  6. Hosted services or software must include Service Level Agreements (SLA) defining the roles and responsibilities of the vendor, minimum performance standards, guarantees by the Vendor and the penalties and remedies available to the County when those standards are not met. The SLA must be acceptable to the County.
  7. Software must adhere to the standards, and protocols already in place. Systems Management is not obligated to enable or install software nor diminish security to accommodate new or upgraded software.
  8. When County data or content has been outsourced by the County to a third party, the third party must be able to provide the services in a manner that complies with all state and federal laws applicable to County’s obligations regarding the data or content.
  9. The County will follow the “cloud-first” policy set forth in section 282.206, Florida Statutes, as amended from time to time, and, whenever feasible, show a preference for cloud computing solutions that meet the needs of the County, reduce costs, and meet or exceed the applicable state and federal laws, regulations, and standards for cybersecurity.

FOOTNOTES & REFERENCES TO RELATED AR’s: Supersedes AR 16.22 adopted January 12, 2016

AR 16:02-2 Acceptable Use Policy
AR 9.01-18 Purchasing Policy
Florida Statute 282.206

Last edited by Todd Dunn September 28, 2023