This section provides a recommendation and rationale for how the system will be acquired.Often a combination of acquisition strategies are used, especially when both end-user hardware and enterprise systems are part of the solution.
First, list the components that need to be acquired, grouping them into categories as appropriate (e.g, end-user hardware, vs. each item separately).Then, for each component (or category of components), answer the following questions that are applicable to that item:
- Scope of what to buy:
- Buy as a product or service? (some items may be purchased and others may be acquired as a service)
- Commercial-off-the-shelf (including open source) or custom?
- Will in-house staff or external contractors support custom development, integration, or sustainment?
- What infrastructure will need to be acquired?
- Will system hosting services be needed?
- How will connectivity be made available?
- What security considerations should be included in the contracts?Will any specific hardware or software need to be acquired to provide security?
- Will Business Continuity requirements need to be included in the contract(s)?Will separate Business Continuity solutions or components need to be acquired?
- Are there any data management considerations to be included in the acquisition(s)?
- What type of contract(s) should be used?
Approach to Developing this Section
Before beginning this section, read the “Basics of Defining Information System Acquisition Strategies,” in the Week 6 Content.It explains how to approach acquisition planning and will help in responding to the questions above.That document provides a guide to completing the documentation for a full acquisition strategy plan, which would include many of the same topics as are included in the business case.For this section, focus on responding to the questions above, as they apply to what will need to be acquired for the system you are proposing.Multiple acquisition strategies may be identified for the proposed solution.For example, some components may be purchased outright, other products or services may be leased or available by subscription/service contracts.If such is the case with the proposed solution, all of the applicable questions for each type of acquisition recommended need to be considered and responses should be provided if they apply to what is being acquired.Some questions may not apply to the component being acquired (e.g., there does not need to be a data management strategy identified for a printer that is to be purchased).The presentation of the information will be clearer if separate responses to the questions are developed for each component or category of components.Keep in mind that the full security requirements and solution will be covered in Section XII (yet to be developed), but your solution should have identified what security hardware and software would need to be acquired, and you should include here any security requirements that should be included in contracts or service requests associated with your solution.