Download Technology Procurement Policy
Technology Procurement Policy Effective June 1, 2023
WHY A POLICY REGARDING TECHNOLOGY PROCUREMENT?
Information Technology Procurement is a Corporate-Driven & Center-Led function, with goals to reduce complexity and risk (security and contract for example), drive efficiencies and create minimum and aligned technology standards across the organization and RPM has this policy to meet these goals.
WHAT DOES THIS POLICY APPLY TO?
This policy applies to any way in which an RPM Company may secure (whether by purchase, lease, subscription, click-wrap acknowledgement online, or any other kind of agreement, contract or purchase order) any of the following or similar technology item or service (each a “Technology Commitment”):
- Software
- Hardware
- Networking
- Telephony
- Technology consulting services
- File sharing services
- Software as a Service (SaaS) offerings
- Infrastructure/Infrastructure as a Service (IaaS) offerings
- Platform as a Service (PaaS) offerings
TECHNOLOGY PROCUREMENT
All technology based procurement requests of $5,000 and higher must be submitted via the RPM One CapX system, and approved by local finance, group IT leadership and RPM IT leadership prior to any Technology Commitment is made. Technology Commitment requests must be submitted via CapX regardless of spend type (Capital or Expense).
As part of the CapX submission, Technology Commitment requests will be validated against other company standards to determine if there is a standard offering that could accomplish the same needs. A request to add to the standards must be made as part of the CapX submission and have valid reasoning/applicability to be considered.
For requests under $5,000, local finance and group IT leadership must be notified and approve of the request.
ADDITIONAL STEPS
In addition to notifying local finance, group IT leadership and RPM IT leadership via the RPM One CapX system as outlined above; group General Counsel must be notified and provided a copy of the Technology Commitment request and related documentation for review and approval. If General Counsel in conjunction with RPM Legal and Compliance determines that a Data Protection Impact Assessment (DPIA) form must be submitted in accordance with the RPM DPIA Policy, the DPIA must be fully completed prior to completion of any Technology Commitment.
This policy applies to all RPM and RPM subsidiary employees and any employee who violates this policy may be subject to disciplinary action up to and including termination. Any requests for exemption from this policy must be submitted to and approved by RPM’s Vice President – Global Systems or RPM’s Vice President – Commercial Excellence.