Subject to the terms of the management agreement, covered institutions may be exempt from the provisions governing the Virginia Information Technologies Agency, Chapter 20.1 (§ 2.2-2005 et seq.) of Title 2.2, and the provisions governing the Information Technology Advisory Council, Article 35 (§ 2.2-2699.5 et seq.) of Chapter 26 of Title 2.2; provided, however, that the governing body of a covered institution shall adopt, and the covered institution shall comply with, policies for the procurement of information technology goods and services, including professional services, that are consistent with the requirements of § 23-38.110 and that include provisions addressing cooperative arrangements for such procurement as described in § 23-38.110, and shall adopt and comply with institutional policies and professional best practices regarding strategic planning for information technology, project management, security, budgeting, infrastructure, and ongoing operations.
2005, cc. 933, 945; 2010, cc. 136, 145.