Policies & Standards


CORA: Colorado Open Records Requests

CORA requests made for records for which OIT is the custodian should be submitted in writing as follows:

  • via email at oit_cora@state.co.us
  • via fax at 303.764.7725 
  • via mail at 601 East 18th Avenue, Suite 130, Denver, CO 80203

Pursuant to C.R.S. §24-72-205, OIT does not impose a charge for the first hour of time expended in connection with the research and retrieval of public records. After the first hour, OIT charges $25 per hour for the research and retrieval of public records. When the number of pages produced in response to a records request exceeds 25 pages, OIT will charge $0.25 per page for all documents photocopied. 

Policies & Standards Issued By OIT

Acceptable Use Policy (AUP)

Credentialing/Identity Management

Data Management

Data Privacy


Financial Services

  • Acquisition of IT Goods (Products) and/or Services 

    • The formal processes to purchase or acquire information technology products and/or services are described here.
  • Buying from State Price Agreements 
    • State Price Agreements may exist that do not meet mandatory OIT standards applicable to state agencies as defined in C.R.S. 24-37.5-102(4) or that require OIT approval prior to use. State agencies are therefore cautioned to ensure that any price agreement for communication and IT (C.R.S. 24-37.5-102(2)), hardware, software, radios, communication systems/towers meets OIT standards and that necessary OIT approvals have been obtained prior to use of the Price Agreement


Information Security

The Office of Information Security has issued the following policies, rules and standards under the authority of C.R.S. 24-37.5-401 et seq.   

  • Rules
(State Agency Cyber Security Planning)
  • Colorado Information Security Policies (CISPs) 
           These policies are reviewed and updated annually but are subject to change more often as necessary. Unless 
           otherwise noted, the policies below are effective as of October 4, 2019. 

Project Management

The Portfolio and Project Management Center of Excellence (PPMCoE) is responsible for setting policies and procedures related to project, program and portfolio management within the Office of Information Technology (OIT) and for executive branch agencies that embark on projects that include an IT component.

NOTE: the following documents are accessible to state employees only. If you are not a state employee and need access to one of the project management policies, please email oit@state.co.us 

Technical Standards

These technology standards support the State of Colorado's information security policies.

The Office of Enterprise Architecture has issued the following technical standards, superseding any standards posted prior. Each standard has been approved by the OIT Architecture Review Board (ARB), effective as of the "Effective Date" established in each document, and remains in effect until removed or revised by a decision of the ARB.