Versions Compared

Old Version 4

changes.mady.by.user Kelly Thomas

Saved on

compared with

New Version 5

changes.mady.by.user Kelly Thomas

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Information and Documentation Gathering

...

Process

In collaboration with Contracts and Procurement Services (CAPS) Cover Sheet and IT Solution and Service Contract Review, procuring parties may be asked to:

...

the

...

Office of Information Technology (OIT)

...

provides IT solution and service contract reviews which serve to assess the technical, security, privacy, and accessibility properties of

...

a product or service prior to purchase.

OIT seeks to manage risk and facilitate effective implementation of IT products and services. These reviews serve to provide an understanding

...

of the

...

risk profile of a solution or service and its integrations with existing IT services at the University.

...

Departments will receive an assessment, recommendations, and/or requirements for moving forward with their contract.

Department Request for Contract Review

Complete the IT Solution and Service Contract Review with as much detail as possible. Please attach documentation relating to the product or service. This may include the contract, statement of work, security information (such as a privacy policy, HECVAT, or SOC2), and/or accessibility reports (such as a VPAT or ACR). After submitting the request, you may be asked to:

  • Provide a contract, agreement, statement of work, terms and conditions, and/or privacy policy, if not attached to the request form. OIT will at least need a copy of the contract or agreement to review.

...

  • Collect technical, security, privacy, and accessibility documentation from the vendor. OIT may ask you to work with the vendor to complete an IT Risk and Accessibility Review (ITRAR) questionnaire.

OIT Documentation Review

Information Security and Privacy Review

In keeping with PSU’s Information Security Policy and Notice about Digital Privacy, OIT’s Information Security Team will review security- and privacy-related responses to the ITRAR and the final text of the contract. This review is intended to evaluate and manage risks related to data sensitivity, application management, identity and access management, privacy, and information security.

Accessibility Review

In keeping with PSU’s Digital Accessibility Policy and associated Standard for Accessible Digital Procurement, OIT’s Digital Accessibility and Content team will review accessibility-related responses to the ITRAR and any provided WCAG-specific Voluntary Product Accessibility Template (VPAT) or ACR. This review is intended to evaluate and manage risks related to digital accessibility.

Integrations Review

OIT will work with you and your department to identify any needed data integrations or Single Sign-on (SSO) integrations for the product or service you are purchasing. This review is an initial assessment of the scope and level of effort required for an integration as well as availability of OIT personnel to deliver an integration.

OIT

...

Assessment and

...

Recommendation

Once OIT has reviewed all responses to the ITRAR and any associated documentation, they will respond to CAPS and the procuring party with any follow-up questions or recommendations and a summary of security, privacy, or accessibility risks. Procuring parties may be asked to:

...