Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 6 Next »

On this page



Process

In collaboration with Contracts and Procurement Services, the Office of Information Technology (OIT) provides IT solution and service contract reviews which serve to assess the technical, security, privacy, and accessibility properties of a product or service prior to purchase.

OIT seeks to manage risk and facilitate effective implementation of IT products and services. These reviews serve to provide an understanding of the risk profile of a solution or service and its integrations with existing IT services at the University. Departments will receive an assessment, recommendations, and/or requirements for moving forward with their contract.

Department Request for Contract Review

Complete the IT solution and service contract review request form with as much detail as possible. Please attach documentation relating to the product or service. This may include the contract, statement of work, security information (such as a privacy policy, HECVAT, or SOC2), and/or accessibility reports (such as a VPAT or ACR). After submitting the request, you may be asked to:

  • Provide a contract, agreement, statement of work, terms and conditions, and/or privacy policy, if not attached to the request form.

  • Collect technical, security, privacy, and accessibility documentation from the vendor. OIT may ask you to work with the vendor to complete an IT Risk and Accessibility Review (ITRAR) questionnaire.

OIT Documentation Review

Information Security and Privacy Review

In keeping with PSU’s Information Security Policy and Notice about Digital Privacy, OIT’s Information Security Team will review security- and privacy-related responses to the ITRAR and the final text of the contract. This review is intended to evaluate and manage risks related to data sensitivity, application management, identity and access management, privacy, and information security.

Accessibility Review

In keeping with PSU’s Digital Accessibility Policy and associated Standard for Accessible Digital Procurement, OIT’s Digital Accessibility and Content team will review accessibility-related responses to the ITRAR and any provided WCAG-specific Voluntary Product Accessibility Template (VPAT) or ACR. This review is intended to evaluate and manage risks related to digital accessibility.

Integrations Review

OIT will work with you and your department to identify any needed data integrations or Single Sign-on (SSO) integrations for the product or service you are purchasing. This review is an initial assessment of the scope and level of effort required for an integration as well as availability of OIT personnel to deliver an integration.

OIT Assessment and Recommendation

Once OIT has reviewed all responses to the ITRAR and any associated documentation, they will respond to CAPS and the procuring party with any follow-up questions or recommendations and a summary of security, privacy, or accessibility risks. Procuring parties may be asked to:

  • No labels