IT Procurement Review (ITPR)

Tags ITPR

NOTE: To initiate an IT Procurement Review, please go to the ITPR category in the Service Catalog and choose the appropriate request form for the item you are acquiring.

The Information Technology Procurement Review (ITPR) process is part of CSU, Chico’s commitment to making the resources and tools used on campus accessible and secure. Chancellor's Office policy requires the campus to purchase Electronic and Information Technology (E&IT) products that meet Section 508 Accessibility requirements. Systems and applications that are not accessible pose a risk to the campus if a student, faculty, staff, parent, or the public is unable to use them. 

For more information about the CSU Procurement policy visit the CSU System ATI Procurement Process page.

There are 3 main areas assessed as part of IT Procurement Review:

  1. Accessibility Risk
  2. Information Security Risk
  3. System Compatibility

An ITPR may be required when you are acquiring any Electronic and Information Technology (E&IT), regardless of price (including donations). The table below provides some examples of items that require an ITPR and items that do not. If you are unsure whether your item requires an ITPR, please email itpr@csuchico.edu and someone will assist you.

ITPR Requirements

Required

Not Required

External storage devices (flash drives, portable hard drives) intended to store Level 1 or Level 2 data

External storage devices (flash drives, portable hard drives) that will not store Level 1 or Level 2 data

Devices that will connect to the campus network

Conference room telephones (e.g. Polycom phones) (Note: Meeting Owl devices do require an ITPR due to specific security concerns inherent in these devices)

Smart boards, streaming devices (e.g. Apple TV, Roku, etc.), or information kiosks (use by faculty, students, staff, visitors)

Computer monitors, displays, and projectors (including televisions). Please note that "Smart TVs" may not function on the campus network; please check with ITSS if you have questions.

Cloud applications, web applications, web hosting services, or domain registrations.

Wireless presenters for classroom use

Software for computers, tablets, or servers that will be used by an entire department, class, or campuswide. 

Software used by a single person unless it stores or processes level 1 data. All software must be current versions and properly licensed for University use (many popular 'free' software applications are only free for *home* use... not campus use).

Academic software used for instruction or testing

Lab equipment that has no associated software.

Computer desktops, laptops, and tablet hardware (standard computers purchased through ITSS do not require an ITPR)

Internal computer parts (for repair/upgrade of existing equipment only)

Cameras and video recording devices (except webcams and document cameras used for videoconferencing)

Webcams and document cameras for use in video conferencing and lecture recording

Fax machines

USB hubs, docking stations, adapters, and cables (except network patch cables)

Printers (except Dymo label printers), scanners, copiers, and multi-function devices (standard printers purchased through ITSS do not require an ITPR)

 UPS battery backup for desktop computers

Consulting agreements that result in installation of electronic devices or development of software applications that would otherwise meet the requirements for an IT Procurement Review.

General office equipment other than software, computers, and printers (e.g. keyboards, mice, digital pens, desktop speakers, headsets, calculators, electric staplers, etc.)

Consulting agreements that involve access to campus data.

Electronic articles used by one person (e.g. online newspaper and journal subscriptions); individual LinkedIn subscriptions (note that these would still require an exception to use a procurement card).

Electronic articles intended for use as required reading for a course.

Electronic graphics and images (e.g. clipart and SnapChat filters), software templates, and audio clips

Any other electronic device or software application used in the creation, conversion, storage, or duplication of data or information (unless otherwise excluded)

Audio/Video equipment (e.g. microphones, video and sound processing equipment)

  Proprietary components used by FMS in building management systems (except for computers and items that connect to the campus network).
 

To complete the ITPR process you will need to obtain a Voluntary Product Accessibility Template (VPAT) from the vendor.  If protected/confidential data will be collected you also need to complete a Security Data Requirements Checklist.

To speed the ITPR process, please attach the vendor quote and appropriate vendor documentation. Examples of vendor documentation includes specifications, contract language (e.g., MEA, MSA, EULA, etc.), technical implementation guides, etc.

Was this helpful?
25% helpful - 4 reviews

Details

Article ID: 97627
Created
Thu 2/6/20 3:51 PM
Modified
Mon 6/20/22 3:55 PM