IT Procurement Review (ITPR)

This article will guide Chico State users through the ITPR process, including when an ITPR is required, what documentation to include, and how to determine eligibility for reviewing technology purchases.

To begin an IT Procurement Review, please visit the ITPR category in the Service Catalog and choose the appropriate form for your request.

Quick Links: | Overview | Required Documentation | ITPR Eligibility Criteria |

Overview

The Information Technology Procurement Review (ITPR) ensures that technology purchases at Chico State are secure, accessible, and compatible with campus systems. The ITPR process supports compliance with CSU policies and Section 508 accessibility requirements.

CSU policy requires campuses to assess and approve purchases of Electronic and Information Technology (E&IT) to ensure:

1. Accessibility Risk – The technology is usable by all, including people with disabilities.
2. Information Security Risk – The product meets campus security standards.
3. System Compatibility – The product functions properly within the campus infrastructure.

For CSU procurement policies, visit the CSU System ATI Procurement Process page.

Required Documentation

Include the following when submitting your ITPR:

• Vendor quote
• VPAT (Voluntary Product Accessibility Template)
• View the Security Data Requirements Checklist if protected/confidential data is involved
• Supporting technical documentation, such as:
  • Specifications
  • MEA, MSA, or EULA agreements
  • Implementation or configuration guides

ITPR Eligibility Criteria

An ITPR may be required for any E&IT product or service, regardless of cost, including free or donated items. This includes:

• Cloud and web-based applications
• Software used campus-wide or by a department
• Technology connecting to the campus network
• Devices storing Level 1 or Level 2 data

If you're unsure whether an ITPR is needed, email itpr@csuchico.edu with a description of the item.

ITPR Requirements Table

Required	Not Required
ITPRs are not issued for printers, scanners, copiers, or multi-function devices. These items must be purchased through the campus CMT request process. Use this link: Request Form - Request a new printer
ITPRs are not issued for computer desktops, laptops, or tablet hardware. These items must be purchased through the campus ITSS request process. Use this link: Request Form - Purchase Computer Equipment
ITPRs are not issued for Smart Boards or any components for a Smart Board. These items must be purchased through the campus Classroom Technologies request process. Use this link: Request Form - Classroom equipment installation
External storage devices (flash drives, portable hard drives) intended to store Level 1 or Level 2 data	External storage devices (flash drives, portable hard drives) that will not store Level 1 or Level 2 data
Devices, hardware, software, or applications that will connect to the campus network	Conference room telephones (e.g., Polycom phones) (Note: Meeting Owl devices do require an ITPR due to specific security concerns inherent in these devices)
Streaming devices (e.g., Apple TV, Roku, Chromecast, etc.), or information kiosks (use by faculty, students, staff, visitors) (note: ITPRs are not issued for Smart Boards)	Computer monitors, displays, and projectors (including televisions). Please note that "Smart TVs" may not function on the campus network; please check with ITSS if you have questions.
Cloud applications, web applications, web hosting services, or domain registrations	Wireless presenters for classroom use
Application, service, subscription, or software for computers, tablets, or servers that will be used by an entire department, class, or campus-wide	Software, application, subscription, or services used by a single person unless it stores or processes level 1 data. (Unless there is another cited requirement) All software must be current versions and properly licensed for University use (many popular 'free' software applications are only free for *home* use... not campus use). **If purchasing with a Procurement Card, then submit an ITPR**
Software, service, application, or subscription used for academic instruction, reference, research, testing, surveys, or analysis	Equipment that has no associated software.
Cameras and video recording devices (except webcams and document cameras used for videoconferencing)	In the case of existing pre-approved computer components as an integral part of an existing approved technology system, when the computer components of that system need to be repaired or replaced.
Fax machines	Internal computer parts (for repair/upgrade of existing equipment only)
Professional services or consulting agreements that result in the installation of electronic devices or the development or deployment of software applications that would otherwise meet the requirements for an IT Procurement Review.	Webcams and document cameras for use in video conferencing and lecture recording
Professional services or consulting agreements that involve access to campus data or collect personal information or data pertaining to students, faculty, or staff.	USB hubs, docking stations, adapters, and cables (except network patch cables)
Electronic articles, subscriptions, or services intended for institutional use or is required for a course.	UPS battery backup for desktop computers
Any other electronic device, software, application, subscription, or service used in the creation, conversion, storage, or duplication of data or information (unless otherwise excluded)	General equipment other than software, applications, subscriptions, services, computers, and printers (e.g., keyboards, mice, digital pens, desktop speakers, headsets, calculators, electric staplers, etc.)
Services that request, intake, process, store, or provide data/information of students, faculty, employees, or members of the campus community	Service, subscription, or electronic articles used by one person (e.g., online newspaper and journal subscriptions); individual LinkedIn subscriptions (note that these would still require an exception to use a procurement card).
3D printers	Electronic graphics and images (e.g., clipart and Snapchat filters), software templates, and audio clips
Drones	Audio/Video equipment (e.g., microphones, video, and sound processing equipment)
Conference room systems, devices, software, or applications requiring security setup to operate on the campus network (example: Meeting Owl)	Proprietary components used by FMS in building management systems (except for computers and items that connect to the campus network).

 

Still need help? Contact IT Support Services for further assistance.

Help us improve our Knowledge Base! Click Yes or No below, then let us know what worked — or what didn’t. Your feedback helps us improve our content and provide the best possible support.