IT Procurement Review (ITPR)

Summary

The Information Technology Procurement Review (ITPR) process is part of Chico State’s commitment to making the resources and tools used on campus accessible and secure.

Body

NOTE: To initiate an IT Procurement Review, please go to the ITPR category in the Service Catalog and choose the appropriate request form for the item you are acquiring. 

The Information Technology Procurement Review (ITPR) process is part of Chico State’s commitment to making the resources and tools used on campus accessible and secure. Chancellor's Office policy requires the campus to purchase Electronic and Information Technology (E&IT) products that meet Section 508 Accessibility requirements. Systems and applications that are not accessible pose a risk to the campus if a student, faculty, staff, parent, or the public is unable to use them. 

For more information about the CSU Procurement policy visit the CSU System ATI Procurement Process page.

There are 3 main areas assessed as part of the IT Procurement Review:

  1. Accessibility Risk
  2. Information Security Risk
  3. System Compatibility

An ITPR may be required when you are acquiring any Electronic and Information Technology (E&IT), regardless of price (including donations and free software). The table below provides some examples of items that require an ITPR and items that do not. If you are unsure whether your item requires an ITPR, please email itpr@csuchico.edu and someone will assist you.

ITPR Requirements

Required

Not Required

External storage devices (flash drives, portable hard drives) intended to store Level 1 or Level 2 data

External storage devices (flash drives, portable hard drives) that will not store Level 1 or Level 2 data

Devices that will connect to the campus network

Conference room telephones (e.g. Polycom phones) (Note: Meeting Owl devices do require an ITPR due to specific security concerns inherent in these devices)

Smart boards, streaming devices (e.g. Apple TV, Roku, etc.), or information kiosks (use by faculty, students, staff, visitors)

Computer monitors, displays, and projectors (including televisions). Please note that "Smart TVs" may not function on the campus network; please check with ITSS if you have questions.

Cloud applications, web applications, web hosting services, or domain registrations.

Wireless presenters for classroom use

Application, service, subscription, or software for computers, tablets, or servers that will be used by an entire department, class, or campuswide. 

Software, application, subscription, or services used by a single person unless it stores or processes level 1 data. (Unless there is another cited requirement) All software must be current versions and properly licensed for University use (many popular 'free' software applications are only free for *home* use... not campus use).

Academic software, service, application, or subscription used for instruction or testing

Lab equipment that has no associated software.

Computer desktops, laptops, and tablet hardware (standard computers purchased through ITSS do not require an ITPR) In the case of existing pre-approved computer components as an integral part of an existing approved technology system; when the computer components of that system need to be repaired or replaced. 

Cameras and video recording devices (except webcams and document cameras used for videoconferencing)

Internal computer parts (for repair/upgrade of existing equipment only)

Fax machines

Webcams and document cameras for use in video conferencing and lecture recording

Printers (except Dymo label printers), scanners, copiers, and multi-function devices (standard printers purchased through ITSS do not require an ITPR)

USB hubs, docking stations, adapters, and cables (except network patch cables)

Consulting agreements that result in installation of electronic devices or development of software applications that would otherwise meet the requirements for an IT Procurement Review.

 UPS battery backup for desktop computers

Professional services or consulting agreements that involve access to campus data.

General equipment other than software, applications, subscriptions, services, computers, and printers (e.g. keyboards, mice, digital pens, desktop speakers, headsets, calculators, electric staplers, etc.)

Electronic articles, subscriptions, or service intended for use or is required reading for a course.

Service, subscription, or electronic articles used by one person (e.g. online newspaper and journal subscriptions); individual LinkedIn subscriptions (note that these would still require an exception to use a procurement card).

Any other electronic device, software, application, subscription, or service used in the creation, conversion, storage, or duplication of data or information (unless otherwise excluded)

Electronic graphics and images (e.g. clipart and SnapChat filters), software templates, and audio clips

 

Audio/Video equipment (e.g. microphones, video and sound processing equipment)

  Proprietary components used by FMS in building management systems (except for computers and items that connect to the campus network).
 

To complete the ITPR process you will need to obtain a Voluntary Product Accessibility Template (VPAT) from the vendor.  If protected/confidential data will be collected you also need to complete a Security Data Requirements Checklist.

To speed up the ITPR process, please attach the vendor quote and appropriate vendor documentation. Examples of vendor documentation include specifications, contract language (e.g., MEA, MSA, EULA, etc.), technical implementation guides, etc.

Details

Details

Article ID: 97627
Created
Thu 2/6/20 6:51 PM
Modified
Mon 9/30/24 7:04 PM