IT Procurement Review (ITPR)

The Information Technology Procurement Review (ITPR) process is part of CSU, Chico’s commitment to making the resources and tools used on campus accessible and secure. Chancellor's Office policy requires the campus to purchase Electronic and Information Technology (E&IT) products that meet Section 508 Accessibility requirements. Systems and applications that are not accessible pose a risk to the campus if a student, faculty, staff, parent, or the public is unable to use them. 

For more information about the CSU Procurement policy visit the CSU System ATI Procurement Process page.

There are 3 main areas assessed as part of IT Procurement Review:

  1. Accessibility Risk
  2. Information Security Risk
  3. System Compatibility

An ITPR may be required when you are acquiring any Electronic and Information Technology (E&IT), regardless of price (including donations). The table below provides some examples of items that require an ITPR and items that do not. If you are unsure whether your item requires an ITPR, please email and someone will assist you.


ITPR Requirements


Not Required

External storage devices (flash drives, portable hard drives) intended to store Level 1 or Level 2 data

External storage devices (flash drives, portable hard drives) that will not store Level 1 or Level 2 data

Devices that will connect to the campus network

Conference room telephones (e.g. Polycom phones)

Smart boards, streaming devices (e.g. Apple TV, Roku, etc.), or information kiosks (use by faculty, students, staff, visitors)

Computer monitors, displays, and projectors (including televisions). Please note that "Smart TVs" may not function on the campus network; please check with ITSS if you have questions.

Cloud applications / web applications 

Wireless presenters for classroom use

Software for computers, tablets, or servers 

Keyboards, mice, digital pens, desktop speakers, headsets

Academic software used for instruction or testing

Lab equipment 

Computer desktops, laptops, and tablet hardware (standard computers purchased through ITSS do not require an ITPR)

Internal computer parts (for repair/upgrade of existing equipment only)

Cameras and video recording devices (except webcams used for videoconferencing)

Webcams for use in video conferencing and lecture recording

Fax machines

USB hubs, docking stations, adapters, and cables (except network patch cables)

 Printers (except Dymo label printers), scanners, copiers, and multi-function devices (standard printers purchased through ITSS do not require an ITPR)

 UPS battery backup for desktop

Consulting agreements that result in installation of electronic devices or development of software applications that would otherwise meet the requirements for an IT Procurement Review.

 General office equipment other than software, computers, and printers (e.g. calculators, electric staplers, etc.)

Consulting agreements that involve access to campus data.

 Electronic articles used by one person (e.g. online newspaper and journal subscriptions); individual LinkedIn subscriptions (note that these would still require an exception to use a procurement card).

 Electronic articles intended for use as required reading for a course.

 Electronic graphics and images (e.g. clipart and SnapChat filters), software templates, and audio clips

 Any other electronic device or software application used in the creation, conversion, storage, or duplication of data or information (unless otherwise excluded)

 Audio/Video equipment (e.g. microphones, video and sound processing equipment)

  Proprietary components used by FMS in building management systems (except for computers and items that connect to the campus network).

To complete the ITPR process you will need to obtain a Voluntary Product Accessibility Template (VPAT) from the vendor.  If protected/confidential data will be collected you also need to complete a Security Data Requirements Checklist.

To speed the ITPR process, please attach the vendor quote and appropriate vendor documentation. Examples of vendor documentation includes specifications, contract language (e.g., MEA, MSA, EULA, etc.), technical implementation guides, etc.