The review process for IT related software and application purchases.
Who is Eligible?
Active Faculty and Staff
IT Procurement for Software and Applications
IT Review Process
The IT Review Process is a structured approach to evaluate projects, technologies, and systems within the IT landscape of Oakland University. It ensures alignment with business objectives, compliance, security, architecture standards, and overall IT strategy to align with the goals of the university.
The review consists of evaluating the vendor's technical and procedural controls to protect university data and maintain compliance. This will often include requesting documentation such as the HECVAT (Higher Education Community Vendor Assessment Toolkit), SOC 2 Type II audit and VPATs to assess cybersecurity practices, accessibility, data handling, compliance and risk. The review also checks that the solution complies with relevant standards like FERPA, HIPAA, GDPR, and PCI if applicable. (Link each document to where they are defined elsewhere) The review also investigates compatibility with existing university systems and infrastructure if needed.
Purpose of the Review Process
- Ensure Security: Identify and make recommendations to mitigate potential security, performance, or compliance risks.
- Standardization: Ensure solutions align with IT and architectural standards.
- Value Assurance: Confirm the proposed initiative provides business value.
- Resource Planning: Allocate time, skills, and budget appropriately.
- IT Governance: Maintain oversight and accountability across university and IT initiatives
How do I Expedite My Request?
Initiation
- Submit a UTS ticket for a renewal or review of a new software solution or tools
- Provide all necessary and mandatory supporting documents to support the request
- Documents required for review
Preliminary Review
- Security
- Contract/ agreement/ quote / proposal/ EULA/ SLA’s/ T&C’s are reviewed for compliance
- Identify if further documentation or clarification is needed
- IT Governance Committee review ( if required)
Impact & Risk Analysis
- Security assessment
- Infrastructure and capacity review
- Compliance and regulatory checks
- Integration / implementation
- Business risk to the university
Teams involved in the review process
- Cross-functional teams: UTS, End Users / Departments, VP's, and Deans
- Security Team: Reviews for security and compliance risks.
- IT Business Operations: Evaluates business decisions, contracts, EULA for compliance, T&C’s, SLA’s.
- Business Units / Departments: Ensure the initiative meets end-user needs.
- Project Management Office: Coordinates process and tracks decisions.
Recommendations
- Approve, reject, or additional questions/clarifications to the end user/department
- Document rationale for decision
- Document security risks+
Communication
- Document security risks
- Communicate recommendations to stakeholder within UTS ticket
Timing & Frequency
- Annually for software renewals
- Any new software solutions or tools
- Initial review within 2-3 business days of submission
- Full review depends on the scope of the solution
Additional Support
- OU Technology Center
- 44 Oakland Center
- Rochester, MI 48309-4479
- (248) 370-4357
- Office Hours: M-F 8:00am - 5:00pm