IT Acquisition Process
1. Submit the IT Acquisition Request
2. Information Technology Services (ITS) divisions - Enterprise Applications, Infrastructure & Support, Information Technology Services - Office of Information Security and Office of Disability Resources (ODR) each receive a linked copy of the request for review
ITS - Enterprise Applications, Infrastructure & Support evaluate compatibility with campus infrastructure and available resources
ITS - Office of Information Security evaluates compatibility with security standards and evaluates risk to the University
ODR evaluates adherence to required accessibility standards/guidelines and determines accommodation options when necessary to ensure equal use for individuals with disabilities
3. If a request is related to teaching or learning, the Academic Technologies Governance group receives a linked copy of the request for review.
Look at current requests and help advise regarding costs, benefits to faculty and students, supportability, etc
Review current services within our service catalog on things such as usage, redundancy and costs
Help explore solutions, participate in software pilots and help set the direction for the academic technologies portfolio
Collaborate with other governance groups such as the Learning Spaces group and/or AsULearn advisory group
4. If a request is related to campus websites, communications, marketing or media relations, University Communications (UComm) will receive a linked copy of the request for review.
- UComm evaluates compliance with web and communications policies
5. If a request has payment functionality, the Payment Card Oversight Committee (PCOC) will receive a copy of the request for review.
- Ensure Payment Card Industry (PCI) compliance with Federal and State regulations
- A department can choose a service that offers payment card solutions but will not use the payment card solution. If the department decides later that they would like to use the payment card solution it is subject to a full review for this solution through the IT Acquisition process. Going through the IT Acquisition process again does not guarantee the payment card solution will be approved.
Each review ticket is created once the IT Acquisition Request is submitted allowing reviews to be worked on in tandem rather than sequential.
Note: The requestor will see the ITS review ticket in the Service Desk portal under "My Requests" with the linked tickets to the right.
To maintain compliance with the University’s Identity & Access Management Standard requests that do not provide authentication using SAML (i.e., Shibboleth) or Active Directory (LDS) may require an exemption request to the standard which is reviewed/approved by the CIO. Should this be necessary, ITS will assist in the process.
The CIO may also approve an exemption for unexpected, urgent requests that need to be acquired/implemented within a timeframe that does not accommodate the review process.
Note: These exemption approvals do not extend to the ODR, UComm or PCOC reviews.
Final Steps in the IT Acquisition Process
- ITS - Enterprise Applications and Infrastructure & Support provide approval or denial of requests through the ticketing system.
- ODR and Information Technology Services - Office of Information Security Risk review provide advisements on requests through the ticketing system which may include requirements for implementation and use.
- When applicable, Academic Technologies and University Communications (UComm) provide advisements on requests through the ticketing system.
- When applicable, the Payment Card Oversight Committee (PCOC) provides approval or denial on requests through the ticketing system.
- The customer is responsible for notifying the following departments as applicable of the review outcome:
- Dean's Office
- Materials Management
- General Counsel
- Follow Procurement procedures set by the University