Technology Purchase Approval Steps

For departments and groups purchasing software, Internet of Things (IoT) devices, services (including cloud services) and hardware above $2500 using state funds, including grant monies. For a visual, see the flowchart listed in the Related Articles section.

Approval Process for Software, IoT Devices, Services

1. Requester submits PORT request

  • New software, IoT device or service request
    • TAC review. If denied: notification sent with recommendations; if approved: request moves to next step
    • IT Accessibility Review. Ensures Section 508 compliance
    • Sensitive Data Review. No sensitive data, approval notification sent and request moves to next step; Yes to sensitive data, request moves to the next step
    • Materials Management contract review
    • Technology Security Assessment. Initiated and conducted
    • Data Steward approval required for FERPA (academic), CIS (HIPAA), IRB (research), ITPC (SSN/PII), PCI (CC), GLBA (financial): approval or denial notification provided to Materials Management
  • Existing software, IoT device or service request
    • Sensitive Data Review. No to sensitive data, request moves to approval/denial notification from Materials Management; yes to sensitive data, request moves to next step, annual review required
    • Annual review required. No annual review required, moves to the last step Approval/Denial notification provided to Materials Mgmt.; Yes, annual review required, moves to Technology Security Assessment Initiated and conducted
    • Data Steward approval required for FERPA (academic), CIS (HIPAA), IRB (research), ITPC (SSN/PII), PCI (CC), GLBA (financial): approval or denial notification provided to Materials Management

Request Process for Technology Hardware

  • TAC review. If no, approval notification sent and request moves to next step; if yes, request moves to next step
  • Security Assessment Required? If no, approval/denial notification provided to Materials Management; if yes, Security Assessment initiated and conducted.
  • Regulated data. If no, approval/denial notification provided to Materials Management; if yes, request moves to Technology Security Assessment
  • Technology Security Assessment. Initiated and conducted
  • Data Steward approval for FERPA (academic), CIS (HIPAA), IRB (research), ITPC (SSN/PII), PCI (CC), GLBA (financial): approval or denial notification provided to Materials Management
0% helpful - 1 review

Details

Article ID: 67612
Created
Fri 3/26/21 11:47 AM
Modified
Fri 3/26/21 12:14 PM

Related Articles (1)