Technology Purchase Process

technology purchasing departments process faculty-and-staff compliance-technology

Support

An ITCS technician will respond to support requests during regular operating hours.

Phone: 252-328-9866 / 800-340-7081

Submit a purchase request through the ECU PORT system.

Overview

Departments and groups purchasing or seeking approval should follow this process.

ECU’s technology approval and purchasing process ensures that procurement of software, Internet of Things devices, services (including cloud services) and technology hardware follows a process of

1) request, 2) guidance, 3) review, 4) approval.

Regardless of funding source, all technology purchases must follow these guidelines. This helps rule out potential conflicts before time and money are invested into a product that does not meet University criteria.

ITCS can assist you through the entire process from beginning to end and provide:

Guidance in the selection, development and implementation of hardware, software systems (including cloud systems), databases and third-party IT services that support University operations.
Compatibility with existing ECU systems.
Compliance with applicable ECU policies, government regulations and state laws.
Security and protections for your ECU data, including proper management of sensitive (regulatory) information outside the University’s academic and administrative systems.
Elimination of duplication and replication of systems across our institution.
Efficient use of your time and funds.

Available To

Departments, faculty, staff

Purchase Review Process

It is recommended you submit a Technology Purchase Consultation service request prior to beginning the purchase process in PORT. A technology consultation can 1) determine if ECU already has a solution, 2) suggest technical questions you need to ask the vendor, 3) ensure your new technology is compatible with ECU's existing IT architecture, and 4) navigate security requirements. However, at any point during the purchase process, ITCS is happy to help answer your questions.

Step 1. You Submit a Technology Request Form

Regardless of funding source or cost, you (if you have access) or your department representative are REQUIRED to submit either a ProCard Technology Request or a Technology Request Form (TRF) through ECU's purchase order system, PORT (Purchase Order and Requisition Tracking).

If you do not have access to the PORT system, see your department administrator.

Keys to a successful purchase submission

Secure funding and department approvals.
Provide a clear, concise summary of the purchase.
Attach all available documentation.
Identify any critical deadlines associated with the procurement.

Step 2. The Technology Acquisition Committee Evaluates Your Request

The Technology Acquisition Committee (TAC) evaluates all submitted technology requests. The TAC committee recommends for approval those requests that adhere to ECU goals, standards, policies, procedures and actions that impact the University. The committee charge is to review acquisitions to eliminate the duplication/replication of systems across the institution.

Step 3. The Technology Accessibility Committee Reviews Your Request

The review and verification of Section 508 compliance is conducted on all applicable University technology purchases. The accessibility review may reveal the proposed technology is entitled to an identified accessibility exception. If the technology is identified as not being Section 508 compliant, the IT Accessibility Coordinator works with the requester to develop an alternative plan for accessibility. For more information on the accessibility review process at ECU, see these IT Knowledge Base articles:

Voluntary Product Accessibility Template (VPAT) Explained. A standard document from vendors that reports the accessibility of their product. ECU requires a VPAT or affirmation from vendors. We recommend requesting this information early in the search for an appropriate technology.
- Software Accessibility Evaluation Criteria. Outlines the accessibility evaluation criteria for software.
- Accessibility Exemptions and Exceptions. Lists the accessibility exceptions and exemptions for technology products
Equally Effective Alternative Access Plan Process. Describes how the institution will provide "equally effective alternative access" to information or services provided by a technology when the product is not accessible.

Step 4. Materials Management Conducts a Contract Review

See the Materials Management website for further details.

Step 5. The Technology Security Assessment

This assessment ensures compliance with the use of sensitive University data and includes any institutional data regulated by international, federal or state law, university policy or regulation or legal contract. Information security MUST have a Technology Security Assessment completed per University regulation REG08.05.11 - Software and Data Collection Services Acquisition Regulation.

Important! If sensitive University data will be needed/exchanged from/with any technology system as a result of a purchase, approval will be requested from the data owner before purchase approval is granted. Also see this Sensitive Data Storage and Transmission guidelines information from the University Data Governance website to learn more.

Student Financial Aid (GLBA). Information obtained from students when offering financial aid products and services like loans or financial advice.

Financial Cash Management (Financial Services). Information regarding how monies are deposited from a supplier to the University.

Protected Health Information (HIPAA). Information about health status, provision of health care or payment for health care created by a Covered Entity or business associate that can be linked back to a specific individual (or used to identity an individual).

Academic (FERPA). Records, files, documents and other materials containing educational information, PII or directory information of students maintained by the university or by a person/entity for the university.

Credit Card Numbers (PCI). Any data relating to credit card payments or the storage, processing or transmission of cardholder data and/or sensitive data.

Human Subject Research (IRB). Human subject research data can be either medical (clinical) or non-medical (e.g., social science) information containing personally Identifiable Information (PI). May or may not be subject to HIPAA.

SSN/PII (ITPA). Any data that could potentially identify an individual.

Employment (HR). Any data relating to personnel files designated as confidential of current or former employees.

General Data Protection Regulation (GDPR). Information obtained from individuals within the European Union (EU) or the European Economic Area (EEA).

Internal Data. University data owned or managed that includes data not openly shared with the general public but is not specifically required to be protected by statute or regulation. Examples include budget/salary information, personal cell phone numbers, department SOPs, internal memos and incomplete/unpublished research.

Step 6. Office of University Council (OUC) Review

If a contract is valued at $100,000 or more, an OUC review is requested. See the Contract Review Process website for detailed information.

Questions?

Contact the Pirate Techs Service Desk at 252-328-9866 | 800-340-7081.

What Does This Process Look Like?

Details

Service ID: 31689

Created

Wed 3/24/21 10:52 AM

Modified

Mon 3/11/24 1:05 PM

Service Owner

Communications and Online Content Management

Updating...