Why is SUNY Fredonia requiring this TRP?
...
Please request from the vendor the following information
a quote with the company name, address, point of contact, item description, NYS OGS/SUNY/Other SUNY Local Contract number (if applicable), and term dates
copy of the software contract, multi-year agreement, Memorandum of Understanding (MoUs), or EULA (End User License Agreement) for this step of the TRP review. Please contact the vendor directly to obtain either a PDF or WORD version of their contract, master service agreement, or End User License Agreement (EULA) to be uploaded with the Technology Request Form.
VPAT - Voluntary Product Accessibility Template. Please use sample emails for requesting a VPAT and requesting documentation if a vendor does not have a VPAT.
confirm the risk category for the University data that you are requesting to be used with this solution
Higher Education Community Vendor Assessment Tool (HECVAT) (for cloud solutions only)
SOC2 Type 2 report - (for cloud-hosted solutions only)
Submit a Technology Request and FREDMart Requisition - Customer completes the Technology Request Form and FREDMart Requisition. Upon submitting the TRP form, a Tracker ticket is created to initiate the review of the request. All other non-technology contracts and licenses should be sent directly to Contract Review. Please review Tying FREDmart and Tracker Together.
Technology Compatibility and Support Review - The ITS Service Center (ITS SC) performs a technical, compatibility, and solutions analysis to ensure the software is compatible and can be supported within the existing Fredonia computing environment or recommends/determines if similar software already exists. The ITS Service Center will also check with the ITS Enterprise Infrastructure Services department to determine if there are any support or technical concerns with the software installation. The ITSSC also identifies what ITS resources are required to provide ongoing support.
Service or Project Review - The Chief Information Officer (CIO) reviews to determine if the request is standard or if it is a project. If it is a project, an ITS project manager will be assigned and a project charter will be developed with the requestor.
Information Security Review - The Information Security Office (“ISO) performs an Information Security risk assessment using SUNY standards to ensure that the software is secure and meets regulatory requirements. If the request is funded by the Research Foundation, the ISO will add the Interim Director, Grants & Sponsored Programs to the ticket as a participant. All software that uses university-regulated data must be approved by the Chief Information Security Officer (CISO) or designee.
To complete the required Data Security Risk Assessment, please confirm the University data types that you are requesting to be used with this solution by completing a Data Security Risk Assessment Form.
The CISO or designee will review and then reach out to you or the vendor (if needed) to obtain further information. The CISO may need to contact the vendor to obtain a Higher Education Community Vendor Assessment Tool (HECVAT) and/or SOC 2 Type 2 report if University Category 2 and 3 data is requested to be used.
After the CISO reviews and approves the requested data, the ticket will be moved to the next step: Electronic Accessibility Technology Review. If you have questions regarding this documentation, please contact the Information Security Office at Fredonia ISO.
Electronic Accessibility Technology Review - Per SUNY EIT Accessibility Policy, the Academic and Collaborative Technology (ACT) Office reviews EIT accessibility. This includes the review of documentation verifying EIT accessibility conformance (VPAT - Voluntary Product Accessibility Template), reviewing accessibility roadmaps, and evaluating high-impact EIT products. Documentation verifying EIT accessibility conformance is required. If you have questions regarding this documentation, please contact the Academic and Collaborative Technology Office. After the EIT Accessibility review has been completed, the Tracker ticket will be reviewed by the CIO or designee before being forwarded on to the Contract Services department.
Software Terms and Conditions Review: The Contract Services department will conduct a review of the terms and conditions of all contracts to ensure that standard NYS contract terms are applied (e.g. Appendix A: Standard Clauses for New York State Contracts.) The Contract Services will need a copy of the software contract, multi-year agreement, Memorandum of Understanding (MoU), or EULA (End User License Agreement) for this step of the TRP review.
Procurement Processing: Contract Services will update the Tracker ticket and include documentation illustrating the TofC / TofU was successfully negotiated (e.g. signed contract). Using FREDmart, the Purchasing Department creates the Purchase Order (PO) from approvals found within Tracker and sends it to the vendor.
Software Installation and License Registration: The ITS SC or designated ITS department (defined within the project charter and/or Tracker Ticket) receives and installs, configures, or integrates software and then notifies the customer. Please ensure that you complete the Receiving for your procurement in FREDmart as well.
...