Hardware & Software IT Review for CSUBUY (P2P)

Please Note:

The ITR process has been retired, and its functionality has been integrated into P2P/CSUBUY. All software and hardware requests should now be initiated through P2P, where they will undergo a series of IT reviews based on the request type—replacing the previous ITR workflow.

Before Starting a Req in CSUBUY (P2P)

The vendor needs to provide the following documentation. Providing these documents will help to ensure that your requisition is completed as soon as possible.

1. Information Security Documentation

Higher Education Community Vendor Assessment Toolkit (HECVAT)
HECVAT is a self-assessment tool for cloud service providers to demonstrate their compliance with security and privacy standards for higher education institutions.
If the vendor does not have a HECVAT, attach whatever security information they can send you.

2. Accessibility Documentation

Voluntary Product Accessibility Template (VPAT)
A VPAT is a tool to document product conformance with accessibility standards and guidelines. It explains how information and communication technology products meet the Revised 508 Standards for IT accessibility. This includes software, hardware, electronic content and support documentation.
If the vendor does not have a VPAT, attach whatever accessibility information they can send you.

FAQs

Show All

Vendor Does Not Have Documentation
Most of the time the vendor will know what these two documents are, if not, please attach the email with the vendor showing that you attempted to retrieve the documents.
Don't have a contact at the company
Usually you can email the company's support email for information.
Vendor Wants an NDA

If the vendor wants CSUSM to sign a Non Disclosure Agreement (NDA) to send us the above documents please tell them "CSUSM will not sign vendor NDAs to receive accessibility conformance documentation."

Signing an NDA to receive these documents may conflict with CSUSM's obligations under the California Public Record Act.
Vendor Does Not Respond to Email
If the vendor does not reply to your request for documents after 10 business days please note that in the requisition and submit it.
Can this purchase go on a Procard?
Please refer to section 10 of the CSUSM ProCard Manual.
Are security/accessibility reviews required to be completed annually?
Yes, Security and Accessibility standards change every year.
Do I have to do this for every type of purchase?

Yes. There are items that are pre-vetted and reccomended, however, the request must still begin with a req in P2P.

Getting Started with CSUBUY (P2P)

Procurement P2P Guide

Continue to CSUBUY