Technology Request

Who can use it?

Faculty, Staff

What is it?

University of Delaware Information Technology (UDIT) is providing a Technology Request process to assist University members with pursuing technology solutions that help the enterprise or individual units fulfill business needs while meeting University security, accessibility, policy, and other compliance standards. This pathway offers clear time frames and communication checkpoints, along with consultation, technology expertise, support from UDIT and other campus collaborators; Procurement, Office of General Counsel, etc.

UDIT’s evaluation process considers the value and risks associated with each request. The UDIT team will look to answer several key questions about each solution:

  • Does the solution advance the University’s or requesting unit’s mission(s) through enhanced core, consortia or specialized functionality?
  • What is the service value of the solution?
  • Does the solution have adequate project details?
  • Does the solution duplicate or replace an existing service?
  • Does the solution raise any security, privacy, or compliance concerns? Examples:
    • What data does the solution collect?
    • How much access does the solution need?
    • Do the terms of use meet UD standards?

Use this form whenever you plan to:

  • purchase a new technology solution,
  • renew an existing technology solution,
  • assess / consult on potential technology solutions or business processes (for example, pursue an RFP / RFI, engage in technical discovery, or ready to launch a project with technology components)
  • request UDIT specialist support for integration assistance.

In addition, please select the Solution Type radio button for Add-On / Plug-In / Extension to request an add-on for an existing technology solution; Zoom, Canvas, O365, Google, however, these requests are reviewed on a monthly basis and are not always recommended.

For a quick overview: Technology Request Tutorial

Where to get it?

Click on the Request Service button

How to use it?

Answer the high level questions in the request form and submit the request. A dedicated IT team reviews submissions received and works with the Requester to (a) fully frame the business need; (b) identify organizations, policies, and procedures relevant to the request; and (c) establish expectations as they relate to next steps and time frames.

For a New solution you should have the vendor complete the Higher Education Community Vendor Assessment Toolkit (HECVAT). Below are the general guidelines that should be followed for the IT Information Security review for solutions that are not being hosted at UD. These guidelines should also be followed for Renewals and Add-Ons / Plug-Ins / Extensions.

Refer to the following guidelines, based on the Classification of data involved in the solution:

  • Level 1 data - HECVAT requested
    • Depending on use case and risk, the HECVAT could be required.
    • Documentation required every 3 years for renewals.
  • Level 2 data - HECVAT required
    • IT may accept alternative independent assessment/certification if a HECVAT is unable to be completed (see alternatives below).
    • Documentation required every 3 years for renewals.
  • Level 3 data - HECVAT required, plus at least one alternative independent assessment/certification (see alternatives below)
    • Documentation required annually for renewals.

Alternative Independent Assessment / Certification Options:

  • SOC2
  • PCI DSS
  • HITRUST
  • NIST 800-53
  • NIST Cybersecurity Framework
  • ISO 27001/27002
  • BitSight (or comparable) cybersecurity rating report
  • Other independent assessment/certification based on a common security framework

If the product has a user interface (UI) that more than 10 people will interact with, you must have the vendor complete a Voluntary Product Accessibility Template (VPAT) [WCAG Edition, latest version] and include it as an attachment to this request in order for Procurement to conduct an accessibility review.  

Please reference the Technology Request Guidance.pdf for additional guidance. 

Note: Additional documentation may be required depending on the request complexity and data, for example; contract documents, scope of work, master services contract, FERPA, GDPR, BAA, etc.

What are the charges, options & fees?

There is no charge for this service

 
Request Service

Details

Service ID: 232
Created
Fri 11/20/20 3:38 PM
Modified
Mon 9/20/21 11:03 AM
Service Type
The IT Strategic Plan identified three types of Services: Core, Consortium and Specialized
Core