Technology Request

Who can use it?

Faculty, Staff

Students - Requests must be submitted by a faculty sponsor or supervisor on behalf of a student.

What is it?

For a quick overview, watch the Technology Request Tutorial (9 minutes).

The Technology Request process:

  • is required for ANY and ALL technology (hardware, software (including renewals), tech services, add-ons) you plan to use or are currently using at the University of Delaware as faculty, employee, or affiliate, including add-ons, trial periods, and free solutions.
  • evaluates each solution to ensure it meets Federal accessibility standards and the University’s data security standards
  • helps UDIT identify requests, in advance, where UDIT consultation or support may be needed to help requestors understand project requirements, technical feasibility and/or solution redundancy in advance of making a purchase.

Required documentation: Please submit all required documentation noted in the How to use it? section below to ensure your request is processed in a timely manner. For add-on requests, if the required documentation is not attached the request will not be reviewed.

Timing: It can take up to 1 week - 1 month to complete the Technology Request reviews, longer if the required documentation or responses are not provided immediately. Add-ons for existing enterprise services (e.g., Google, O365, Canvas, Zoom, etc.) that have been previously reviewed via the Technology Request process will be considered, however these requests are reviewed on a monthly basis and are not always recommended.

Next steps to consider after the Tech Request: Contract reviews can occur in parallel with the Technology Request process in UD’s Contracts+ and can take 1-3+ months depending on the state or condition of the contract as it relates to UD’s legal, privacy and risk guidance and response times from you and/or the vendor. You can submit a Purchase Order (PO) Requisition in UD Exchange (UDX / ePro) immediately after submitting the Technology Request, if the vendor has already completed a W-9, but the PO will not be approved until all reviews are completed. See UD Procurement for more information.

Where to get it?

Click on the Request Service button on the right panel.

How to use it?

Attach the required documentation to the Technology Request:

  1. Security - The vendor must provide one of the following assessments (unless the solution will have Level III data then the vendor must provide two forms of assessment):
  2. Credit Card Payments - If the vendor facilitates payment card transactions on a UD merchant account directly or through a re-direct via a third-party gateway, then in order to meet the University's PCI Compliance Requirements: 
    • The vendor must provide a completed Self-Assessment Questionnaire for Service Providers (SAQ D) signed by a Qualified Security Assessor (QSA).
    • The SAQ D must be signed by a QSA within the last 12 months.
    • Note: If the request is for a renewal of an existing, previously reviewed contract, then this documentation will be collected as part of Treasury's annual compliance review process (outside of the Technology Request process).
    • Note: UD-approved payment gateways include: CardConnect CardPointe; Clover; Authorize.net; FreedomPay (UD Dining); Bluefin (UD Ticket Office); and Windcave/Flowbird (UD Parking). 
  1. Accessibility - The vendor must provide a completed Voluntary Product Accessibility Template (VPAT). Other accessibility assessments may also be accepted.
  2. Agreements - Provide the vendor’s contract as an editable Word Document for contract negotiation purposes.
    • If the vendor will not accept changes to their contract(s), provide a link to the agreements or PDF versions and note that they will not accept changes.
  3. Other documents related to the purchase - Attach the order form, scope of work (SOW), proposal, or other documentation related to the purchase.

Exceptions to the required documentation:

  1. Security exceptions - Based on the classification of the data involved in the solution.
    1. Level 1 data, locally installed software (no cloud components or integrations) - no assessment required.
    2. Level 1 data - HECVAT requested, if available
      • Depending on use case and risk, the HECVAT or alternative security assessment could be required.
      • Updated assessment requested every 3 years, prior to contract renewal.
    3. Level 2 data - security assessment required
      • Assessment required every 3 years, prior to contract renewal.
    4. Level 3 data - HECVAT required, plus at least one alternative independent assessment/certification (see alternatives below)
      • Assessment required annually, prior to contract renewal.
  2. Credit Card Payment Exceptions – if the third-party vendor processes UD payments on their own merchant account and is the merchant of record subsequently remitting payment to the University:
  • The vendor is not required to provide an SAQ D, however,
  • The vendor must provide their SAQ A or Attestation of Compliance (AOC) to prove PCI compliance on the vendor-owned merchant account. 
  • UD does not require that this attestation be signed by a QSA but it must be signed within the last 12 months.
  1. Accessibility exceptions - If the solution DOES NOT a user interface (UI) OR has 10 or fewer people interacting with the user interface, a VPAT is not required. Contact procurement@udel.edu for questions about Accessibility exceptions
  2. Agreement exceptions - You can reach out to procurement@udel.edu if you have any questions about agreement exceptions.
    • Additional documentation may be required depending on the request complexity and data, for example; contract documents, scope of work, master services contract, FERPA, GDPR, BAA, etc.

What are the charges, options & fees?

There is no charge for this service. Departments are responsible for obtaining budget approval prior to submitting the Technology Request form.

Purchases over $50,000 will be reviewed by the Chief Information Office / Vice President of Information Technologies as part of the Technology Request Process.

 
Request Service

Related Articles (2)

Overview of the reasons for submitting a Technology Request and the submission process for a Requester.
Watch this video for an overview of how to submit, view, and manage a technology request.

Details

Service ID: 232
Created
Fri 11/20/20 3:38 PM
Modified
Mon 8/8/22 9:36 AM
Service Type
The IT Strategic Plan identified three types of Services: Core, Consortium and Specialized
Core