Technology Request

Who can use it?

Faculty, Staff

Students - Requests must be submitted by a faculty sponsor or supervisor on behalf of a student.

What is it?

For a quick overview, watch the Technology Request Tutorial (9 minutes).

The Technology Request process:

  • is required for ANY and ALL technology (hardware, software (including renewals), tech services, add-ons) you plan to use or are currently using at the University of Delaware as faculty, employee, or affiliate, including add-ons, trial periods, and free solutions.
  • evaluates each solution to ensure it meets Federal accessibility standards and the University’s data security standards
  • helps UDIT identify requests, in advance, where UDIT consultation or support may be needed to help requestors understand project requirements, technical feasibility and/or solution redundancy in advance of making a purchase.

Required documentation: Please submit all required documentation noted in the How to use it? section below to ensure your request is processed in a timely manner. For add-on requests, if the required documentation is not attached the request will not be reviewed.

Timing: It can take up to 1 week - 1 month to complete the Technology Request reviews, longer if the required documentation or responses are not provided immediately. Add-ons for existing enterprise services (e.g., Google, O365, Canvas, Zoom, etc.) that have been previously reviewed via the Technology Request process will be considered, however these requests are reviewed on a monthly basis and are not always recommended.

Next steps to consider after the Tech Request: Contract reviews can occur in parallel with the Technology Request process in UD’s Contracts+ and can take 1-3+ months depending on the state or condition of the contract as it relates to UD’s legal, privacy and risk guidance and response times from you and/or the vendor. You can submit a Purchase Order (PO) Requisition in UD Exchange (UDX / ePro) immediately after submitting the Technology Request, if the vendor has already completed a W-9, but the PO will not be approved until all reviews are completed. See UD Procurement for more information.

Where to get it?

Click on the Request Service button.

How to use it?

Attach the required documentation to the Technology Request:

  1. Security - The vendor must provide one of the following assessments (unless the solution will have Level III data then the vendor must provide two forms of assessment):
    • Higher Education Community Vendor Assessment Toolkit (HECVAT) - strongly preferred
    • SOC2 - preferred
    • PCI DSS
    • HITRUST
    • NIST 800-53
    • NIST Cybersecurity Framework
    • ISO 27001/27002
    • BitSight (or comparable) cybersecurity rating report
    • Other independent assessment/certification based on a common security framework.
  2. Accessibility - The vendor must provide a completed Voluntary Product Accessibility Template (VPAT). Other accessibility assessments may also be accepted.
  3. Agreements - Provide the vendor’s contract as an editable Word Document for contract negotiation purposes.
    • If the vendor will not accept changes to their contract(s), provide a link to the agreements or PDF versions and note that they will not accept changes.
  4. Other documents related to the purchase - Attach the order form, scope of work (SOW), proposal, or other documentation related to the purchase.

Exceptions to the required documentation:

  1. Security exceptions - Based on the classification of the data involved in the solution.
    1. Level 1 data, locally installed software (no cloud components or integrations) - no assessment required.
    2. Level 1 data - HECVAT requested, if available
      • Depending on use case and risk, the HECVAT or alternative security assessment could be required.
      • Updated assessment requested every 3 years, prior to contract renewal.
    3. Level 2 data - security assessment required
      • Assessment required every 3 years, prior to contract renewal.
    4. Level 3 data - HECVAT required, plus at least one alternative independent assessment/certification (see alternatives below)
      • Assessment required annually, prior to contract renewal.
  2. Accessibility exceptions - If the solution DOES NOT a user interface (UI) OR has 10 or fewer people interacting with the user interface, a VPAT is not required. Contact procurement@udel.edu for questions about Accessibility exceptions
  3. Agreement exceptions - You can reach out to procurement@udel.edu if you have any questions about agreement exceptions.
    • Additional documentation may be required depending on the request complexity and data, for example; contract documents, scope of work, master services contract, FERPA, GDPR, BAA, etc.

What are the charges, options & fees?

There is no charge for this service. Departments are responsible for obtaining budget approval prior to submitting the Technology Request form.

Purchases over $50,000 will be reviewed by the Chief Information Office / Vice President of Information Technologies as part of the Technology Request Process.

 
Request Service

Details

Service ID: 232
Created
Fri 11/20/20 3:38 PM
Modified
Wed 4/20/22 3:32 PM
Service Type
The IT Strategic Plan identified three types of Services: Core, Consortium and Specialized
Core