Submit Request for Review

Breadcrumb

To submit a Request for Review of ICT,听the 麻豆免费版下载Requestor gathers all necessary听accessibility and security information听for the ICT review team to perform an initial evaluation and, if needed, conduct a complete听accessibility or security review.听

The sections below guide the 麻豆免费版下载Requestor through completing the ICT Review Process.

To start the review process, the 麻豆免费版下载Requestor must complete听the听Digital Technology Compliance Review Request (Form A).

You will receive an email confirmation of your submission with an assigned听ticket number. The email will contain听information regarding whether your requisition can move forward or needs further accessibility and security review. The classification of the impact will determine the depth of the accessibility and security reviews necessary and the additional information that will be needed to complete the review.

For high-impact security determinations, the ICT review team will need the听ICT Security Review (Form B)听to be completed. Please see the Security Information section for more information. 听
For high-impact accessibility determinations, the ICT review team will need the听ICT Accessibility Review (Form C)听to be completed. Please see the Accessibility Information section for more information.
For low-impact determinations, the 麻豆免费版下载Requestor can move forward with the requisition following the instructions provided in the email notifications.

For high-impact security requisitions, either the 麻豆免费版下载Requestor or听the Supplier (based on where the data will be stored) must complete the听ICT Security Review (Form B).

If this product/service/application is听installed on campus, the听麻豆免费版下载Requestor听must complete the听ICT Security Review (Form B).
If this product/service/application is听hosted by a 3rd party, the听Supplier听must complete the听ICT Security Review (Form B). 麻豆免费版下载Requestor should notify the supplier to complete this form as soon as possible, providing them with the review ticket number that was provided on submission of the听Digital Technology Compliance Review Request (Form A). The 麻豆免费版下载Requestor will receive an email notification when the completed form has been received by the ICT review team.

When the ICT Security Review (Form B) has been received by the ICT review team, a high-impact security review of the product of service will be conducted. The high-impact security review of the product or service involves a thorough investigation which may include:

Identification and classification of University data
Verification of IT security standards and validation of compliance to those standards
Vulnerability scans if the technology is to be hosted on any 麻豆免费版下载asset
The completion of a Service Continuity Plan based on the data involved and impact the service provides to the University
Collection and review of additional information from the supplier including, but not limited to, SOC I or II/SSAE 16 audits, ROCs, alternative internal audits, application scans, vulnerability scans, or an IT Security Audit performed by the 麻豆免费版下载Boulder Security Office

Additional steps may be requested of both the 麻豆免费版下载Requestor and Supplier, if the requisition is to be part of a 麻豆免费版下载Boulder provided IT Service.

For high-impact accessibility requisitions, the Supplier will need to complete the听ICT Accessibility Review (Form C).

The 麻豆免费版下载Requestor should听instruct the supplier to complete this form, providing them with the review ticket number that was provided on submission of the Digital Technology Compliance Review Request听(Form A).听

The Supplier will also need to provide a听VPAT, a WCAG checklist,听or equivalent documentation ensuring compliance as part of this form. If the product or service is only partially compliant, the Supplier may also need to provide an听ICT Accessibility Roadmap听and suggested interim workarounds while remediation is in progress.

The ICT accessibility review team will need all necessary forms and information from the Supplier before the full review can be conducted.

When the ICT Accessibility Review (Form C) has been received by the ICT accessibility review team, a high-impact accessibility review of the product of service will be conducted. The high-impact accessibility review of the product or service involves a thorough investigation which may include:

External testing by the supplier
Internal testing by听the听Digital Accessibility Office
Preparation of an accessibility plan by the department while remediation is in progress

Based on the results of the accessibility review, the Purchasing Service Center (PSC) may need to propose or negotiate accessibility compliance contract language with the supplier. The ICT review team will notify the 麻豆免费版下载Requestor once the review has been completed and if the process can move forward or more needs to be done.

麻豆免费版下载