Submit Request for Review

To submit a Request for Review of ICT,Ìýthe Â鶹Ãâ·Ñ°æÏÂÔØRequestor gathers all necessaryÌýaccessibility and security informationÌýfor the ICT review team to perform an initial evaluation and, if needed, conduct a completeÌýaccessibility or security review.Ìý

The sections below guide the Â鶹Ãâ·Ñ°æÏÂÔØRequestor through completing the ICT Review Process.

Help & Feedback

Not sure where to start? Read our FAQs about the ICT review process or email the ICT review team for additional help.Ìý

Provide ICT Information

To start the review process, the Â鶹Ãâ·Ñ°æÏÂÔØRequestor must completeÌýtheÌý.

You will receive an email confirmation of your submission with an assignedÌýticket number. The email will containÌýinformation regarding whether your requisition can move forward or needs further accessibility and security review. The classification of the impact will determine the depth of the accessibility and security reviews necessary and the additional information that will be needed to complete the review.

  • For high-impact security determinations, the ICT review team will need theÌýÌýto be completed. Please see the Security Information section for more information. Ìý
  • For high-impact accessibility determinations, the ICT review team will need theÌýÌýto be completed. Please see the Accessibility Information section for more information.
  • For low-impact determinations, the Â鶹Ãâ·Ñ°æÏÂÔØRequestor can move forward with the requisition following the instructions provided in the email notifications.

For high-impact security requisitions, either the Â鶹Ãâ·Ñ°æÏÂÔØRequestor orÌýthe Supplier (based on where the data will be stored) must complete theÌý.

  • If this product/service/application isÌýinstalled on campus, theÌýÂ鶹Ãâ·Ñ°æÏÂÔØRequestorÌýmust complete theÌý.
  • If this product/service/application isÌýhosted by a 3rd party, theÌýSupplierÌýmust complete theÌý. Â鶹Ãâ·Ñ°æÏÂÔØRequestor should notify the supplier to complete this form as soon as possible, providing them with the review ticket number that was provided on submission of theÌý. The Â鶹Ãâ·Ñ°æÏÂÔØRequestor will receive an email notification when the completed form has been received by the ICT review team.

When the ICT Security Review (Form B) has been received by the ICT review team, a high-impact security review of the product of service will be conducted. The high-impact security review of the product or service involves a thorough investigation which may include:

  • Identification and classification of University data
  • Verification of IT security standards and validation of compliance to those standards
  • Vulnerability scans if the technology is to be hosted on any Â鶹Ãâ·Ñ°æÏÂÔØasset
  • The completion of a Service Continuity Plan based on the data involved and impact the service provides to the University
  • Collection and review of additional information from the supplier including, but not limited to, SOC I or II/SSAE 16 audits, ROCs, alternative internal audits, application scans, vulnerability scans, or an IT Security Audit performed by the Â鶹Ãâ·Ñ°æÏÂÔØBoulder Security Office

Additional steps may be requested of both the Â鶹Ãâ·Ñ°æÏÂÔØRequestor and Supplier, if the requisition is to be part of a Â鶹Ãâ·Ñ°æÏÂÔØBoulder provided IT Service.

For high-impact accessibility requisitions, the Supplier will need to complete theÌý.

The Â鶹Ãâ·Ñ°æÏÂÔØRequestor shouldÌýinstruct the supplier to complete this form, providing them with the review ticket number that was provided on submission of the .

The Supplier will also need to provide aÌýVPAT, a WCAG checklist,Ìýor equivalent documentation ensuring compliance as part of this form. If the product or service is only partially compliant, the Supplier may also need to provide anÌýICT Accessibility RoadmapÌýand suggested interim workarounds while remediation is in progress.

The ICT accessibility review team will need all necessary forms and information from the Supplier before the full review can be conducted.

When the ICT Accessibility Review (Form C) has been received by the ICT accessibility review team, a high-impact accessibility review of the product of service will be conducted. The high-impact accessibility review of the product or service involves a thorough investigation which may include:

  • External testing by the supplier
  • Internal testing byÌýtheÌýDigital Accessibility Office
  • Preparation of an accessibility plan by the department while remediation is in progress

Based on the results of the accessibility review, the Purchasing Service Center (PSC) may need to propose or negotiate accessibility compliance contract language with the supplier. The ICT review team will notify the Â鶹Ãâ·Ñ°æÏÂÔØRequestor once the review has been completed and if the process can move forward or more needs to be done.