Purchasing Technology at NAU
ITS has partnered with Accessibility and Contracts, Purchasing, and Risk Management (CPRM) to develop a process for purchasing technology that aligns with NAU’s current policies and needs. This process is under constant refinement, so we appreciate your patience as we grow and improve to better serve you.
- Gather the required information:
- Complete the Contract Signature Request (CSR). Please see the CPRM webpage for more information or contact NAU-Purchasing@nau.edu.
- When filling out the CSR:
- Select “Information and Communication Technology” for the Contract Type.
- Select “Yes” to “Does the contract include any online interfaces, software, software subscriptions for cloud based application, and software as a service contracts?”
- Select “No” for “Have you submitted an ITS Software Checklist?”
- When filling out the CSR:
- The CSR generates a new ITS Checklist that contains information entered into the CSR. You will also receive an email with a link to complete the ITS Checklist.
After you have successfully submitted your checklist, you will receive an automated email letting you know that it has been received by ITS. Alternatively, you can use this dashboard to view ITS Checklists that are currently in progress. This dashboard provides real time updates as to the current status of the request and can be filtered by date, software title, and submitter name. During the review process by ITS and Accessibility, you will receive updates via automated email until final review is provided by the ITS CIO. If you have questions regarding the status of a checklist or cannot find it on this Dashboard, open a ServiceNow ticket to the Systems Analyst Team or call 928-523-1511.
What is the ITS Checklist? Accordion Closed
It is a required process that allows ITS, Accessibility, and CPRM to review and evaluate technology, subscriptions, or hardware prior to use. The intent of this review is to address a number of concerns including mitigating risk to NAU, ensuring accessibility for all users, maintaining fiscal responsibility by reducing the number of redundant purchases, complying with data management policies, and contributing to an “OneNAU” feel.
What do I do when I need a subscription to a website instead of technology/software? Accordion Closed
There has been a change to how subscriptions will be processed through the ITS Checklist. To ensure the safety of NAU data and systems, ITS will need to review subscription checklists that contain the following:
- The subscription service processes or stores protected NAU data (FERPA, FISMA, HIPAA, etc.)
- The subscription service integrates with an existing NAU system (i.e. PeopleSoft, Salesforce, CAS, etc.)
- The subscription has a high number of NAU users (more than 100)
Please Note: If the subscription meets any of the criteria above, it requires an NAUVAT completed by the vendor attached to the checklist. If the subscription does not meet any of the above criteria, the checklist still needs to be submitted for Accessibility review but will take less time to process because ITS will not review it.
If you have any questions or concerns, please contact firstname.lastname@example.org.
Why do I have to do this? Accordion Closed
There are many reasons for the ITS Checklist. Below are 3 of the most common answers you will hear, but a summary of all of this is that “It’s dangerous to go alone!”. The threat from being connected to the rest of the virtual world is real, but the benefits are unlimited. The ITS Checklist allows NAU to have experts from all areas of the University review and ask the hard questions. By taking a proactive approach to protecting our data, our students, and NAU we are maximizing our resource usage and minimizing our risk.
Because of the inherent risk to NAU when using any technology, a review by subject matter experts allows us to lower the risk of data breaches. In 2018 alone, 14 higher education institutions reported data breaches. Four of those breaches were due to a third party entity (i.e., hosted vendor). Over 40 million records were compromised costing the institutions an average total of 60 million dollars in fines and lawsuits. The ITS Checklist is the first step to maintaining data integrity at NAU. If you use unapproved technology at NAU, there could be serious ramifications. As of 2018, the average cost of a data breach is $3.86 million. If NAU has all of its data stolen it would be over $9 million.
Usability is a key factor when developing products and websites. Universally designed products and websites allow as many users as possible to interact within the digital world without the need of additional technology. Designing with accessibility in mind goes one-step further to ensure individuals with disabilities that use assistive technology have the opportunity to interact with products and websites in that same digital world.
Section 504 of the Rehabilitation Act and the Americans with Disabilities Act cover accessibility. Information and Communication Technology (ICT) purchased, developed, maintained, or used by the University must meet federally recognized accessibility guidelines. As such, we are required to follow the Web Content Accessibility Guidelines (WCAG) 2.0 at the AA level.
The Department of Education Office for Civil Rights (OCR) enforces compliance with accessibility requirements. OCR has created over 1,000 resolution agreements with schools around ICT accessibility.
As a government institution we have a fiscal responsibility to allocate resources appropriately. The ITS Checklist allows us to build a central repository of the technology that is being utilized. With this information, metric based decisions can be made regarding whether or not we already have a solution available that will meet requirements and identify opportunities where it would be beneficial to purchase group licensing.
Why doesn’t ITS fill out the Checklist? Accordion Closed
We do, when it is technology that we own and maintain. However, many times the business is far more familiar with how the technology is going to be used, what modules or add-ons have been purchased, and the exact business needs of the technology. ITS will not be aware of the detailed understanding of the business needs. Having the business involved early on allows us to find the right solution for ITS, the business, and NAU as a whole.
Why are there so many questions? Accordion Closed
Multiple departments are involved in this review, so rather than have each of them reach out to you individually, the departments worked together to compile a single questionnaire.
Why can’t the vendor fill it out? Accordion Closed
The checklist is only accessible to NAU employees, so the vendor cannot access it. The form contains questions that the vendor will not be able to answer because they are specific to how you intend on using the technology.
To make it easier for you to get accurate information in order to complete the checklist, we have provided this ITS Checklist Vendor Form. It has a limited number of questions that you can provide the vendor.
How do I know what we have already purchased? Accordion Closed
How do I know where my Checklist is? Accordion Closed
ITS checklists currently in progress can be viewed on a dashboard. If your checklist is not showing on this dashboard, it could be 1 of 2 things:
- It has not been started.
- It has already completed the review process.
If you know the checklist has been submitted, but never received email confirmation, check your spam folder. If you have additional questions or concerns, please open a ServiceNow ticket or call 928-523-1511.
How do I find the link to the ITS Checklist directly? Accordion Closed
This link will take you directly to the ITS Checklist.
When do I need to do this? Accordion Closed
The ITS Checklist is required annually and must be completed before a contract will be signed or payment made. It is recommended you start a month or two prior to renewal or purchase.
Who is involved with the Checklist Review? Accordion Closed
Who should complete the checklist? Accordion Closed
After informing the fiscal authority in the department, the person who is most knowledgeable about the technology and its intended usage should fill out the ITS Checklist. Because many times it is a collaborative process between the department and the vendor, we have provided this ITS Checklist Vendor Form. This is not the ITS Checklist and will not be accepted in lieu of required documentation, but it will allow the submitter to get required information.
Know the rules
All NAU employees and students should read and be familiar with the Appropriate Use of IT Resources policy.
Required supplemental documentation
- Voluntary Product Accessibility Template (VPAT)
- Higher Education Cloud Vendor Assessment Tool (HECVAT)
- Vendor Question Form