Technology Review

UVM has begun performing Technology Reviews on technology used on campus and/or by UVM resources.  This Technology Review will occur on the purchase, license, or usage of hardware, software, professional services and/or software maintenance (the “Project”), whether it’s a new contract or a renewal.  The review may include input from numerous resources including the Information Security Office, various Information Technology (IT) support groups, Risk Management and/or Accessibility. Once the Technology Review is complete, the regular Purchasing process will be automatically initiated by the reviewers through a dedicated Footprints workspace.

To assist in the Technology Review process, we ask that you do the following before submitting your Project for review:

  1. Please fill out the Technology Review Checklist
    1. The checklist is available in the Article Attachments section at the bottom of this page (click the + to expand the list).
    2. There is also a Knowledge Article available in the Article Attachments section below, which should answer any questions you have when filling out the checklist.
    3. This is still a developing process.  As it is further developed and enhanced, the most recent version of all documents will be posted here.  If you have feedback or recommendations about how to make it better, please let us know by emailing ets-managers@list.uvm.edu
  2. Please request the following documents from your vendor if they haven’t already been provided. With any of these documents it is possible that the vendor does not have them, but knowing that fact is important to our review:
    1. Contracts:
      1. Any/all contract documents – anything we are expected to sign or by bound by, even things that exist online including any terms and conditions, order forms, etc.
    2. Information Security:
      1. A copy of their SOC2 report or any other data security audits they have recently completed.
      2. Any related data security procedure documents.
    3. Accessibility:
      1. A copy of their Voluntary Product Accessibility Template (VPAT) and Accessibility Conformance Report (ACR) for the product(s) in question.
    4. Risk:
      1. Their current Certificate of Insurance (COI).
        1. We require that the COI show UVM as the Certificate Holder.
        2. If the vendor has Cyber Risk Insurance, make sure that is included on the COI.
          1. Cyber Risk Insurance may be contained in other coverages (Errors and Omissions coverage, etc), so ask that the vendor make sure that the COI is explicit in mentioning Cyber Risk coverage if they have it.
        3. Ask the vendor to list UVM as an additional insured on the COI.
  3. Submit the entire package, checklist and documents, via email to Rachel Seremeth and James Evans (rachel.seremeth@uvm.edu; james.evans@uvm.edu).
    1. You may also want to provide any feedback from the vendor, for example: which documents they didn’t have and why.
    2. Rachel/James will create a Footprint that will be the repository for the review documents and facilitate the workflow as the review moves forward.
    3. Once the Technology Review begins, you may be asked questions about various aspects of the Project throughout the review process in an effort to fully understand the scope of the Project. It’s possible that the vendor may need to be brought into the discussion, if necessary. The reviewers will work with you to make the determination as to whether input from the vendor is needed and how best to communicate with the vendor.
    4. Once the Technology Review is complete, you will receive an update through the Footprint providing any feedback and suggested next steps. Generally this will be in the form of suggested contract language, either through redlines or with specialized UVM addenda. The project will then move to Purchasing in the Footprint.
    5. Purchasing will provide the final review and will assist with the Project until signature. This may involve the Office of General Counsel as needed. Please wait until Purchasing finalizes their review before communicating with the vendor about the review process. It is generally a best practice to send the vendor one final document to review, which Purchasing will create at the end of their review (and which will include the suggestions from the Technology Review).
  4. For planning purposes, please expect Technology Reviews to take 4 weeks.
Updated on April 11, 2019

Article Attachments

Was this article helpful?

Related Articles

Need Support?
Don’t worry we’re here to help!
Submit a Help Ticket
Translate »