Technology Review

UVM has begun performing Technology Reviews on technology used on campus and/or by UVM resources. This Technology Review will occur on the purchase, license, or usage of hardware, software, professional services and/or software maintenance (the “Project”), whether it’s a new contract or a renewal.

The review may include input from numerous resources including the Information Security Office, various Information Technology (IT) support groups, Risk Management and/or Accessibility. Once the Technology Review is complete, the regular Purchasing process will be automatically initiated by the reviewers through a dedicated FootPrints workspace.

This is still a developing process

As it is further developed and enhanced, the most recent version of all documents will be posted here. If you have feedback or recommendations about how to make it better, please let us know by emailing ets-managers@list.uvm.edu.

To assist in the Technology Review process, we ask that you do the following before submitting your Project for review:

Step 1: Fill out the Technology Review Checklist

The checklist is available in the Article Attachments section at the bottom of this page (click the + to expand the list).

There is also a Knowledge Article available in the Article Attachments section below, which should answer any questions you have when filling out the checklist.

Step 2: Request Documents from your Vendor

If they have not already been provided, please request the following documents from the vendor. With any of these documents, it is possible that the vendor does not have them. Knowing that fact is important to our review.

    1. Contracts:
      1. Any and all contract documents – anything we are expected to sign or be bound by, even things that exist online, including any terms and conditions, order forms, etc.
    2. Information Security:
      1. A copy of their SOC2 report or any other data security audits they have recently completed.
      2. Any related data security procedure documents.
    3. Accessibility:
      1. A copy of their Voluntary Product Accessibility Template (VPAT) and Accessibility Conformance Report (ACR) for the product(s) in question.
    4. Risk:
      1. Their current Certificate of Insurance (COI).
        1. We require that the COI show UVM as the Certificate Holder.
        2. If the vendor has Cyber Risk Insurance, make sure that is included on the COI.
          1. Cyber Risk Insurance may be contained in other coverages (Errors and Omissions coverage, etc), so ask that the vendor make sure that the COI is explicit in mentioning Cyber Risk coverage if they have it.
        3. Ask the vendor to list UVM as an additional insured on the COI.

Step 3: Email the Entire Package, Checklist, and Documents to Technology.Review@uvm.edu

You may want to provide any feedback from the vendor, for example: which documents they didn’t have and why. Email these documents to Technology.Review@uvm.edu.

The Technology Review team will create a FootPrint that will serve as the repository for the review documents and facilitate the workflow as the review moves forward.

Throughout the Technology Review process, you may be asked questions about various aspects of the Project in an effort to fully understand the scope. It may be necessary to bring the vendor into the discussion. The reviewers will work with you to make the determination as to whether input from the vendor is needed and how best to communicate with the vendor.

Once the Technology Review is complete, you will receive an update through the FootPrint providing any feedback and suggested next steps. Generally this will be in the form of suggested contract language, either through redlines or with specialized UVM addenda. The project will then move to Final Review and Approval.

James Evans, the IT Contract Analyst, either independently or with consultation with Purchasing, will complete a general contract review and provide final approval with next steps required for the circulation of contract documents for signature by the parties. This may involve the Office of General Counsel as needed.

Please follow closely the articulated next steps that accompany the final approval, such as instructions to note the FootPrint Issue Number on your requisition in PeopleSoft.

For planning purposes, please expect Technology Reviews to take 4 weeks.

If you are facing an upcoming deadline, please let the reviewers know. All efforts will be made to accommodate when possible.

Technology Review FAQ

How long do Technology Reviews take?

For planning purposes, please expect Technology Reviews to take 4 weeks.

What must undergo the Technology Review?

The Technology Review will occur on the purchase, license, or usage of hardware, software, professional services and/or software maintenance (the “Project”), whether it’s a new contract or a renewal.

Updated on June 10, 2019

Article Attachments

Was this article helpful?

Related Articles

Not the solution you were looking for?
Don’t worry we’re here to help!
Submit a Help Ticket