Platform: All university technology and data resources
Affiliation: Employees
The Purpose of the Process
Per the IT acquisition policy, the purpose of the Technology Compliance Review process is to:
- Ensure the product and its implementation are in compliance with information technology, accessibility, data, security, and other relevant policies, rules, and guidelines.
- The product is compatible with university information technology systems, data integrations, and security technology.
- Reduce the acquisition of redundant technologies and seek opportunities for cost savings through shared contracts, master services agreements, and contract negotiations.
- Ensure the implementation of the product and its clients receive adequate implementation and long-term support from the Office of Information Technology and relevant enterprise data stewards.
How to Start - Technology Acquisitions Wizard
Complete the Technology Acquisitions Wizard, a comprehensive guided process that will ask a series of questions, provide a list of next steps, and submit a Technology Compliance Review request to the Office of Information Technology if one is required.
Technology Acquisitions Wizard
If a Review is Required
If a Technology Compliance Review is required, your request will be submitted to OIT after completing the Technology Acquisitions Wizard. The wizard may inform you that you need to collect one or more of the following documents from the vendor to support the review. An IT Analyst from OIT will follow up once the request is submitted to discuss the process.
HECVAT (Higher Education Cloud Vendor Assessment Tool)
Lite Edition
Required under the following conditions:
- Product is hosted by a vendor in the cloud (Software as a Service)
- AND Product stores restricted or confidential per the University's cloud computing policy
- OR Product hosted by a vendor in the cloud and is used by more than 10 individuals
Full Edition
Required under the following conditions:
- The product meets the requirements of the Lite Edition
- AND Product stores PHI/HIPAA, Payment card, or financial data per the University's cloud computing policy
VPAT (Voluntary Product Accessibility Template) and Accessibility Review
508 Edition
Required under the following conditions:
- Technology hardware interfaces.
- The technology used by more than 10 individuals that change frequently.
WCAG (Web Content Accessibility Guidelines) Edition
- Web and software technology interfaces.
- The technology used by more than 10 individuals that change frequently.
Obtain a VPAT
- Request that the vendor complete the necessary version of the Voluntary Product Accessibility Template
- Respond to the Service Hub email that you received with the VPAT attached.
The IT analyst assigned to your request will work with the WMU accessibility compliance specialist to conduct a review of the VPAT. If a VPAT is not available, the accessibility compliance specialist will contact you to obtain access to the product to perform a review to test for compliance.
Approval
Upon completing the compliance review, IT will provide an approval document that outlines any mandatory and recommended next steps as well as approval, conditional approval, or a decline of your request. Respond with your acknowledgment of the conditions of the response to complete the process.
Historical Reviews