The Information Communication Technology (ICT) Review Process applies to purchases and adoptions of all information and communication technology regardless of the cost or funding source (e.g., State, Foundation, Athletic Corporation, Federal and State grant funds.) The requirement for accessible and secure ICT extends to "free" products or services (e.g., Google Apps), and also includes products or services developed on campus. This includes purchases for everything including equipment with a digital interface, software, or systems that can store, manage, control, manipulate or retrieve information for human interaction, and also videos, web content and communications products.
All ICT goods or services acquired for use in a CU Boulder program, service, or activity must be reviewed for compliance with CU Security and Accessibility policies. CU Boulder requires accessibility and security compliance provisions be included in all contracts or user agreements. Required contract language provisions should be provided to prospective suppliers before negotiations begin.
The depth of the review process will depend on the impact and scope of the product or service. At this time, the ICT review team is reviewing all procurement for services broadly used by the campus, a school, college, or departmental unit to ensure compliance with campus ICT Standards.
- For High-Impact Purchases, all steps and forms are required before a purchase is made and purchases may not proceed without a full review by the ICT review team.
- For Low-Impact Purchases, all steps and forms may not be required before a purchase is made.
Products that are Low-Impact must still be secure and accessible. It is the responsibility of campus departments to gather all necessary accessibility information, maintain required documentation, and consult with ICT Compliance regarding exceptions to the standards. The ICT review team will be conducting periodic audits to check this information. The ICT review team will provide guidance to departments so that they can ensure the product or service meets applicable policies and regulations in the future.
- Roles and responsibilities of the requestor, supplier, and the ICT review team on the Roles and Responsibilities page
- Differences between High and Low-Impact Requisitions on the Frequently Asked Questions page
- What to expect during the ICT Review Process on the Submit Request for Review page
Once the accessibility and security reviews have been completed, the CU Requestor will be notified if the requisition has been approved or denied. The CU Requestor will also be notified if any security or accessibility issues need to be resolved, if more information is needed, or if the contract language has to be negotiated.
If more than one product is available that meets the needs of the department or college, the purchaser should consider the one that best meets CU's security and accessibility standards.
In some cases an exception may be granted by a Security Risk Acceptance or the ICT Accessibility Review Board (ICTARB) when secure or accessible products are not yet available. Exceptions are narrowly tailored, limited in duration, and should describe the method through which equally effective alternative access will be provided.
Requests for accessibility exceptions must be made in writing and submitted to the ICTARB for review as defined in the ICT Accessibility Standards exception review process. Exceptions are discouraged and should be requested only when truly necessary. All exception requests and determinations will be made on a case-by-case basis. For more information regarding exception requests please contact the ICT review team.
ICT Review Process Benefits
- Implementing security standards and eliminating access barriers in ICT benefits all users associated with the University. For example, providing captioned videos can help students with differing learning styles or English as a Second Language (ESL) learners, which allow for a more diverse learning community. Providing fully accessible, tagged PDF and digital files help students who want to best utilize mobile and computer-based solutions (e.g., give ability to annotate, highlight digital content, generate study guides), while keeping the University a leader in security, accessibility and technology overall.
- The cost to provide accommodations for students, faculty, staff, or the general public often can be reduced or even eliminated by considering accessibility at the time of purchase.
- Increasingly, universities across the country are facing legal challenges stemming from user complaints about inaccessible websites, instructional materials, and/or products or services. Settlements have resulted in schools undertaking major initiatives (like the CU Boulder Accessibility Initiative), often at high cost and in a shortened time line, to reach compliance.
- Ensuring secure features and practices are in place up front reduces the risk of possible malicious data security attacks or accidental data loss.
Timing of ICT Review Process
Requestors should plan in advance for these reviews to be conducted. Initial determination whether a requisition is considered high or low impact will be made in 2 business days. High-Impact requisitions may take up to 2-8 weeks, based on the depth of the review required and the supplier responsiveness.
- Requisitions that are considered high impact in either accessibility or security may still take up to eight weeks to complete the compliance review process.
- ICT Accessibility and Security reviews are only one part of the entire procurement process required by the Purchasing Service Center (PSC). Additional time may be needed by the PSC to complete the requisition