Policy

The Information Communication Technology (ICT) Review process is part of CU Boulder’s commitment to making the resources and tools used on campus accessible and secure. ​There are two main areas assessed as part of ICT Procurement Review: Accessibility Risk and Information Security Risk.

CU Accessibility Policy 

In accordance with the CU Boulder Accessibility of Information and Communication Technology policy and standards, any Information Communication Technology (ICT) products and services that the University buys, creates, uses and maintains must be reviewed and made accessible in compliance with University standards and Federal requirements.

Federal Laws, Regulations, and Standards for Accessibility 

The Americans with Disabilities Act of 1990 (ADA)
The ADA prohibits discrimination and ensures equal opportunity for persons with disabilities in employment, State and local government services, public accommodations, commercial facilities, and transportation.  The current text of the ADA includes changes made by the ADA Amendments Act of 2008 (P.L. 110-325), which became effective on January 1, 2009.

Section 504 of the Rehabilitation Act of 1973
The Rehabilitation Act is a civil rights law that prohibits discrimination on the basis of disability in programs and activities, public or private, that receive federal financial assistance. Section 504 does not provide funding for special education or related services, but it does permit the federal government to take funding away from programs that do not comply with the law.

Section 508 of the Rehabilitation Act
Section 508 was enacted to eliminate barriers in information technology, open new opportunities for people with disabilities, and encourage development of technologies that will help achieve these goals. The law applies to all Federal agencies when they develop, procure, maintain, or use electronic and information technology.

21st Century Communications and Video Accessibility Act (CVAA) 
This updates federal communications law (2010) to increase the access of persons with disabilities to modern communications. The CVAA makes sure that accessibility laws enacted in the 1980s and 1990s are brought up to date with 21st-century technologies, including new digital, broadband, and mobile innovations.

World Wide Web Consortium's Web Content Accessibility Guidelines (WCAG)
These guidelines were developed in cooperation with individuals and organizations around the world with the goal of providing a single shared standard for web content accessibility that meets the needs of individuals, organizations, and governments internationally.

Security Policy

The security review ensures a supplier's products and services meet the University’s technological standards, have been vetted for security features by the University or an authorized third party, and are capable of protecting University data at all times.

This audit of products and services is designed to ensure vendors meet the highest security standard in the following areas: 

• Standards for Security Controls in Purchasing
• CU Data Classification Guide
• The Family Educational Rights and Privacy Act (FERPA)
• Health Insurance Portability and Accountability Act (HIPAA)
• Payment Card Industry Data Security Standards (PCIDSS)
• System-wide High Impact and Baseline Security Standards