NCSU Requestor (Customer) Responsibilities
- Completes the IT Purchase Compliance review form. It is highly encouraged that the requestor also complete the Pre-Assessment to get a better idea of what will be required.
- Requests the vendor to provide everything necessary to conduct the review. This may include security questionnaires, access to software for testing, certification documentation, etc..
- Ensures only required data elements are included in the request.
- Provides information on how access controls will be implemented.
- Completes all questionnaires and provides information needed to conduct the review.
- If the product is partially compliant, Vendors will also need to provide a roadmap addressing gaps, remediation plan timelines and interim workarounds while remediation is in progress.
NCSU Reviewer Responsibilities
- Information Security Risk & Assurance – validates security compliance standards and obtains Data Steward approval.
- IT Accessibility – tests environment to ensure it complies with accessibility and usability standards
- University Controller’s Office – validates PCI standards for purchases that will accept electronic payments
- Enterprise Application Services – tests for compatibility prior to any integration with NC State enterprise systems
- Google Service Team – validates the product does not generate spam
- Software Licensing Management – manages the IT Purchase Compliance process, conducts vendor screening and processes necessary NDAs and BAAs