Roles and Responsibilities

NCSU Requestor (Customer) Responsibilities

• Completes the IT Purchase Compliance review form.  It is highly encouraged that the requestor also complete the Pre-Assessment to get a better idea of what will be required.
• Requests the vendor to provide everything necessary to conduct the review.  This may include security questionnaires, access to software for testing, certification documentation, etc..
• Ensures only required data elements are included in the request.
• Provides information on how access controls will be implemented.

Vendor Responsibilities

• Completes all questionnaires and provides information needed to conduct the review.
• If the product is partially compliant, Vendors will also need to provide a roadmap addressing gaps, remediation plan timelines and interim workarounds while remediation is in progress.

NCSU Reviewer Responsibilities

• Information Security Risk & Assurance – validates security compliance standards and obtains Data Steward approval.
• IT Accessibility – tests environment to ensure it complies with accessibility and usability standards
• University Controller’s Office – validates PCI standards for purchases that will accept electronic payments
• Enterprise Application Services – tests for compatibility prior to any integration  with NC State enterprise systems
• Google Service Team – validates the product does not generate spam
• Software Licensing Management – manages the IT Purchase Compliance process, conducts vendor screening and processes necessary NDAs and  BAAs