NCSU Requestor (Customer) Responsibilities
- Completes the IT Purchase Compliance review form. It is highly encouraged the the requestor also complete the Pre-Assessment to get a better idea of what will be required.
- Requests the vendor to provide everything necessary to conduct the review. This may include security questionnaires, access to software for testing, certification documentation, etc..
- Obtains Data Steward approval if applicable
- Completes all questionnaires and provides information needed to conduct the review.
- If the product is partially compliant, Vendors will also need to provide a roadmap addressing gaps, remediation plan timelines and interim workarounds while remediation is in progress.
NCSU Reviewer Responsibilities
- Information Security Risk & Assurance – validates security compliance standards
- IT Accessibility – tests environment to ensure it complies with accessibility and usability standards
- University Controller’s Office – validates PCI standards for purchases that will accept electronic payments
- Enterprise Application Services – tests for compatibility prior to any integration with NC State enterprise systems
- Google Service Team – validates the product does not generate spam
- Software Licensing Management – manages the IT Purchase Compliance process, conducts vendor screening and processes necessary NDAs and BAAs