Roles and Responsibilities

NCSU Requestor (Customer) Responsibilities

  • Completes the IT Purchase Compliance review form.  It is highly encouraged that the requestor also complete the Pre-Assessment to get a better idea of what will be required.
  • Requests the vendor to provide everything necessary to conduct the review.  This may include security questionnaires, access to software for testing, certification documentation, etc..
  • Ensures only required data elements are included in the request.
  • Provides information on how access controls will be implemented.


Vendor Responsibilities

  • Completes all questionnaires and provides information needed to conduct the review.
  • If the product is partially compliant, Vendors will also need to provide a roadmap addressing gaps, remediation plan timelines and interim workarounds while remediation is in progress.


NCSU Reviewer Responsibilities