Procurement and the ISO

Questions about procurement?

If you have specific questions about a current request, please contact Procurement and Strategic Sourcing first. They will be able to more quickly assist you and track your procurement issues in the ticket management system.

Security Assessment

Security Assessment

The Security Assessment form is designed to ask you the most relevant questions about the software or service in question. Depending on the specific service being requested and the context of the request, it may require a full evaluation to further determine its risk profile. 


If you are considering purchasing new software for use on the university network, please be aware that potential vendors may be required to complete a HECVAT (Higher Education Cloud Vendor Assessment Toolkit) in order to be considered for purchase. See UPPS 04.01.11 ยง05.02 for more details. You can read more about the HECVAT on the Educause website.

HECVAT image

Assessing ISO Involvement

Depending on the scope and risk associated with any given purchase, the ISO might be involved in several aspects of the procurement process. It is important that faculty and staff seeking to purchase items or procure services do so according to policy and procedure. Please read the Resources page, a collection of instructional documents, visual aides, and informational source links, both internal and external to assist you in the procurement, provided by Financial Services. 

Purchasing for IT

If you are purchasing hardware, software, or services then IT Business Operations might need to be involved. They provide leadership for management and coordination of business and administrative affairs for the IT Division unit heads, including budgeting and financial management, operations and programs, and personnel administration.