New Application Vendor Process

ITS is responsible for maintaining and securing the computing resources at Eckerd College.  All technology purchases (hardware/software/services) must be submitted to ITS for pricing and purchase approval.  ITS will ensure proper discounts are applied and ensure that the items purchased are compatible with the campus environment. 

You can get started with this process by emailing ITS or opening a ticket - here's the information we need from your vendor.

Checklist

The vendor should be able answer these questions:

• Can you provide a Voluntary Product Accessibility Template (VPAT)? If not, how do you address Accessibility concerns?

• Can you provide your Privacy, Security, and Data Retention policies?

• Can you provide a Higher Education Community Vendor Assessment Tool (HECVAT) assessment?

• Do you support Single Sign-On (SSO), and if so, what methods do you support?

• Is this application installed by the user, hosted by the vendor, or Software-as-a-Service (SaaS)? Where are your servers hosted?

• How is the product licensed?

• If this system will track European students, does it comply with GDPR?

• Can the vendor system automatically purge data based on a document retention policy (5 years, 7 years, etc)?

More About These Requirements..

Accessibility

College services must comply with the Americans with Disabilities Act (ADA). https://www.ada.gov/

Eckerd College's Accessibility policy is here: https://www.eckerd.edu/accessibility/

Privacy, Security, Data Retention

The vendor should be able to provide their publicly-posted privacy and security policies. We are obligated by state and federal law to protect personally identifying information and student records, and the vendor should be able to describe how it protects this data, who it shares it with, how long it retains it, and how it protects it against business interruptions.

In addition, they should be able to explain how they would respond to a documentation hold request in the case of litigation.

This is Eckerd College's Privacy Policy.  

Single Sign-On

ITS policy requires that we use SSO whenever it available because it is a security best practice and provides a superior user experience.

The vendor should be able to provide a list of supported SSO methods (SAML, InCommon Federation, OAuth, etc.) and configuration instructions for ITS to use during implementation.

Hosting

The vendor should be able to describe where and how this application will run, and provide a Business Continuity plan in case of a natural disaster or other business-impacting event. Here are some ways applications are hosted:

• On-Premise: the vendor provides software that we (ITS) will install and run.

• Hosted: the vendor installs and runs the software on their equipment, but ITS maintains it

• Software-as-a-Service (SaaS): All functions are performed by the vendor. This is the most common version of Application Hosting.

Interface Requirements

What kind of data needs to be exchanged between this new application and other campus systems, such as Banner?

• What information needs to be exchanged in to or out of this system from Eckerd's Student Information, Customer Resource Manager, or Enterprise Resource Planning systems?

• What transport mechanism will be used (examples: scp, sftp, csv files, restFUL services)?