New Application Vendor Process

ITS is responsible for maintaining and securing the computing resources at Eckerd College. All technology purchases (hardware/software/services) must be submitted to ITS for pricing and purchase approval. ITS will ensure proper discounts are applied and ensure that the items purchased are compatible with the campus environment.

You can get started with this process by emailing ITS or opening a ticket. Listed below is the necessary information required for the vendor to provide.

Checklist

The vendor should be able answer these questions:

Can you provide a Voluntary Product Accessibility Template (VPAT)? If not, how do you address accessibility concerns?
Can you provide your Privacy, Security, and Data Retention policies?
Can you provide a Higher Education Community Vendor Assessment Tool (HECVAT) assessment?
Does your product/service support Single Sign-On (SSO)? If so, what methods do you support?
Is this application installed by the user, hosted by the vendor, or Software-as-a-Service (SaaS)? Where are your servers hosted?
How is the product licensed?
If this system will track European students, does it comply with GDPR?
Can the vendor system automatically purge data based on a document retention policy (5 years, 7 years, etc)?

Additional Requirement guidelines:

Accessibility

College services must comply with the Americans with Disabilities Act (ADA). Visit this website for more information.

Click here to read further on Eckerd College's Accessibility policy.

Privacy, Security, Data Retention

The vendor should be able to provide their publicly-posted privacy and security policies. We are obligated by state and federal law to protect personally-identifying information and student records, and the vendor should be able to describe the following: how the service protects this data, who it shares it with, how long it retains it, and how it protects it against business interruptions.

In addition, they should be able to explain how they would respond to a documentation hold request in the case of litigation.

Click here to read further on Eckerd College's Privacy Policy.

Single Sign-On

ITS policy requires that we use SSO whenever available, as this means of log in provides heightened security and a superior user experience.

The vendor should be able to provide a list of supported SSO methods (SAML, InCommon Federation, OAuth, etc.) and configuration instructions for ITS to use during implementation.

Hosting

The vendor should be able to describe where and how this application will run, and provide a Business Continuity Plan in case of a natural disaster or other business-interrupting event. Below are some methods as to how business may be maintained in the course of unforeseen circumstances:

On-Premise: the vendor provides software that we (ITS) will install and run.
Hosted: the vendor installs and runs the software on their equipment, but ITS maintains it.
Software-as-a-Service (SaaS): all functions are performed by the vendor. This is the most common version of Application Hosting.

Interface Requirements

What kind of data needs to be exchanged between this new application and other campus systems, such as Banner?

What information needs to be exchanged in to or out of this system from Eckerd's Student Information, Customer Resource Manager, or Enterprise Resource Planning systems?
What transport mechanism will be used (examples: SCP, SFTP, CSV files, restFUL services)?

Report abuse