Technology Acquisition Review Request

Technology acquisitions, purchased or obtained at no cost, must be reviewed for accessibility and security compliance. The amount of time the review takes depends on the complexity of the acquisition. Requests will receive a response within one week. Please see the Technology Acquisition Review guide for more infomation about the TAR process. If your acquisiton is not on the pre-approved list complete this form to begin the review process.

Pre-approved technologies

The following pre-approved technologies that do not require review because they are either excluded or have already completed Information Security and ATI reviews. If a preapproved campus standard technology provides equivalent functionality it should be used.

Digital Content

Information purchased for SF State use:

  • Fonts
  • Images/photographs
  • Music
  • Text based information/data

Cloud Services

Standard cloud services licensed for campus-wide SF State use. Requests to evaluate alternative solutions to standard cloud services must document why the campus standards cannot be used.

  • Qualtrics survey platform – replaces SurveyMonkey and WuFoo
  • Box cloud storage – replaces DropBox, iCloud, Amazon, Google drive
  • Zoom videoconferencing – replaces GoToMeeting

Software

Products listed below are site licensed and available for campus owned equipment and some offer work at home use

  • Microsoft Office – includes Word, Excel, PowerPoint, Outlook, Access, OneNote
  • Adobe Creative Cloud (includes Acrobat Professional, Photoshop and other products)
  • SPSS
  • SAS
  • Minitab
  • Mathematica
  • McAfee
  • Current MacOS and Windows operating systems

Products listed below must be purchased/licensed by the requestor

  • Microsoft Project
  • Microsoft Visio
  • Matlab

Hardware

  • Laptop and desktop computers:

        Apple: MacBook, MacBook Pro, MacBook Air, iMac

        Dell: Latitude 7000 series, Precision 5000 series, Optiplex 7000 series, XPS

Note: Acquisitions of 20 or more computers must complete a TAR unless they are ordered as a part of the annual campus refresh.

  • Adapters and cables
  • Batteries
  • Cameras and webcams that do not store or access sensitive information
  • Digital voice recorders
  • Displays/TVs/Monitors that are not Internet ready
  • Dongles and adapters
  • Docking Station/Port Replicators
  • Headphones and headsets
  • Keyboards
  • Memory (RAM)
  • Mice, trackballs and trackpads
  • Scanners that are not Internet ready
  • Tablets: Microsoft Surface, iPad, iPod touch and Android that do not store confidential information
  • Sound cards
  • Speakers
  • Storage that is not networked and not used for level 1 data
  • Uninterruptible Power Supplies (UPS)
  • USB hubs
  • Video cards

Supplies

  • Paper
  • Fusers
  • Toner
  • Ink
  • USB drives, disks and tapes that do not store sensitive level 1 data

Maintenance, support, repairs, and renewals

TAR reviews do not need to be requested for maintenance, support, repairs, or renewals where the following conditions are met:

  • The scope of deployment has not changed
  • There are no changes to functionality
  • The manufacturer provides security updates that have been applied
  • Replacement parts are the same or similar to the part being replaced

This list is updated frequently. If you believe that an item belongs on this preapproved list, please contact security@sfsu.edu and access@sfsu.edu.

To expedite the accessibility and security assessments, please provide descriptive responses that explain the maximum planned deployment of the technology.

 


Contact Information

The contact should be the individual who is most knowledgeable about the technology being acquired.


Technology Details

 

 


User Information

Please respond indicating the maximum planned deployment of the technology.

 


Authentication Information

 

 

 


Confidential Data Information

SF State must protect all sensitive information stored or transferred. The examples provided are not a complete list of sensitive data elements. For information on sensitive data types, please see What is Confidential Data?

  • Level 1 information requires the highest level of security – Examples: passwords, credit cards, social security numbers, drivers license, health records
  • Level 2 information must be protected for proprietary, ethical, or privacy reasons – Examples: birthday, address, phone number, student and employee records