Technology Acquisition Review (TAR) Tips

If there is any doubt about whether a TAR is necessary or not, please submit a TAR.

For questions regarding TARs, please do not contact individual analysts who may be out of the office. Please contact the security team at

Keep your eyes on your inbox. After the request for a TAR security review has been assigned, the ITS Security Team usually responds within 24 hours with approval or questions.

  • Most subsequent delays are the result of customers not responding to our questions.

Maintain Open Channels of Communication

  • Even if you don't have the answers to all our questions, kindly let us know that you're investigating and provide a timeline for getting back to us. In other words, please let the ITS Security team know if there will be any delays in communication when submitting a TAR.

Before making a TAR submission that involves sensitive SF State data (e.g. Level 1 or Level 2) in a cloud service, please acquire the necessary documentation around such a request before launching the TAR process.

Don’t submit a TAR if you’re going to be out of the office following the submission.

  • Open and responsive communication channels go a long way toward expedient processing.

Ensure the best person to answer the required questions submits the TAR.

  • It would be helpful if the person with the deepest understanding of technology conducts the submission. This will minimize impact and help to move the TAR through faster.

Providing Incomplete Information/Description of the Technology Requested

  • Please ensure all information regarding the requested technology is provided so that subsequent data requests are not required. This will minimize impact and help to move the TAR through faster.