Technology Acquisition Review

×

Warning message

Submissions for this form are closed.

SF State technology acquisitions, whether purchased or free, are required to be reviewed for operational support, accessibility and information security requirements prior to acquisition and use.

All technology purchases require a completed TAR approving the acquisition. In the case of pre-approved technology, the required TAR process has already occurred.  

Services involving an IT component, such as consulting services requiring access to the University systems and/or data, also require a TAR to be completed. 

TARs are used to (1) reduce IT costs by leveraging existing technology purchases and contracts; (2) determine whether technology meets CSU/ campus standards (3) meet compliance requirements with CSU policies and SF State practice directives, e.g. accessibility and IT security which helps to reduce the risk of data breaches resulting in harm to CSU or individuals and any damages arising out of these breaches, and (4) ensure campus resources are available to support the chosen technology.

Timeline for TAR and Purchasing Process

The timeline to complete a TAR review is estimated at a minimum of 10 business days. Complex review cases may require additional time to review. TAR reviews should be requested in advance to minimize acquisition delays.

Please note, the completion of the TAR review is a pre-requisite of the purchasing process and does not include the purchase. 

  • Support and service level models needed
  • Integrations
  • IT process alignment
  • Identifying potential redundant technology
  • Identification of timing constraints, if applicable

If Campus IT Support does not approve the TAR sub ticket, the acquisition may not move forward.

  • Indicate additional compensating controls, if needed, and determine if supplemental IT contractual terms are necessary

If the request does not pass the security review, the acquisition may not move forward.

If the request does not pass the accessibility review, the acquisition may not move forward.

When Phases 1 and 2 have been completed and approved, the requesting department provides the TAR number and other pertinent information to the Procurement department by submitting a requisition. Purchases allowable on P-Card require the TAR to be completed in advance of the purchase and the TAR number (e.g. RITMXXXXX) to be submitted at the time of P-Card reconciliation.

P-Card use is only allowed for TAR approved hardware purchases under $5,000.

Please note, an approved TAR is not a guarantee that the product or service can be purchased. 

The University is required to apply CSU terms -in some cases supplemental IT terms as determined by Phase 2a- to their purchases. In addition, vendor terms and conditions may require review and negotiation. This phase can be time-consuming. Follow-ups can be directed to procurement@sfsu.edu after a minimum of 10 business days after the requisition has been received by the Procurement department.

Timelines for completion depend on complexity, responsiveness of vendor and workload. 

If contract and/or terms cannot be agreed upon with the vendor, end users may have to consider a different product/vendor to meet their needs.  

Getting started with a request

Step 1: Check for pre-approved technology

Pre-approved technology has been previously approved and does not require a new TAR. Please use pre-approved technology whenever possible. Check the pre-approved list

Step 2: Make sure a review is needed

TARs are specific to the individual use case.

A TAR is required even if: 

  • Another department has an approved TAR
  • Another CSU campus has already acquired the technology
  • The purchase will use CSU Master Enabling Agreements (MEAs) or Master Pricing Agreements (MPAs)
  • A TAR was submitted previously but the Scope of Work or technology has changed, or your TAR has not been updated in the past 3 years 
  • Technology is a cloud service to send emails, newsletters, or ads on behalf of SF State.
  • Drones - also need approval from the University Uncrewed Aircraft Vehicle Review Board (UARB) after purchase. Requestor must contact the UARB for permission to use the drone.
  • It is for Domain Registration Services (initial requests and renewals) 

Use the Online Instruction/Virtual Event rubric below to determine if a TAR is required

Online Instruction/Virtual Event rubric

Who is Attending? 

How Many Attendees?

TAR Required?

Staff

up to 20 employees

No

Staff

over 20 employees

Yes

Students

any

Yes

Combination of
Staff and Students

any

Yes

A note about software/IT service renewals: If you are renewing an existing approved software/IT service (with no changes to technology/service) and you have an approved TAR, the TAR requires an update every third year.  You are required to provide the approved TAR number in the comments section (e.g. RITMXXXXX) when you submit the requisition for purchase.     

Step 3: Requesting a TAR

  1. Determine who will be making the request. Ideally, the requestor (contact) should be the SF State faculty or staff member who is the most knowledgeable about the technology being reviewed (end user). 
  2. Gather documentation for the technology or service
  3. Complete the TAR Form in ServiceNow

Submit TAR Request