Office of Information Technology

Tech Adoption Questions

A list of questions ITS may ask you during a Tech Adoption request. Note that not all questions apply to every request.
  1. Have you obtained leadership approval and if so, from whom?
  2. Is there anyone else that will be involved?
  3. What data needs to be migrated and from where?
  4. Will we need to host it on campus, or is it a cloud service?
  5. Who will administer the software?
  6. How will support be handled? (break / fix, troubleshooting, how-to)?
  7. Contracts:
    1. Who has reviewed the contract?
    2. Do you need negotiation assistance?
    3. Are there any perks the vendor is willing to offer?
  8. Integrations:
    1. Which type of single sign on does it use? (SAML, CAS, ADFS, etc)
    2. Which campus systems will it need data from and/or integration with? (Banner, Slate, etc.)
  9. Implementation:
    1. How will implementation be handled?
    2. Who will be the project manager/primary contact?
    3. How long will it take to implement?
    4. What is the proposed timeline?
    5. When do you want it to start?
  10. Vendor Security:
    1. How are roles and permissions handled? Do they offer role-based access control for users and administrators?
    2. Where are the data centers located?
    3. Is data encrypted:? If so, is it done at rest or in transit?
    4. Who owns the data and how can we get it out if we need it?
    5. Do they have a disaster recovery plan? If so, does that plan include CC data recovery, or just vendor software recovery? If they exist, where are DR site located and do they have multiple region failover?
    6. Do vendor employees ever have access to CC data? If so, what data and under what circumstances?
    7. Are third-party assessments done?
    8. Does the vendor have a dedicated security staff?
  11. Data governance (need to know the vendor’s policies on the following items):
    1. What kind of data is in it?
    2. Will the system contain Sensitive data?
    3. Will HIPAA or FERPA protected data be shared?
    4. Does it comply with GDPR?
    5. If the application must contain student, faculty, or staff data, can the system use a unique identifier (an ID number, for example) that is not the individual’s email address?
  12. Other regulations:
    1. What are the data retention practices in the new application?
    2. Will there be any financial transactions (like taking credit card payments)?
    3. Is there a Voluntary Product Accessibility Template (VPAT) document outlining the application’s accessibility/ADA compliance?
Report an issue - Last updated: 03/29/2022