Body
Audience: Staff who make or request purchases
Responsible Group: Accessibility Review
Overview
To ensure that all technology purchases meet federal, state and board requirements for cybersecurity and accessibility, departments and requestors are required to submit vendor cybersecurity and accessibility documentation for review before sending to legal review or purchasing the product through PCard, Requisitions or Supplier Contracts in Workday.
Staff members should request both a Higher Education Community Vendor Assessment Toolkit (HECVAT) and a Voluntary Product Accessibility Template (VPAT), also known as an Accessibility Conformance Report (ACR), from the vendor.
The university has teams who review these documents to ensure they meet regulations and that we are providing a safe and accessible experience for our campus community.
This is a new process that you will encounter when submitting requisitions in Workday for IT related purchases. As our vendor/software database grows, the process should become more streamlined, especially with renewals. Details on this process are provided below.
To avoid purchase delays, please collect and submit these documents as early as possible. If you collect and submit these forms at the start of the quote process, it can help to reduce purchasing delays. The review process can take 1 to 2 weeks, so please plan accordingly when making IT purchases.
Note:
- All IT purchases must undergo a cybersecurity and accessibility review before the purchase can be completed.
- HECVATs and VPAT/ACRs should be relevant and up to date for each purchase, including all renewals.
- HECVATs and VPAT/ACRs are needed for each individual product being purchased by a vendor.
Process
Link to text version of HECVAT & VPAT Process.
Updating this article
If this article needs to be updated, please leave feedback on this article and it will notify the owner of the article.
Review forms