Before developing or purchasing any new software or services, a unit must go through the Software and Services Selection Process (SSSP). The process is used for requesting information technology software and/or services related to the use of any software, storage, or applications intended for creating, processing, storing, securing, or exchange of electronic data.
If the product includes personally identifiable information (PII) about our students, employees, patients, alumni, etc. and falls under the data classification of restricted or critical data, the unit may also be required to have the:
- Vendor complete the HECVAT LITE assessment and send to uisorisk@iu.edu. This will document how the vendor meets industry security standards.
- Unit requestor complete the Third party assessment (3PA) request form to consult with University Information Policy & Security Offices and the Data Stewards.