Before developing or purchasing any new software or services, a unit must go through the Software and Services Selection Process (SSSP). The process is used for requesting information technology software and/or services related to the use of any software, storage, or applications intended for creating, processing, storing, securing, or exchange of electronic data. For more information about the process, see the IU Knowledge Base (IU Login required).
If the product will include personally identifiable information (PII) about our students, employees, patients, alumni, etc. and falls under the data classification of restricted or critical data, the unit may also be required to have the:
- Vendor complete the HECVAT LITE assessment and send to uisorisk@iu.edu. This will document how the vendor meets industry security standards.
- Unit requestor complete the Third party assessment (3PA) request form to consult with UIPO, the Data stewards, and UISO.