The Software and Services Selection Process (SSSP) allows IU departments, schools, and units to request to purchase information technology software or services while minimizing threats to the institutional data that they might interact with. It is used before any new software or service is developed or purchased.
If the product includes personally identifiable information (PII) about our students, employees, patients, alumni, etc. and falls under the data classification of restricted or critical data, the unit may also need to:
- Have the vendor complete the HECVAT assessment and send to uisorisk@iu.edu. This documents how the vendor meets industry security standards.
- Complete the Third-party assessment (3PA) request form to consult with University Information Policy & Security Offices and the Data Stewards.