Technology Compliance Review (formerly Product Review Process)

Technology products are reviewed before acquiring to ensure compliance and compatibility with WMU information systems, infrastructure, accessibility, and security policies as well as other rules and guidelines for successful implementation. The Technology Compliance Review helps to ensure that the technology being reviewed and WMU are well integrated and systems are effectively used across organizational boundaries to support evidence-based decision-making at the University. The IT acquisition policy defines the different levels of review and control, depending on the type of information system contemplated for acquisition. The Office of Information Technology ensures that the products will work within the University's computing and network architecture.

If you are requesting the use of technology that has already been approved for use in another area, a technology compliance review request must still be submitted. You may be exempted from additional paperwork, but the request is required.

The technology compliance review will be followed when the acquisition of information technology software or hardware:

• Uses University resources and/or University funds (i.e. general fund, designated funds, grant and/or donor funds, etc), or
• That manages data for core business functions of the University that require integration (enterprise system), or
• That manages data and/or performs specific functions and is integrated with an enterprise system (enterprise support system), or
• Principally supports one department, unit, or function and requires minimal integration, or
• That is an infrastructure system and largely managed by IT.

See the process workflow.

If the product being considered is an emerging technology for general purpose classrooms, follow the emerging technology adoption process.

View Compliance Review FAQ

Step 1

• Review the IT acquisition policy to determine the product category.
• Submit a technology compliance review request. You will be taken to ITDirect for login with your Bronco NetID and password.
  This form alerts IT that an acquisition is being considered and provides basic information about the considered product.
• Working with your unit IT support person/LAN manager, submit the technology compliance review checklist by replying to the work order confirmation email that you receive from ITDirect and attaching the file.
  This checklist provides more details regarding technical aspects of the product, vendor, data specifications, data security and administration support, testing, and accessibility of the product.

If the product is a cloud/software as a service

• Work with your unit IT support person/LAN manager and the product vendor to submit the Cloud Vendor Assessment by replying to the work order confirmation email that you receive from ITDirect and attaching the file.
• This assessment is required for products that utilize software as a service and/or cloud computing.
• Departments that are considering the use of such products must be aware of the University's cloud computing policy regarding that use and the importance of maintaining the security of University data.

If the product is used to produce online or instructional content

• Review the University's web accessibility policy to ensure compliance with the Web Content Accessibility Guidelines 2.0, level AA.
• Work with the vendor to obtain a Voluntary Product Accessibility Template - VPAT - report, which demonstrates that the product meets WCAG 2.0 (AA).
• If the vendor cannot produce a VPAT, work with the web accessibility coordinator to submit an exception request to the web accessibility committee.

If the product requires a contract

• Review and submit the Contracts for Goods and Services Review Checklist.
  The guide explains the importance of completing a thorough contract review for any binding obligations for WMU individuals or departments. It includes the individual's responsibilities, a routing table for the various type of contracts, and proper contract management. The completion of the checklist is required for any contracts requiring an authorized University personnel signature.

Step 2

• IT reviews the forms and documents submitted by the requestor, unit IT support, and vendor to determine the review type required.
• Business Services reviews the contract review checklist and provides feedback directly to the requestor.
• If clarification of submitted information is required, IT will request a meeting. 
• IT will contact the appropriate data steward(s) for consideration of the data integration potential, if appropriate.
• If the product is an enterprise system or enterprise support system, a pre-proposal is prepared jointly by IT and the requester (see step 3).
• If the products are not defined as an enterprise or enterprise support system, proceed to step 3a.

Step 3 (Enterprise system or enterprise support system)

• A pre-proposal is prepared jointly by IT and the requester. See pre-proposal template.
• Pre-proposal is submitted to the IT Executive Advisory Board, one week in advance of their next meeting in time to contact the requester with any questions.

Step 3A (Enterprise support system/unit support systems/infrastructure systems)

• IT prepares a decision summary including pertinent information received, recommendations, and next steps.
• In the case of conditional approval, the requester is responsible for following up with IT to determine acceptable solutions and outcomes.
• For an enterprise support system, IT may be required to contact the appropriate data steward and communicate status with the IT Executive Advisory Board.
• The process is complete after this step.

Step 4 (Enterprise system or enterprise support system)

• IT Executive Advisory Board discusses the pre-proposal and provides feedback regarding the strategic value and data integration potential.
• If necessary, the board will also make the final determination if the acquisition constitutes an enterprise system, thus requiring it to proceed with final advisory board approval.
• If the acquisition has been determined to be an enterprise support system, proceed to step 3A.

Step 5 (Enterprise system)

For acquisitions determined to be enterprise systems, information regarding the proposed acquisition will be made available on the data and systems governance site and other venues described in the proposed communication plan to obtain University community (e.g. Educational Technology Committee, the Faculty Senate Academic and Information Technology Council and other constituent groups) feedback and endorsement.

Step 6 (Enterprise system)

• In preparation for the final approval by the IT Executive Advisory Board, the pre-proposal expanded to include the additional items required for the final project proposal template
• IT will work with the requester to establish which board meeting date will be the most appropriate for final approval.
• Final product proposal (no more than 10 pages) is sent to the advisory board, one week in advance of the meeting, for review and opportunity to contact the requester with any questions before the meeting.
• IT will prepare a decision summary including the pertinent information received, recommendations, and next steps. This will be sent with the final product proposal to the advisory board, before the meeting.

Step 7 (Enterprise system)

The IT Executive Advisory Board reviews the final product proposal and votes on the proposed acquisition at the scheduled meeting.

Additional forms and information

• Information technology acquisition policy
• University classification system
• Technology compliance review status
• Project management processes and templates