Technology Compliance Review (formerly Product Review Process)

Technology products are reviewed before acquiring to ensure compliance and compatibility with WMU information systems, infrastructure, accessibility, and security policies as well as other rules and guidelines for successful implementation. The Technology Compliance Review helps to ensure that the technology being reviewed and WMU are well integrated and systems are effectively used across organizational boundaries to support evidence-based decision-making at the University. The IT acquisition policy defines the different levels of review and control, depending on the type of information system contemplated for acquisition. The Office of Information Technology ensures that the products will work within the University's computing and network architecture.

If you are requesting the use of technology that has already been approved for use in another area, a technology compliance review request must still be submitted. You may be exempted from additional paperwork, but the request is required.

The technology compliance review will be followed when the acquisition of information technology software or hardware:

  • Uses University resources and/or University funds (i.e. general fund, designated funds, grant and/or donor funds, etc), or
  • That manages data for core business functions of the University that require integration (enterprise system), or
  • That manages data and/or performs specific functions and is integrated with an enterprise system (enterprise support system), or
  • Principally supports one department, unit, or function and requires minimal integration, or
  • That is an infrastructure system and largely managed by IT.

See the process workflow.

View Compliance Review FAQ

Step 1 - Review Policies & Gather necessary Documentation

  • Review the IT acquisition policy to determine the product category.
  • Working with your unit IT support person/LAN manager, complete the technology compliance review checklist. This checklist provides more details regarding technical aspects of the product, vendor, data specifications, data security and administration support, testing, and accessibility of the product.

If the product is a cloud/software as a service

  • Work with your unit IT support person/LAN manager and the product vendor to submit the Cloud Vendor Assessment by replying to the work order confirmation email that you receive from ITDirect and attaching the file.
  • This assessment is required for products that utilize software as a service and/or cloud computing.
  • Departments that are considering the use of such products must be aware of the University's cloud computing policy regarding that use and the importance of maintaining the security of University data.

If the product is used to produce online or instructional content

If the product requires a contract

Review and submit the Contracts for Goods and Services Review Checklist.
The guide explains the importance of completing a thorough contract review for any binding obligations for WMU individuals or departments. It includes the individual's responsibilities, a routing table for the various type of contracts, and proper contract management. The completion of the checklist is required for any contracts requiring an authorized University personnel signature.

Step 2 - Submit the Technology Compliance Review Request

Submit a technology compliance review request, attaching all documentation during submission completed in Step 1 including the Technology Compliance Review Checklist and conditional documentation such as the Cloud Vendor Assessment (HECVAT), Voluntary Product Accessibility Template (VPAT) and response from Business Services regarding the contract review. Please do not submit the request until you have all documentation ready for the review.
This form alerts IT that an acquisition is being considered and provides basic information about the considered product.

 Step 3 - Review

The following procure will take place once a review request is submitted:

  1. IT reviews the forms and documents submitted by the requestor, unit IT support, and vendor to determine the review type required.
  2. If clarification of submitted information is required, IT will request a meeting. 
  3. IT will contact the appropriate data steward(s) for consideration of the data integration potential, if appropriate.
  4. Conditional upon the type of system, the following steps will occur once the review request is submitted. See the University classification system to determine the type of system the product will be reviewed as.

Unit Support and Infrastructure Systems

  1. IT prepares a decision summary including pertinent information received, recommendations, and next steps.
  2. In the case of conditional approval, the requester is responsible for following up with IT to determine acceptable solutions and outcomes.

Enterprise Support System

  1. A pre-proposal is prepared jointly by IT and the requester. See pre-proposal template.
  2. Pre-proposal is submitted to the IT Executive Advisory Board, one week in advance of their next meeting in time to contact the requester with any questions.
  3. IT Executive Advisory Board discusses the pre-proposal and provides feedback regarding the strategic value and data integration potential.
  4. If necessary, the board will also make the final determination if the acquisition constitutes an enterprise system, thus requiring it to proceed with final advisory board approval.
  5. If the acquisition has been determined to be an enterprise system, follow those steps.
  6. IT prepares a decision summary including pertinent information received, recommendations, and next steps.
  7. In the case of conditional approval, the requester is responsible for following up with IT to determine acceptable solutions and outcomes.
  8. IT may be required to contact the appropriate data steward and communicate status with the IT Executive Advisory Board.

Enterprise System 

  1. A pre-proposal is prepared jointly by IT and the requester. See pre-proposal template.
  2. Pre-proposal is submitted to the IT Executive Advisory Board, one week in advance of their next meeting in time to contact the requester with any questions.
  3. IT Executive Advisory Board discusses the pre-proposal and provides feedback regarding the strategic value and data integration potential.
  4. Information regarding the proposed acquisition will be made available on the data and systems governance site and other venues described in the proposed communication plan to obtain University community (e.g. Educational Technology Committee, the Faculty Senate Academic and Information Technology Council, and other constituent groups) feedback and endorsement.
  5. In preparation for the final approval by the IT Executive Advisory Board, the pre-proposal expanded to include the additional items required for the final project proposal template
  6. IT will work with the requester to establish which board meeting date will be the most appropriate for final approval.
  7. Final product proposal (no more than 10 pages) is sent to the advisory board, one week in advance of the meeting, for review and opportunity to contact the requester with any questions before the meeting.
  8. IT will prepare a decision summary including the pertinent information received, recommendations, and next steps. This will be sent with the final product proposal to the advisory board, before the meeting.
  9. The IT Executive Advisory Board reviews the final product proposal and votes on the proposed acquisition at the scheduled meeting.

Additional forms and information