IT Contract Approval

Campus Departments and Colleges use this process to submit required documentation for approval of IT-related contracts and/or service agreements. Information submitted is reviewed for technical and contractual accuracy:

  • Technical Review:  Information Technology Department (IT) approval of all contracts or service agreements that involve IT resources and relates to accessibility and data security. 
  • Contract Review:  The Procurement Office requires IT approval prior to finalizing any IT- related service agreement or contract.


If the answer to ANY of the following questions is "YES", then the product or service being procured, implemented or changed (such as adding a new service under the contract) has an IT impact and shall be subject to this process:

  1. Does it connect to (or use) the campus network?
  2. Will it be accessed through the Internet?
  3. Will users be authenticated through CSUMB single sign-on (SSO)?
  4. Is there equipment or software that will need to be installed or maintained?
  5. Will any CSUMB data (student, employee, donor, etc.) be accessed, stored or used by the product or service? If so, is it Level 1 and/or Level 2 sensitive data?

If you answered "YES" to any of the above questions, follow the steps below to complete and submit the IT Contract Approval Ticket.

Steps to Complete Prior to IT Contract Submittal (Campus Department):

Step 1: Complete Project Request and Vendor Selection Process

  1. Ensure that the project proposal has been vetted through the appropriate IT Project approval process. This includes contract renewals.
  2. Complete Vendor Selection Process appropriate for dollar amount of agreement. See Vendor Selection Process Knowledge Base article.
  3. Consult with the Project Management Office ( about any aspect of this process to ensure timely approval and processing.

Step 2: Provide the following documents to the Vendor:

  1. Complete the Accessibility Conformance Report (aka VPAT):  Vendors should already have a completed document for their products.
  2. Find the following on the CSYOU Systemwide Procurement page:
  • General Provisions-IT:  Ask the Vendor to review and notify you if there are any issues.
  • IT-Supplemental Provisions for Acquisitions:  This document provides additional contract details that may be added if sensitive data is involved.
  1. For risk assessment when sensitive data is involved, complete the HECVATFULL3.02 excel spreadsheet located under the Attachments section of this service page (in the last navigation box on the right side of this page). This document outlines questions that must be addressed if sensitive data is involved. (Refer to Educause Higher Education Community Vendor Assessment Toolkit for more information). Attach the completed spreadsheet to the IT Contract Approval Ticket.

Step 3: Additional documentation that may reduce the amount of time necessary for review:

  1. Contact Procurement to determine if there is an existing:
    • Master Enabling Agreement (MEA) in CSUBUY. If so, our campus may be able to use that contract language.
    • Agreement between the vendor and another CSU for the same service. If so, this may result in streamlining the CSUMB review process.  

Step 4: Collect the following information from the Vendor and attach to the IT Contract Approval Ticket:

  1. Completed Accessibility Conformance Template (aka VPAT)
  2. Any comments regarding the General Provisions or  IT Supplemental Provisions.
  3. Completed HECVAT, if sensitive data is involved.
  4. Quote
  5. License Agreement 

Step 5: Department Submits IT Contract Approval Request:

  1. Department completes the IT Contract Approval Form (Submit IT Ticket button at top right).
  2. Address questions about handling Sensitive Data in the IT Contract Approval Form.
  3. Attach required documentation from Vendor (VPAT, HECVAT, General Provisions, IT Supplemental Provisions, Quote and License Agreement, as applicable).
  4. If this is a Contract renewal, attach a copy of the original contract, as well as the revised contract.

IT Review Process After Submission:

  1. The Request will be reviewed by the Chief Information Officer (CIO) and two Accessible Technology Initiative (ATI) Committee members within 10 business days of submittal.
  2. The Information Security Officer (ISO) will work with the Vendor, Requestor and other IT Managers to determine any Risk Prevention requirements. 
  3. Within 15 business days of submittal, the Department will be notified of approval status or if additional information is required.
  4. The IT Service Agreement will be prepared with any specific Supplemental Conditions for use by the Procurement Office.
  5. After IT approval, the Requestor will forward all contract documents (including any IT provisions) to the Procurement Office for signatures.


Please contact Sandra Amorim Ruiz ( or Oscar Lemus ( with all questions about general vendor and contract requirements.

Please contact the IT Project Management Office ( with any questions about this process.