Latest News
Section 508 requires that Information and Communication Technology developed, used, maintained, or procured be accessible to people with disabilities. The CSUDH Information and Communication Technology procurement process helps ensure that the products and services procured by CSU Dominguez Hills are accessible. This process applies to purchases and adoptions of Information and Communication Technology, regardless of the cost or funding source (e.g., State, Foundation, Athletic Corporation, Federal and State grant funds.) The requirement for Accessible Information and Communication Technology extends to "free" products, trial software, or services and includes campus' developed technology.
The Procurement Process consists of four significant steps:
Information and Communication Technology and other equipment, systems, technologies, or processes, for which the principal function is the creation, manipulation, storage, display, receipt, or transmission of electronic data and information, as well as any associated content, is considered Information and Communication Technology and is subject to CSUDH's procurement process.
High impact products are when:
Campus Information Technology environments are rapidly changing, and the speed of cloud service adoption is increasing. As campuses deploy or identify cloud services, they must ensure the cloud services are appropriately assessed for managing the risks to the confidentiality, integrity, and availability of sensitive institutional information and the PII of constituents. Both cloud providers and cloud consumers are wasting precious time creating, responding, and reviewing such assessments.
The Higher Education Community Vendor Assessment Toolkit (HECVAT) attempts to generalize higher education information security and data protection questions and issues regarding cloud services and on-premise systems for consistency and ease of use.
Depending on the type of the data stored/transferred with your system, InfoSec office will require additional security reports such as SOC 2 Certification, Full HECVAT, Lite Condensed HECVAT, or On-Premise HECVAT.
For requesting student data to integrate with your system, you may use this link to Request Permission to Student Data. Requests will be reviewed and vetted by the InfoSec Office and the office of the Dean of Students. Depending on your request, we may need to have you explain these requests more thoroughly.
The Information Security and Compliance Office requires all qualifying software and hardware purchases by the university to go through security screening using the HECVAT process. Before purchasing, ask the vendor to fill out the HECVAT forms and send those to ISO@csudh.eduor upload it with your purchase request.
Please be aware that purchases that require student and employee data will require extra time to go through the vetting process. Based on this process, Security and legal provisions will be added to the contract. Please keep in mind that the procurement and InfoSec Office have to communicate these provisions with the vendor, and it may take weeks to be accomplished.
If you have been identified as a potential host or handler of California State University, protected level one or level two data (ICSUAM 8065.s02). If you will be storing, transmitting, or processing sensitive (level one or level two data), per the CSU Cloud Storage and Services Standard (ICSUAM 8065.S003), you must provide the campus with a Higher Education Cloud Vendor Assessment Tool. This information will be used by California State University campuses, which is a single legal entity. You may choose to send your recent SOC 2 Certification instead of HECVAT.
This questionnaire was specifically designed to help higher education institutions. The HECVAT is widely accepted across higher education institutions, and by producing this document now, you will be better prepared to pursue future contracts in the higher education space. If you are providing consulting services or software that will be hosted on the campus, we would still ask you to provide the sections of the On-Premise HECVAT.
Depending on the impact your purchase/contract or renewal may have on the Information Technology Division or the campus, in general, you may need to answer additional questions throughout the approval process.
The Information Security and Compliance team will connect you with the appropriate I.T. department for extra information to facilitate this process. We may also require direct communication with the vendor to verify their technical documents and specifications.
We will require oversight access to the purchased system for extensive implementations/integrations that impact the university enterprise systems.
If you are submitting an order, we WILL check I.T. inventory to see if the university already has inventory or holds additional licenses to offer you. All university purchased devices such as Laptop, desktop, tablet, and etc. will be managed by CSUDH Mobile Device Management software, regardless of the type of funding. This process applies to purchases and adoptions of Information and Communication Technology, regardless of the cost or funding source (e.g., State, Foundation, Athletic Corporation, Federal and State grant funds.)
For Apple devices, we require the Apple Education Official quote. You may Contact the Campus Education Rep, Tiger Leonard <tiger@apple.com>.
Please be aware that purchases and contracts requiring Student or Employee data will require extra steps to get approved.