MENU

The ITCS Technology Assessment is triggered by the following actions:

  • Discovery of an existing technology and/or service that has not been assessed
  • Changes in the use case of an existing technology and/or service that may lead to new security or compliance threats
  • Requests for the acquisition of a new technology an/or service

The launch of an ITCS assessment shall occur due to the following:

  • New Technology (purchase):
    • Requisition
      • Materials Management shall submit a request to ITCS to begin the assessment process
    • ProCard
      • Department/college shall submit a completed assessment to begin the process
  • Existing Technology:
    • Technology has never been assessed
    • College/department use case has altered, deeming a re-assessment necessary*

*Cloud-based solutions utilizing sensitive data shall be reviewed ANNUALLY or during renewal cycle.

Additional guidance for ONLINE INSTRUCTIONAL TOOLS can be found via: www.ecu.edu/onlinetools/

What Information Do You Need?

If a college/department is proposing a cloud-based solution, please gather the following information before completing this assessment:

  • Geographic location of vendor or 3rd party data center
  • Description or copy of vendor or 3rd party security policy
  • Description of the authentication process along with the link (URL) in which users will access the system
  • Details on auditing capabilities of software
  • Details on username and password configuration including encryption methods
  • Details on data encryption in transit and in storage
  • Description or copy of your college/department Business Continuity Plan if the software/application is unavailable
  • Description or copy of Disaster Recovery Plan for entity hosting data
  • Details on adherence to ADA regulations
  • Report or letter from entity hosting data certifying they have had a successful SSAE16 or SOC report completed from a credentialed auditing firm within the last year
If a college/department is proposing a solution hosted onsite, please gather the following information before completing the assessment:
  • Description of the authentication process
  • Details on auditing capabilities of software
  • Details on data storage location
  • Details on username and password configuration including encryption methods
  • Description or copy of your college/department Business Continuity Plan if the software/application is unavailable

Assessment Workflow
text description

  project assessment process, June 2016
Questions?

Contact the Central Project Office at cpo@ecu.edu