Prepare Before Submitting a Technology Risk Assessment
Apr 24, 2025
In most aspects of life, being prepared sets you up for success in anything you do. The same goes for IT professionals submitting a Technology Risk Assessment prior to purchasing any applications, software, or hardware for their unit or department. These technologies must be assessed for security and digital accessibility compliance before they can be used for your work with the university.
Step 1: Review the Technology Reviewed for IT Compliance webpage
By reviewing this webpage, you can see if the university has an enterprise agreement with the vendor already, which means you can get the software at a discount or without additional costs to obtain, or if it is on the restricted list and cannot be used with university information or purchased by anyone with university funds. This list will save you time and money.
Step 2: Get to know the product you’re purchasing.
Whether it is researching the application or hardware device’s website, or reaching out to their sales team, it is always good to have an understanding of what the application or hardware device will do, and what type of data it will store. The information you gather ahead of time will help you fill out the Technology Risk Assessment Questionnaire. If you don’t know where to start, we recommend starting with the questionnaire itself. As you fill it out, if you come to questions you do not have the answers for, that’s when you should reach out to the sales team of that product. Then, filling out the rest of the questionnaire will be as easy as enjoying a piece of cake.
Step 3: Reach out to the vendor to get the materials ahead of time.
Getting vendors to fill out our security assessment is half the battle and typically takes the most time. Before you fill out the Technology Risk Assessment Questionnaire, reach out to the vendor to see if they can provide you with their pre-existing security documentation, such as the HECVAT Full (Higher Education Community Vendor Assessment Toolkit) and their digital accessibility documentation, such as the VPAT (Voluntary Product Accessibility Template). By having these forms ahead of time, it can speed up the risk assessment process.
Step 4: Submit the Technology Risk Assessment Questionnaire.
Now that you are prepared and have gathered all the information needed, it is time to submit the questionnaire for review. Ideally, you should submit the questionnaire one month prior to when you want to purchase the software or hardware device. This will give the Risk and Compliance team enough time to do a thorough review to ensure that you, your department, and the data you are handling with the vendor are safe and secure.
Pro-Tip: Whenever you are submitting your information to Procurement Services, you should also submit the Technology Risk Assessment Questionnaire ahead of time. This way both processes can work in parallel and reduce the amount of time it takes to complete both processes.
