The checklist is available in the Article Attachments section at the bottom of this page (click the + to expand the list).

There is also a Knowledge Article available in the Article Attachments section below, which should answer any questions you have when filling out the checklist.

If they have not already been provided, please request the following documents from the vendor. With any of these documents, it is possible that the vendor does not have them. Knowing that fact is important to our review.

1. 1. Contracts:
      1. Any and all contract documents – anything we are expected to sign or be bound by, even things that exist online, including any terms and conditions, order forms, etc.
   2. Information Security:
      1. A copy of their SOC2 report or any other data security audits they have recently completed.
      2. Any related data security procedure documents.
   3. Accessibility:
      1. A copy of their Voluntary Product Accessibility Template (VPAT) and/or Accessibility Conformance Report (ACR) for the product(s) in question.
   4. Risk:
      1. Their current Certificate of Insurance (COI).
         1. We require that the COI show UVM as the Certificate Holder.
         2. If the vendor has Cyber Risk Insurance, make sure that is included on the COI.
            1. Cyber Risk Insurance may be contained in other coverages (Errors and Omissions coverage, etc), so ask that the vendor make sure that the COI is explicit in mentioning Cyber Risk coverage if they have it.
         3. Ask the vendor to list UVM as an additional insured on the COI.

You may want to provide any feedback from the vendor, for example: which documents they didn’t have and why. Email these documents to Technology.Review@uvm.edu.

The Technology Review team will create a FootPrint that will serve as the repository for the review documents and facilitate the workflow as the review moves forward.

Throughout the Technology Review process, you may be asked questions about various aspects of the Project in an effort to fully understand the scope. It may be necessary to bring the vendor into the discussion. The reviewers will work with you to make the determination as to whether input from the vendor is needed and how best to communicate with the vendor.

Once the Technology Review is complete, you will receive an update through the FootPrint providing any feedback and suggested next steps. Generally this will be in the form of suggested contract language, either through redlines or with specialized UVM addenda. The project will then move to Final Review and Approval.

James Evans, the IT & Accessibility Contract Analyst from the Purchasing department, will complete a general contract review which may involve the Office of General Counsel as needed. Once the review is complete a final approval will be issued, which will include the next steps required (such as the circulation of contract documents for signature by the parties). Please follow closely the articulated next steps that accompany the final approval so that the project can swiftly move to completion.

For planning purposes, please expect Technology Reviews to take 4 weeks.

The Technology Review will occur on the purchase, license, or usage of hardware, software, professional services and/or software maintenance (the “Project”), whether it’s a new contract or a renewal.