Investments reviewed by IT Governance

What types of IT investments need to be reviewed?

  • All investments in technology applications, software and services that share and transmit VCU data with a third party vendor or institution, regardless of price.
  • Any SaaS (Software as a Service)* software that is accessed online via a subscription.
    • *SaaS or Software as a Service: a method of software delivery and licensing in which software is accessed online via a subscription.
  • This includes investments purchased for departmental use via P card, as well as larger investments that are contracted with assistance from Procurement Services.
  • All IT investments at VCU must be re-reviewed by IT Governance during the contract renegotiation/renewal process (generally on the 3-5 year contract cycle). If an investment does not have a contract and is still in use, please submit for re-review every 3 years. 

What is not reviewed by IT Governance?

  • Hardware purchases such as computers, technology accessories, classroom hardware technology, etc.
  • Software purchases where there is NO third party SaaS (Software as a Service)* vendor receiving/storing/transmitting VCU data. These purchases are most often purchased and installed on individual computers.

What happens if I do not put an IT investment through IT Governance review?

  • Governance review is required due to:
    • Accessibility compliance requirements.
    • Risk management for data security and data privacy.
    • Reporting requirements on software subscriptions from the VCU Controller's office.
  • Not utilizing the Governance process prior to purchase puts both the individual and the corresponding department/unit in violation of our Business Partner Security Standard

What AI technology needs to be reviewed?

  • Generative AI technology or other technology that utilizes AI must be vetted and approved for use by IT Governance. 
  • See our list of approved generative AI tools that are available for use by VCU faculty, staff and students. This list is updated as more tools are procured and made available enterprise-wide.
  • ChatGPT is not currently licensed VCU-wide. If a faculty or staff member would like to purchase a ChatGPT subscription to support their work or teaching, their school or unit IT support can submit an IT Governance request for a ChatGPT Teams subscription. Once this is approved the school/unit can purchase the Teams license and manage user accounts for their supported faculty and staff.
  • Students do not need IT Governance approval to use ChatGPT for their own personal accounts, but are reminded to not share any confidential or sensitive data and to adhere to our AI Use Guidelines
  • If a technology in use at VCU that has already been reviewed and approved by IT Governance has new AI functionality or features, please reach out to itgov@vcu.edu for further instruction on how to get these features reviewed.