Investments reviewed by IT Governance

What types of IT investments need to be reviewed?

  • All investments in technology applications, software and services that share and transmit VCU data with a third party vendor or institution, regardless of price.
  • Any SaaS (Software as a Service)* software that is accessed online via a subscription.
    • *SaaS or Software as a Service: a method of software delivery and licensing in which software is accessed online via a subscription.
  • This includes investments purchased for departmental use via P card, as well as larger investments that are contracted with assistance from Procurement Services. 

What is not reviewed by IT Governance?

  • Hardware purchases such as computers, technology accessories, classroom hardware technology, etc.
  • Software purchases where there is NO third party SaaS (Software as a Service)* vendor receiving/storing/transmitting VCU data. These purchases are most often purchased and installed on individual computers.

What happens if I do not put an IT investment through IT Governance review?

  • Governance review is required due to:
    • Accessibility compliance requirements.
    • Risk management for data security and data privacy.
    • Reporting requirements on software subscriptions from the VCU Controller's office.
  • Not utilizing the Governance process prior to purchase puts both the individual and the corresponding department/unit in violation of our Business Partner Security Standard