All investments in technology applications, software and services that share and transmit VCU data with a third party vendor or institution, regardless of price.
Any SaaS (Software as a Service)* software that is accessed online via a subscription.
*SaaS or Software as a Service: a method of software delivery and licensing in which software is accessed online via a subscription.
This includes investments purchased for departmental use via P card, as well as larger investments that are contracted with assistance from Procurement Services.
What is not reviewed by IT Governance?
Hardware purchases such as computers, technology accessories, classroom hardware technology, etc.
Software purchases where there is NO third party SaaS (Software as a Service)* vendor receiving/storing/transmitting VCU data. These purchases are most often purchased and installed on individual computers.
What happens if I do not put an IT investment through IT Governance review?
Governance review is required due to:
Accessibility compliance requirements.
Risk management for data security and data privacy.
Reporting requirements on software subscriptions from the VCU Controller's office.
Not utilizing the Governance process prior to purchase puts both the individual and the corresponding department/unit in violation of our Business Partner Security Standard.