Technology Review
Schools and divisions are required to have a Tufts Technology Services (TTS) Technology Review under the following scenarios:
- When purchasing IT Technologies or services involving Tufts data
- When current services are undergoing significant changes or upgrades
- When adding in new modules/software packages or services to an existing service or vendor.
- Before accepting donated software, services, or technologies.
What is Considered Information Technology or Information Services?
Information Technologies or Services are any item – hardware, software, license, system, platform, application, equipment, service – that is being considered for implementation or purchase at Tufts. Use the checklist below to guide in determining what is considered IT. If any one or more of the checkboxes are met, then a TTS Technology Review is required.
IT Checklist Questions:
- Networking:
- Does it use the Tufts wired or wireless network, or a cellular network?
- Data/Information:
- Will data from the product be sent to/from other university systems?
- Does the product collect, process or exchange data or information?
- Is data stored or hosted by the vendor in their on-premises or cloud-based platform?
- Web:
- Is there a webpage to log into to access dashboards, reports, or similar data?
- Will the product publish data to a public-facing website?
- Software:
- Is there a software/system behind the product collecting, tracking, storing, and/or managing information?
- Does it require software updates?
- Professional Services/Consulting:
- Does the scope of the service/engagement involve technology, data, medical equipment, mobile applications, or websites?
Areas of Review
Reviews include a thorough analysis of the following items:
- Solution architecture along with system and data integrations – performed by TTS Service Area Director
- Security and Privacy – performed by The Office of Information Security (OIS)
- Accessibility – performed by the TTS Accessibility team.
Examples of When to Request Review
Here are some example scenarios of when you should request a technology:
- Considering a project to address a business need that requires software and/or a cloud service. This includes purchasing or obtaining free software or services.
- Engaging consulting or hosting services for websites or mobile applications.
- Purchasing (or obtaining for free) a solution that requires integration with other Tufts’ systems or will require Tufts’ data to be pre-loaded and/or routinely updated.
- Purchasing (or obtaining for free) software or systems that may contain sensitive information, including student data, health information, sensitive personal information (SPI), regulated data, or other sensitive institutional data.
- Accepting donated software, technologies, and/or services that will be used in operational, clinical, or instructional purposes.
- Purchasing (or obtaining for free) information analysis or auditing services that will require giving access to Tufts Institutional Data that is not considered public information.
TTS also will perform security and privacy reviews for tools that will be distributed broadly and to be integrated into applications such as: Canvas integrations, Zoom apps, TEAMs apps, browser plugins, etc.
Getting Started
- Contact your service area TTS Director and discuss the project. The TTS Director must approve moving forward before the security and accessibility reviews can be performed.
- Download and complete the Background and Overview Information form
- Download and send these forms for completion to the vendor(s) involved
- Send all completed forms with the supporting documentation to: ois-securityreviews@tufts.edu and to accessibility-support@elist.tufts.edu
Other Requirements
- All solutions must use TTS central SSO for user authentication. Make sure you check with the vendor to make sure you are buying the right licenses to enable this. Sometimes a vendor requires purchasing “enterprise” licenses to get integration with Tufts authentication systems. Any concerns can be discussed during the review process.
- Follow standard purchasing and contract processes with Procurement and TTS Contracts.
More Information
- For more information about this review process, contact IT Acquisitions at ITAcquisition@tufts.edu
- For general IT support, contact Tufts Technology Services at 617-627-3376 or it@tufts.edu
Provided by Tufts Technology Services