Vendor Vetting is an essential part of acquiring software or services at Auburn University. This article will help explain and guide you through the process.
There are four total steps to complete the request for software, and each are provided in detail below.
- Request Submission
- IT Provider Approval
- Initial Review (Cash Management, Privacy, Cybersecurity, and Accessibility)
- AU Software Review
- Final Review: If Necessary (Cash Management, Privacy, Cybersecurity, and Accessibility)
Resources
- Software & IT Service Approval Policy
- Cybersecurity Roles & Responsibility Policy
- Data Classification Policy
- Cardholder Data Environment Policies
- Admin Computing Coordinator Lookup
- IT Provider Lookup
- Data Security Privacy Appendix Template
Request Submission
- There is a need for a service or software provided by an unvetted vendor
- To learn more about vetting or to review previous vetting requests, use this link: https://aub.ie/vendorvetting
- To learn more about vetting or to review previous vetting requests, use this link: https://aub.ie/vendorvetting
- Navigate to the form linked here: https://aub.ie/vendorvettingform, and complete it.
- You do have the ability to "Save and Continue." This allows you to save your progress without submitting the request and come back to submit at a later time.
- You do have the ability to "Save and Continue." This allows you to save your progress without submitting the request and come back to submit at a later time.
- After submitting, you'll be able to see all of your requests and their status on the "My Requests" page linked below, but the information is also available from the navigation tab on the site.
IT Provider Approval
At any time, the IT Provider can check on requests they are responsible for by navigating to the same My Requests page as mentioned before and linked here. My Requests Page
- The first step after submission is for the IT Provider to review and make a decision on the request.
- The IT Provider will receive an email with instructions and a link to a task for them to review the submission.
- The IT Provider will need to approve the request for it to continue, but they also have the ability to deny the request and leave comments. Denying the request stops the process and sends the submitter a notification.
Initial Review
- After IT Provider Approval, the following groups will start their initial review. These groups will decide to approve, deny, or request additional information from the vendor.
- Cash Management
- Privacy
- Cybersecurity
- Accessibility
- Status explanations
- Approve: The group has completed review for this software or service.
- Deny: If any group denies a request, the entire request is denied and notifies the submitter.
- Request more information: The group needs more info to make a decision and an email is sent to the vendor.
- After this information is returned, AU Software begins their review.
AU Software Review
- AU Software verifies the data received from the vendors is complete and then sends the request for final review.
Final Review
- Each of the initial reviewing groups that requested more information will now review the new information and make their decision.
- A decision email is sent to the user, and all other parties involved with the decision and comments pertaining to the ruling.