shortcutaub.ie/sitsapkb

SITSAP Review Process Overview (Based on the Software and Information Technology Services Approval Policy) 

If you have questions regarding the SITSAP review process (formerly Vendor Vetting), email vetting@auburn.edu. 

The Software and Information Technology Services Approval Policy (SITSAP) requires Auburn University to review software and technology-related services before they are used. This article explains the review process that supports that policy. The process ensures that proposed products meet university requirements for data security, privacy, accessibility, compliance, and operational suitability.

When a SITSAP Review Is Required

A SITSAP review must be completed when:

• You need software or a service from a vendor that has not been reviewed for your use case, or

• An existing approved product is due for its required three year renewal review

Steps in the SITSAP Review Process

1. Request Submission

Start a new SITSAP submission at aub.ie/vendorvetting. If you need additional time to finish your request, you can use the Save and Continue option to return later. Your request will only be processed after you have fully submitted it by clicking the Submit button. Once submitted, all requests will appear on the My Requests page.

2. Initial Check (OIT IT Asset Management)

OIT IT Asset Management performs the first review to determine whether the request is appropriate.

Possible outcomes:

• Approve and allow to continue

• Deny with comments (stops the process)

• Hold for further review and investigation

3. IT Provider Approval

The IT Provider may approve or deny the request. A denial stops the process.

4. Initial Review

Four groups review the request:

• Cash Management

• Privacy

• Cybersecurity

• Accessibility

Outcomes include Approve, Deny, or Request More Information.

5. AU Software Review

AU Software verifies that all required vendor materials have been submitted.

6. Final Review (If Needed)

Groups that previously requested more information evaluate updated materials. A final decision email is sent.

Important Notes

• SITSAP approval provides clearance to use the software or service based on compliance, security, privacy, accessibility, and operational review.

• This review does not constitute authorization to purchase. Legal analysis of vendor terms and conditions is outside the scope of this review. It is the responsibility of the purchaser to ensure that all contractual provisions are in compliance with university policies, applicable state laws, and governance requirements. This review and approval must be obtained through the Procurement and Business Services (PBS) Contract Administration office prior to initiating any purchase.

• SITSAP review is required every three years.

Helpful Links

• Software & IT Service Approval Policy
• Cybersecurity Roles & Responsibility Policy
• Data Classification Policy
• Cardholder Data Environment Policies 
• Admin Computing Coordinator Lookup
• IT Provider Lookup
• Data Security Privacy Appendix Template