MenuSearchA-ZSeven Schools One University

Menu

Close Menu
Info For
Resources
Seven Schools One University

A–Z

Close Menu
Strategic Sourcing and Acquisition Services
A Division of Administration and Finance

IT Procurement Compliance and Security Form

IT Procurement Compliance and Security Form

As part of UMB’s ongoing efforts to strengthen the security, accessibility, and fiscal responsibility for our information technology environment, we are implementing an IT Procurement Compliance and Security (IT-PCS) form. By completing the online form prior to making IT purchases, you can do your part to help protect UMB and your department against cyber threats, data breaches, technology incompatibility, network vulnerability, and non-compliance with relevant regulations regarding software and IT equipment.

What is the IT-PCS form?

The IT-PCS form is intended for the end-using department to share certain information regarding proposed purchases of software and certain hardware with CITS Security and Compliance, and Strategic Sourcing and Acquisition Services (SSAS). 

This form is required for the purchase of IT services, software solutions, and certain hardware to facilitate: 

  • Security and Compliance Reviews — including evaluation of SOC 2 reports and/or HECVAT's, data protection practices, and compliance with university policies.
  • Web Accessibility Assessments — ensuring technologies meet standards for usability and access for all users.
  • Integration with Central Systems — assessing whether and how new services will connect with university infrastructure such as authentication, data systems, or reporting tools.
  • Fiscal Oversight — flagging purchases for review by appropriate financial stakeholders to ensure responsible use of resources which contribute to long-term value.
  • Redundancy Checks — identifying potential overlaps with existing campus tools or services to reduce duplicative spending and promote efficient use of resources. 

Which purchases require an IT-PCS form?

  • All software purchases, regardless of cost
  • Cloud-based or third-party hosted IT services
  • Networking equipment
  • Desktops, laptops, tablets not purchased through CITS or a school’s IT department
  • Website or application development services

Which purchases do not require an IT-PCS form?

  • Computer peripherals (e.g., monitors, docking stations, mice, keyboards, USB storage devices)
  • Computer Parts (e.g., RAM, hard drives, GPU, CPU)
  • Non-networked Audio/Video equipment
  • Cables (e.g., USB, HDMI, power adapters)
  • Software purchased via CITS Software Licensing Center

How do I complete the IT-PCS form?

The requesting department will need to gather information about the IT product/service and answer questions using the online IT-PCS form. Once submitted, the proposed IT purchase will be vetted by CITS Security and Compliance and SSAS for compliance with relevant requirements. Once the review is completed and approved, the department will be notified.

What happens once the IT-PCS form is approved?

Once the IT-PCS is approved, the department may proceed with the purchase through the appropriate purchasing process (e.g. PCard purchase or Requisition).

  • For PCard Purchases, the department is required to retain a copy of the approved IT-PCS form with their PCard records for each applicable IT purchase. A PDF of the approved form should be uploaded into Quantum with the expense report for all applicable PCard IT purchases. Note that any contracts, license agreements, or other purchasing agreements for the purchase require review by SSAS by emailing the documents to SSAS-CONTRACT-REVIEW@UMARYLAND.EDU.
  • For “Free” software/hardware, the department must retain a record of the approved IT-PCS form for the life of the software/hardware.  Note that any contracts, license agreements, or other use agreements for the “free” software/hardware require review by SSAS.

How Often Do I Need to Submit the IT-PCS Form?

Only one submission of the IT-PCS form is necessary for each IT product or service, regardless of whether the payment is monthly, yearly, or one-time.

After the initial submission, the system will automatically send periodic reminders to revalidate your original submission and confirm whether the product or service is still in use at UMB. These reminders do not require new form submission. If there are changes, such as additional features, expanded scope, or new modules, the original the original IT-PCS submission should be updated to ensure it reflects the current state of the product or service.

Exceptions:

If the product or service is being expanded, or if new features or modules are being purchased, you must update your original IT-PCS form submission. This allows the review teams to re-evaluate the purchase for compliance, security, and operational impact. Such updates may be required outside of the regular review cycle.

  • One submission per product/service: No need to re-enter the form for each renewal or payment cycle unless there are significant changes.
  • Automated reminders: You will receive periodic notifications to review and confirm continued use.
  • Update required for expansion: If you add new or remove existing features, modules, or expand the scope of the product/service, edit your existing submission for a new review.

When in doubt, ask CITS Security and Compliance or SSAS

The University of Maryland, Baltimore is the founding campus of the University System of Maryland.

620 W. Lexington St., Baltimore, MD
21201 | 410-706-3100

The University of Maryland, Baltimore prohibits sex discrimination in any education program or activity that it operates. Individuals may report concerns or questions to the Title IX Coordinator. Read the UMB Notice of Non-Discrimination.
© 2024-2025 University of Maryland, Baltimore. All rights reserved.