IT Procurement Compliance and Security Form
As part of UMB’s ongoing efforts to strengthen the security, accessibility, and fiscal responsibility for our information technology environment, we are implementing an IT Procurement Compliance and Security (IT-PCS) form. By completing the online form prior to making IT purchases, you can do your part to help protect UMB and your department against cyber threats, data breaches, technology incompatibility, network vulnerability, and non-compliance with relevant regulations regarding software and IT equipment.
What is the IT-PCS form?
The IT-PCS form is intended for the end-using department to share certain information regarding proposed purchases of software and certain hardware with CITS Security and Compliance, and Strategic Sourcing and Acquisition Services (SSAS).
This form is required for the purchase of IT services, software solutions, and certain hardware to facilitate:
- Security and Compliance Reviews — including evaluation of SOC 2 reports, data protection practices, and compliance with university policies.
- Web Accessibility Assessments — ensuring technologies meet standards for usability and access for all users.
- Integration with Central Systems — assessing whether and how new services will connect with university infrastructure such as authentication, data systems, or reporting tools.
- Fiscal Oversight — flagging purchases for review by appropriate financial stakeholders to ensure responsible use of resources which contribute to long-term value.
- Redundancy Checks — identifying potential overlaps with existing campus tools or services to reduce duplicative spending and promote efficient use of resources.
How do I complete the IT-PCS form?
The requesting department will need to gather information about the IT product/service and answer questions using the online IT-PCS form. Once submitted, the proposed IT purchase will be vetted by CITS Security and Compliance and SSAS for compliance with relevant requirements. Once the review is completed and approved, the department will be notified.
IT Procurement Compliance and Security (IT-PCS) form
What happens once the IT-PCS form is approved?
Once the IT-PCS is approved, the department may proceed with the purchase through the appropriate purchasing process (e.g. PCard purchase or Requisition).
- For PCard Purchases, the department is required to retain a copy of the approved IT-PCS form with their PCard records for each applicable IT purchase. The PDF of the approved form should be uploaded into Quantum with the expense report reconciliation for all applicable PCard IT purchases. Note that any contracts, license agreements, or other purchasing agreements for the purchase require review by SSAS.
- For Purchase Orders, the department must attach the PDF of the approved IT-PCS form to the Quantum requisition
- For “Free” software/hardware, the department must retain a record of the approved IT-PCS form for the life of the software/hardware. Note that any contracts, license agreements, or other use agreements for the “free” software/hardware require review by SSAS.
Which prospective IT purchases require an IT-PCS form?
- Software purchases, regardless of price.
- Networking equipment.
- PCs, desktops, laptops, tablets.
- Cloud or third-party hosted IT services.
- Website development services.
- Software/application development services
Which IT purchases do not require an IT-PCS form?
- Mice, keyboards
- Speakers, monitors
- A/V equipment (unless network connected).
- Cables (USB, HDMI, etc.)