Frequently Asked Questions
Why is a review process required for Information and Communication Technology (ICT also formerly knows as E&IT) products/services?
Executive Order 926 mandates CSU campuses to make its programs, services, and activities accessible to individuals with disabilities. This includes students, faculty, staff, and the general public who visit or attend a campus sponsored event. Section 508 of the Rehabilitation Act of 1973 requires the University, including self-support and auxiliaries, to apply accessibility standards to all Information and Communication Technology products and services that it buys, creates, uses and maintains regardless of cost or funding source. CSUF is commited to buy the most universally accessible products, and the IT Purchasing review process helps ensure adherence to CSU policy and the law .
I bought this product in the past and did not have to go through this process. Why do I have to have to go through this review process now for the same product?
In addition to compliance with CSU Accessible Procurement and Information Security policies, CSUF needs to also ensure supplier contractual terms and conditions are acceptable. In the past, our policy allowed software under $100 be bought with a p-card, but the dollar ($) amount is not reflective of the potential risk to CSUF. Areas that need to be reviewed include privacy information, vendor ability to audit our servers, limitation of liability, indemnification, and governance location (some vendors are outside the US and have different regulations). With the implementation of the online IT Purchase request form, Contracts and Procurement staff are built into the workflow and will review agreements concurrent to IT’s review. Upon approval and issuance of an authorization number, employees will have the ability to use p-cards for software purchases. Please note, there are two exceptions to using a p-card for software purchases: if there are complex terms and conditions that need to be negotiated with the supplier or if supplier does not accept p-cards as form of payment, these two circumstances require a requisition be submitted via CFS.
How do I know if my purchase request is an ICT (E&IT) purchase?
The following categories of products and services are IT purchases:
- Software applications and operating systems: licenses, subscriptions
- Web-based information and applications: websites, online surveys, "cloud based" services, subscriptions, and other content, social media sites, etc.
- Video and multimedia products and services: TV displays and tuners, projectors, media players and recorders, multimedia, etc.
- Hardware: servers, computers, laptops, tablets, monitors, input devices, storage devices, etc.
- Other office equipment: printers, scanners, copiers, kiosks, digital cameras, scientific instruments, etc.
In general, if a product fits into one of these categories, requires user interaction, and involves creating, converting, transferring or duplicating data or information, then it is an IT purchase.
What items are excluded from ICT (E&IT) purchase review?
Items exempt from the review process include, but not limited to - writeable media, removable storage, cables/adaptors, printer consumables, and other miscellaneous technology parts. For a complete list, please refer to the pre-approved consumable products document
What are the steps involved in an ICT (E&IT) purchase request?
The high-level steps are:
- Purchase requester completes ICT Purchase Request Form and uploads all required documentation and forms.
- Request is reviewed and approved by an Accessibility Specialist and IT Subject Matter Expert.
- Upon approval, purchase requester receives notification and an authorization number for their p-card or requisition form.
For detailed steps, refer to the ICT (E&IT) Purchase Request User Guide.
How long will it take for my request to be approved?
IT is commited to providing high quality customer service and will make contact with the purchase requester within 2-3 days of receipt of their request. However, the length of time it takes to receive approval fluctuates based on how long it takes the supplier to provide a VPAT and/or if there are complex data security or contractual matters that need to be addressed.
I haven't received an authorization for my request. How do I check status?
ServiceNow is designed to make the review/approval process visible to all parties involved in the request. Clicking on the link in the email you received after submitting your request will take you back into the system and display where your request is in the process. If for some reason you did not receive an email confirmation, please email for assistance.
My request was approved and I received an authorization number, now what do I do?
You may proceed with your purchase via p-card or purchase requisition via CFS. If you use your p-card, include the authorization number when you reconcile your p-card statement report. If you proceed via purchase requisition, include the authorization number within the comments section of the requisition form. The authorization number provides confirmation to Contracts and Procurement the purchase was reviewed by IT.
What is a VPAT or an ACR?
VPAT stands for Voluntary Product Accessibility Template. A VPAT is a form to be completed by the supplier that documents their product’s conformance with the Section 508 Accessibility Standards. A completed VPAT should state which criteria the product supports, and explain what features it utilizes to support accessibility. This document must be requested from the supplier if the product will be used by any number of students, the general public, or large audiences (approximately 100 or more users). The ICT (E&IT) Purchase Request Form will prompt you if a VPAT is required for the product you are requesting to purchase. The VPAT form is available on the IT Purchasing Site, under Forms and Resources.
ACR stands for Accessibility Conformance Report, it is basically a VPAT filled out and submitted by the vendor.
I provided a VPAT/ACR when I ordered this product last year, do I need to do it again?
VPATs/ACRs typically become null and void once a new version of the product is made available. We kindly request that you check with the supplier for an updated VPAT/ACR. A VPAT/ACR older than two years cannot be accepted and will need to be updated by the vendor.
What if the supplier cannot/will not produce a VPAT/ACR?
If no VPAT/ACR exists, or is deemed insufficent upon review from an ATI Specialist, the purchase requester will be asked to complete an Equally Effective Alternate Access Plan (EEAAP). The EEAAP is required to verify acknowledgement of the user’s obligation to monitor the product’s use and provide equally effective alternate access in the event of future accessibility issues.
The supplier has never heard of a VPAT/ACR. Where can I direct them for more information?
The CSU Chancellor’s Office website has information specifically for suppliers regarding the CSU’s E&IT requirement and how to provide documentation about their product’s conformance with applicable accessibility standards. Please ask suppliers to visit the Chancellor’s Office ATI Procurement page for further information.
Do iPAD apps or other mobile device apps need to use this process?
Yes, all mobile apps will need to go through the IT Purchasing process.
Do you grant exemptions to ICT (E&IT) procurements?
No, CSU Fullerton is committed to ensuring equal accessibility to our campus community and no exemptions are granted. In order to receive an IT authorization number a VPAT/ACR must pass accessibility standards or an EEAAP must be approved. If a vendor cannot produce a VPAT/ACR then the EEAAP must be approved.
Why would I need an Equally Effective Alternate Access Plan (EEAAP)?
Depending on the selections you made on the IT Purchase Authorization Request Form, the Voluntary Product Accessibility Template (VPAT) section at the bottom of the form may become a required field.
If you attached a VPAT that was deemed unacceptable or you indicated you would submit a VPAT later and were unable to do so (e.g. if the vendor did not fill out the VPAT) AND your purchase is determined to be high impact, you need to fill out an Equally Effective Alternate Access Plan (EEAAP) to meet the VPAT requirement before your IT Purchase Authorization Request can move forward.
Selecting who will use this Product/Service on Campus (Impact Criteria)
CSUF differentates between four types of categories of who will be using a product/service that is being requesting for purchase:
- One or more students in an academic setting (e.g. one or more students will use this product/service in a classroom or lab or instructional setting)
- For individual use by one or more University employees whose accessible technology accommodations are not applicable to this procurement at this time (e.g. one or more specific employees will be using this product/service and accessibility needs are either being met or are not needed)
- Unversity employees whose accessible technology accommodations are unknown (e.g. more than one employee will be using this product/service and you do not know if these employees require accessiblity accommodations to use the product/service)
- The general public/Campus wide (e.g. the product/service will be made publicly available on the campus website or the product/service will be made available to all students and employees)
What happens when an EEAAP is necessary? (Process and Roles)
Below is a graphical representation of the what happens when a EEAAP is necessary showing the process and the assigned roles:
What is the Accessible Procurement Process at CSUF?
The Accessible Procurement Process at CSUF is built within the Purchasing Workflow of our Service-Now instance. The Steps of the Process are as follows:
- An IT Authorizations Request gets submitted via Service-Now to the Division of Information Technology (IT).
- Depending on the item type requested the workflow assigns IT Subject Matter Experts (SME) to review the product. Parallel to the assignment of SMEs the request also gets forwarded to the ATI Procurement team for an accessibility review.
- The ATI Procurement Team reviews the vendor submitted Accessibility Conformance Report (ACR). In cases where an ACR was not submitted with the IT Authorization Request, the ATI Procurement Team will reach out to the requesting department and ask for the ACR to be submitted. The department will usually be asked to contact the vendor and ask them for an ACR for the requested product/service no older than two years. If the vendor cannot generate an ACR then the department will notify the ATI Procurement Team.
- For Products/Services where the ACR do not meet campus standards for accessibility or that do not have an ACR, the requesting department will need to fill out an Equally Effective Alternate Access Plan (EEAAP). The ATI Procurement Team will assist with filling out the EEAAP.
- The EEAAP will then need to be reviewed and approved by the requesting department’s director, the ATI Coordinator, and finally by the AVP of IT.
Who is Responsible for each Component of the Accessible Procurement Process?
The person/department that submits the IT Authorization Request is responsible for getting the Accessibility Conformance Report (ACR) from the vendor.
It is the manufacturing vendor’s responsibility to provide a proper ACR to the requesting person/department.
The ATI Procurement Team is responsible for reviewing and approving the ACR. They notify the requesting person/department if an Equally Effective Alternate Access Plan (EEAAP) is needed. If the ACR meets accessibility standards, then the request moves forward in the IT Authorization Process.
In cases where an EEAAP is required the requesting person/department is responsible for writing up a detailed EEAAP and following up with the vendor asking for an improvement of their product and requesting an Accessibility Roadmap for the requesting product/service.
The director/manager of the requesting person/department is responsible for reviewing and approving the EEAAP. The director/manager needs to ensure the EEAAP is complete and an equally effective solution.
The EEAAP then gets reviewed and approved by the ATI Coordinator. If there is any concern about the EEAAP the coordinator will contact the requesting person/department.
Upon approval of the ATI Coordinator, the AVP of IT will review the entire IT Authorization Request and approve.