Technology Product Review Process
***NOTE*** - Product and/or Vendor Reviews may take up to 8 weeks to complete depending on the information made available to IT Security. Please plan and allow for this time accordingly to ensure we are complying with University Policy and regulatory requirements.
Risk Management Program
As part of the OUHSC IT Risk Management program all information system resources must undergo a risk assessment process to properly identify risks and determine appropriate responses and controls.The level of this assessment will be determined by the classification of the information system resource and its data.
Product Review Policy
All information system resources receiving, storing and/or transmitting University data must have a Product Review completed by OUHSC IT to identify risks and necessary regulatory controls. Information System Product Review Policy
Information Technology will review technology products for compatibility, interoperability and compliance with security and other requirements. Depending upon system type and classification, the review process may be relevant for products that are in production, development, acquisition, or revision. This could include asking an external service provider to respond to an OUHSC Information Security questionnaire or asking the IS Administrator to respond to an OUHSC Information Security questionnaire.
Currently, products are initially assessed using the four questions below:
- Does this product interact with University data?
- Will this product connect to the OUHSC network and/or communicate with any computer or telecom system?
- Does this product require application development, web development or database connectivity?
- Is the IT Service Desk expected to provide support for this product?
After submitting your request, IT Security will schedule two conference calls to discuss the nature of your request and to provide any Information Security recommendations identified as part of the assessment.
Terms and Conditions
Please note that the Terms and Conditions of any technology purchase must be approved by Purchasing and/or Legal prior to the purchase.
Departments from the HSC-Oklahoma City campus can begin the review process by completing this form. Upon submission, a ticket will be created with the IT Service Desk to ensure the request is tracked and routed as necessary to the appropriate IT departments for their review.
The requestor information is needed should IT require additional information about the product's function and use. The Primary Name should be the person who originally requested and will be using the product. The Secondary Name can be a person supporting the purchase or implementation process such as an administrative assistant or a Tier 1.
New instructions for the Information Technology Product Review process:
The review begins in and is controlled by the automated system used by HSC Information Technology to manage requests.
The first step in the process is to login to Service Now by visiting the http://ServiceNowLoginPage. You will be re-directed to the HSC Information Technology self-service system where you can sign in using your normal OUHSC UserID and Password
After logging in, go to http://it.ouhsc.edu/servicecatalog.
When prompted to select a campus, select Oklahoma City.
Select Product Review in the Professional Services section.
Read the information in the top portion if you are unfamiliar with the process. Some of the data will already be filled in for you, such as your UserID, Department, and Campus phone number. Complete the Product Review request form with as much detail as possible. Providing as much information as possible when the item is first sumbitted for review will expidite the request.
When the form is complete click on the ORDER NOW button in the top-right portion of the webpage to submit the item for review.
After you have chosen the Order Now button you may log out of the IT self-service system.
You will receive an email from firstname.lastname@example.org for each item you have requested for review. Please use the request numbers provided in this email if you have to ask for further assistance from IT.
When the Review process is complete, you will also recieve another email informing you of the completion of the review and providing you with a link to the complete review, including both the information you submitted and any Inforamation Technology feedback or recommendations. It is this information that may be requested by Purchasing prior to any order being placed.
Revised on 10/28/2014 to update the ServiceNow URL and provide updated screenshots of the request process.
Revised on 12/11/2014 to remove the link to the MS Word request form since the form has moved to ServiceNow.