Technology Acquisition FAQ

Software and devices used at SHSU, whether purchased or free, are required by Texas law to be reviewed to ensure compatibility, support, and compliance.

While quotes are not strictly required, they are highly recommended. An itemized quote provides a clear breakdown of products and associated costs. It should include the make, model, description, quantity, and unit cost. This detailed information gives a comprehensive view of what you wish to acquire. 

The email address is used to address technical questions. For example, we need to contact them regarding technical documentation. Inaccurate or incomplete information will slow down the approval process.

You can use these links for more detailed information about compliance requirements. 

• TAC 202 – Security Controls

• TX-RAMP – Cloud Security

• TAC 213 - Electronic and Information Services

• Section 508 of the Rehabilitation Act of 1973 

• Texas Government Code Section 552.139 – Prohibited Technology    

Standards outlined in Section 508, Title II, and TAC 213 require that all electronic and information technology (EIT) developed, purchased, maintained, or used by federal and state agencies is accessible to individuals with disabilities. This includes ensuring that people with temporary or permanent disabilities can use the requested product. To support this, we request an Accessibility Conformance Report (ACR) from your vendor. Having this information before submitting your request can help expedite the review process, though it is not mandatory for submission. 

Think about what kind of info the system will store. For example: 

• Student records, medical info, or saved credit card data? Probably Confidential. 
• Internal documents like HR files, research, operational information or non-confidential information that require additional protection. Likely Protected.   
• Info you'd be fine with putting on our public website? That's Public. 

Here's a link to the IT 06 Data Classification policy to help you decide. 

In this context, impact refers to how the university as a whole would be affected if something went wrong with the software.  For example, if it were hacked or suddenly stopped working. While the issue might cause serious problems for you or your department, it's important to think about how it could affect the entire university. Consider factors like student and employee safety, whether key services would be disrupted, how much it might cost to fix, and how it could affect the university’s reputation. To help you properly evaluate these criteria and determine the most appropriate impact level for the software, use the examples in the matrix below.