Introduction

Welcome to the IT Compliance Review Preparation Guide for Researchers. This page provides essential information to help you prepare for an IT compliance review, specifically for those ordering instrumentation that includes dedicated computer systems and/or software.

Required Information

Software

• List Required Software: Provide a detailed list of all software that comes with your instrumentation.
• Licensing Information: Include details about software licenses, including expiration dates and compliance with licensing agreements.
• Use Case: Provide your intended use case for the software at a level anyone could understand.
• Version Details: Ensure all software versions are current and supported.

IT-Related Hardware

• Dedicated Systems: Document any dedicated computer systems that come with your instrumentation, including their purpose and configuration (operating system, networking requirements, etc).
• Storage Devices: List all storage devices associated with your instrumentation, such as external hard drives and network-attached storage (NAS).
• Cloud Services: If applicable, list any cloud services used, including the type of data stored and the security measures in place.

Vendor Information

• Vendor List: Provide a list of all vendors supplying your instrumentation and software, including contact information for representatives that you have been working with and the services/products they provide.
• Contracts and Agreements: Include copies of contracts, license agreements, support agreements, terms, etc. from each vendor.
• Compliance Certifications: Ensure vendors have provided necessary compliance certifications (e.g., SOC 2, ISO 27001, HECVAT). These are especially important if any of the vendors you are working with will be offering cloud services for storage, applications, etc.

Regulatory Compliance

• HIPAA: Be aware of requirements related to the Health Insurance Portability and Accountability Act (HIPAA) if your software or service will work with health information.
• FERPA: Be aware of requirements related to the Family Education Rights and Privacy Act (FERPA) if your software or service will work with student information.
• Accessibility: Be aware of requirements related to digital accessibility with your software or service when it's used in a classroom setting.

Deadlines and Timelines

• Submission Deadlines: Clearly state the deadlines for submitting all required information.
• Review Schedule: Outline the timeline for the compliance review process, including key dates for initial review, follow-up, and final reporting.

Additional Resources

• Quick Tips for IT Compliance
• IT Compliance
• IT Help Desk
• Office of the Vice Chancellor of Research and Innovation Compliance Resources
• Frequently Asked Questions