page

Berea College

<h5>Generally, the requestor or related individual within the College will. However, you may also have your vendor contact assist with or fill out the checklist for you.</h5>


Who fills out the checklist?

<h5>This greatly depends on the type of data that is being stored/processed by the application in question and the scope of its users. If there is sensitive/regulated data, the College requires up-to-date documentation detailing the organization’s security controls. Below is a brief list of common types of documentation and their requirements:</h5>
<p>&nbsp;</p>
<h5><strong>Service Contract</strong> – The contract between the vendor and the College.  This should be included with every checklist.<br />
<strong>SLA Contract</strong> – Service Level Agreement document which should be included with every checklist.<br />
<strong>VPAT</strong> – Voluntary Product Accessibility Template<br />
Please include if it is mandatory to use this product/application to complete College business/academic tasks.<br />
<strong>SOC2</strong> – Service Organization Controls report;<br />
Please include if your application stores or processes sensitive/regulated data.<br />
<strong>HECVAT</strong> – Higher Education Community Vendor Assessment Toolkit<br />
Please include if your application stores or processes sensitive/regulated data.<br />
<strong>Data Steward approval – </strong>If your application stores sensitive/regulated data, you will need approval from the respective Data Steward.</h5>


What supporting documents do I need?

<h5>The sooner, the better!  There are multiple individuals and departments that can be involved, and thus their availability might not sync up.  If you require technical changes such as Single Sign-On integration or network and email changes, please allow for at least four weeks lead time.</h5>


Software Acquisition Checklists