Software Acquisition Checklists

Software Acquisition Checklists

The Software Acquisition Checklists are tools used with Berea College’s Vendor Risk Management system and are part of the procurement process. This system ensures that proper due diligence was completed in assessing a vendor’s security controls and posture when evaluating the use of software/applications before purchasing.

What are the steps to this process?

Complete the relevant checklist for your application and attach all supporting documentation. The Checklist will then be routed to all required stakeholders for approval. Due to the number of individuals involved in this process, we ask for one week’s lead time. Once all signatures are in place, the requestor will be notified the process is complete, and they may move toward the next steps in the procurement process.

What checklist do I need?

For software that will be installed locally, either in Berea College’s data center or Berea College endpoints, please use this link: Locally Installed Application Acquisition Checklist

For applications that are stored offsite, aka “in the cloud,” please use this link: Cloud Solution/SaaS Application Acquisition Checklist

What if I need to renew an already existing application?

Checklists are subject to annual review, typically done around the renewal of the application. Please note that if there has been a change in ownership of the vendor, different data being stored/processed or a change in functionality (ex: application now accepting credit cards), you will need to complete a new checklist with the updated information.

For all locally installed applications: Locally Installed Application Renewal Checklist

For cloud-based (externally hosted) SaaS solutions: Cloud Solution/SaaS Application Renewal Checklist

If you have a question that wasn't answered above, feel free to email the group.