Section Menu

Access For All

TAR Process Overview 

Stanislaus State technology acquisitions, whether purchased or obtained at no cost - including free software, are to be reviewed for Enterprise Support, Accessibility and Information Security compliance before acquisition. The Technology Acquisition Review Process (TAR Process) has been established to conduct product reviews that will be used to determine the level of support required from the Office of Information Technology for the following: 

  • Support and service models;
  • Potential integrations that may be needed with other systems or data;
  • To establish if there is existing similar technology already in use on campus to prevent redundant costs;
  • IT process alignment;
  • Any timing or scheduling constraints.

Technology acquisition reviews (TARs) are also to be used to:

  • Reduce IT costs;
  • Meet compliance requirements with CSU policies and Stanislaus State practice directives for data and system protection and accessibility; and
  • Reduce the risk of data breaches resulting in: harm to CSU; individuals or intellectual property rights; and any associated legal/reputational penalties.

TAR Process Steps

  1. Check the authorized list and use authorized technology where possible.
  2. The Stanislaus State faculty or staff member who is most knowledgeable about the technology should be the individual who completes and submits the TAR form in Team Dynamix. Assistance from the Office of Information Technology support staff may be requested if necessary. The more detailed information received, the quicker the review can be completed.
  3. TAR Process requests will be tracked using service request tickets created in Team Dynamix.
    • Requestor provides the requested documentation and responds to additional questions.
    • Office of Information Technology teams will review the request to determine support and service level models needed, integrations, and IT process alignment, and to reduce potential redundant technology and any timing constraints. This will be the first level of review and approval is needed before the request is submitted for security/privacy or accessibility reviews.
    • Information Security team members determine if supplemental IT contractual terms are needed.
    • Accessible Technology team members determine compliance with ATI policy.
    • TAR Requests will be updated to indicate if the requested technology has been approved or not approved.
  4. When submitting their purchase request, the requesting department must provide Procurement & Contract Services with the approved TAR Request number and documentation.

Timeline for TAR and Purchasing Process

The timeline to complete a TAR review is estimated at a minimum of 10 business days. Complex review cases or cases requiring legal involvement may require additional time to review. TAR reviews should be requested in advance to minimize delays in the procurement process. Completing the TAR review is a prerequisite of the procurement process, and the timeline does not include the time required by Procurement & Contract Services to complete the purchase. If your proposed technology or service involves any of the following components, please contact the respective business areas and obtain their written approval, which should then be submitted with the TAR Request. This will help us process your request faster.

  1. Any TAR that collects money requires the approval of Financial Services.
  2. Strategic Communications and Marketing must approve any TAR that involves marketing, branding, advertising, and social media.

Maintenance and Renewals

TAR reviews will be completed every three years for authorized technology products that are for maintenance purposes or are a renewal, where:

  1. The scope of deployment and the technology and/or technology services have not changed.
  2. There are no changes to functionality or capabilities, regardless of whether they are turned on or not.
  3. Replacement parts are the same or similar to the part being replaced.

Providing Procurement & Contract Services with the original approved TAR service request number is necessary. If you need help locating a previously-approved TAR, please contact the Office of Information Technology Support Desk.

Mandatory Technology Reviews

TAR reviews are always required for the following items:

  1. Drones
  2. Domain Registration Services (initial requests and renewals) – this is for tracking and compliance reasons.

Assess if a Review is Needed FAQs

Yes, a review is needed even if another department has an approved TAR, unless the product or service is on the authorized list. Adding more users may change the support model, accessibility impact, and/or security risk. Prior reviews can expedite new TAR reviews. Please reference the previously approved TAR in the notes section of the form. Technology acquired by more than one unit is considered for campus-wide acquisition and pre-approval. 

Yes, a review is needed even if another CSU campus has already acquired the technology. Enterprise. Information Security and Accessibility reviews copies of contracts from other campuses to help expedite TAR reviews. Submit the TAR form with any supporting documentation you have, such as: emails, another campus' Higher Education Cloud Vendor Assessment Tool (HECVAT), links to CSUBUY Contract Store documents, and copies of contracts. By providing as much detail and support as possible, these may help expedite TAR reviews. 

Yes, a review is needed even if used by one employee, unless it’s for online instruction of 20 or fewer employees. Technology that stores or processes sensitive data or connects to the campus network may impact other software on laptops/desktop computers or could have a security risk. Technology used to create or manage information can introduce accessibility barriers for other individuals. In addition, the TAR process helps centrally collect and manage the campus software and services inventory to demonstrate compliance with software licensing requirements. Technology acquired by more than one unit is considered for campus-wide acquisition and pre-approval. 

No, a TAR is not needed for Qualtrics Panels. Acquisition of these services should be coordinated with Procurement & Contract Services.

If the scope or nature of deployment changes, please submit another TAR Form. An example of scope change is expanding the technology to more users. An example of the nature of deployment changing is changing a workflow to collect confidential data elements that weren’t being collected previously.

Software that is not under an existing campus or systemwide agreement or that has not been authorized via the campus TAR Process cannot be purchased on a campus procurement card. All software purchases must complete the review process and receive authorization from Office of Information Technology and Procurement & Contract Services prior to a completed purchase. Only software that is under an existing agreement or has received authorization from Office of Information Technology and Procurement & Contract Services can be procured on a campus procurement card.

A TAR is NOT required for internal events held using Zoom or Teams. Please follow accessibility guidance for these events.

A TAR will not be required when Stan State employees attend training (in person or online), professional development events or online conferences/events, including payment of associated registration fees.

A TAR is still required when students use a third-party instructional course or platform.

Completing the Form FAQs

The requestor (contact) should be the Stanislaus State faculty or staff member who is most knowledgeable about the technology being reviewed. Some of the questions are technical and may require consulting the Vendor or Office of Information Technology support.

Contact the Office of Information Technology Support Desk to request assistance completing the TAR form.

All questions must be answered accurately before a review can be completed. If a question is not answered, the highest possible risk will be assumed. Contact the Vendor or Office of Information Technology Support Desk to obtain assistance completing the TAR form.

Visit and log into Team Dynamix using your Stanislaus State ID and password. After logging in, your requests will be listed and can be selected to review details.

f you have questions contact the Office of Information Technology Support Desk.

Review Process FAQs

There are three ways to find out the status of a review:

  1. The Requestor, Procurement & Contract Services, or a member of the Office of Information Technology Support Desk staff can log in to Team Dynamix and look up the status.
  2. The Requestor can review previously received ticket email messages.
  3. Contact the Office of Information Technology Support Desk.

Yes; Enterprise Support, Information Security, and Accessible Technology team members are available to assist during the project planning phase. Assistance is available to ensure Requests for Proposals (RFPs) include necessary technology, operational, and integration requirements, information security and privacy requirements, accessibility requirements, and associated contract terms.

If you have questions contact the Office of Information Technology Support Desk and Procurement & Contract Services.

In response to a CSU audit, a Cloud Computing Practice Directive went into effect to define campus cloud service standards as well as procedures on how to request an exception to acquire a non-standard cloud service. Office of Information Technology support is available to help and assist migrating to campus standard solutions.

Documentation FAQs

Navigate to your TAR Request in Team Dynamix and upload any attachments.

A VPAT, or Voluntary Product Accessibility Template, is a self-assessment document completed by a vendor that provides relevant information on how their product or service claims to conform to Accessibility Standards.

The vendor will be asked to provide one of the following cloud security assessment documents:

Based on the type of data being stored in the cloud solution, only one of the following documents identified below is necessary to meet the requirement.

High record count

  • Soc2 Type2
  • ISO 270xx  Certification
  • FEDRAMP Authorized
  • HECVAT Full
  • Other CSA CAIQ or TAR questionnaire

Small record

  • Soc2 Type2
  • ISO 270xx  Certification
  • FEDRAMP Authorized
  • Other CSA CAIQ or TAR questionnaire

For more information, see: ICSUAM 8065.S003 Information Security Asset Management – Cloud Storage & Services

The risk acceptance process is used to document non-compliance with CSU policy. The process will involve a discussion between the Vice President of the requesting department, the campus Information Security Officer, and the Chief Information Officer. The process will be documented in writing and will list any mitigating controls that are used to reduce the risk, and indicates when the risk will be remediated or next reviewed. Once the process and mitigations have been documented, the Vice President capable of assuming the risk and the 11 Chief Information Officer must approve the risk acceptance. The risk acceptance documentation must be loaded into Team Dynamix for audit purposes.

Contracts FAQs

Supplemental IT contractual terms are CSU boilerplate contractual language that is edited as applicable to the technology deployment scope. The Information Security team determines if the acquisition requires a contract to protect the CSU liability. The applicable terms should be forwarded to Procurement & Contract Services to determine the best way to proceed.

If you have already submitted a requisition, forward the Master ticket to Procurement & Contract Services. If you were planning to use a P-card, contact Procurement & Contract Services to determine the best way to proceed.

Contact Procurement & Contract Services for assistance preparing and negotiating contracts.

The vendor can edit the draft contract with tracking enabled and identify the areas of disagreement or concern. The edited draft contract should be returned to Procurement & Contract Services, who coordinates vendor contract negotiations.

Updated: June 24, 2025