Information and Communication Technology (ICT) Decisions - ICT Review Process Overview

It is the policy of the California State University to make information technology resources and services accessible to all CSU students, faculty, staff, and the general public regardless of disability status.

CSU Executive Order 1111 (May 2018) updates EO 926, which went into effect on January 1, 2005, establishes the policy, specifies campus responsibilities, and offers supplemental guidance to ensure that the proper and integrated actions of each campus are effectively mobilized to comply with the policy and law.

In accordance with Cal Poly's policy on Information and Communication Technology (ICT) decisions and related standards, all Cal Poly departments, auxiliaries, and employees are required to follow the ICT Review Process when deciding to acquire, develop or accept ICT products or services.

Prior to making an ICT decision, especially one involving a new product or service, it is important to consult with unit management and IT support and Information Technology Services (ITS) to assess the priority, resource implications, potential impact and alternatives, and available tools to meet the need.

Below is a brief overview of why the process exists, what is covered, when it applies, whom to contact and where to go for more information.

ICT Review Process - Overview

Whom Do I Contact?

The following staff are available to assist throughout the process

Title Name Email Phone
ICT Process and Policy Clarifications Office of the CIO 756.2966
ICT Process Liaison Craig Schultz, ITS 756.6117
Information Security Officer (ISO) Doug Lomsdalen, ITS-ISO 756.7686
Procurement Services Technology Purchases Procurement Services - Technology Purchases website 756.2232

Why Does the Process Exist?

The ICT process exists to help requesters make the best possible decision, ensure compliance obligations are met, provide due diligence, and oversee effective use of campus resources.

ICT requests are reviewed based on criteria established in the ICT Decisions Standard. This includes compliance with existing laws, policies and standards, e.g., accessibility, information security, technology integration/support, and contracts/procurement.

In addition, ICT requests are reviewed for strategic technology direction and fit with CSU/campus IT infrastructure, projects and initiatives, including road maps. This includes: policies and standards for integration, reliability, security; resource and support requirements; data use and access; and business processes, e.g., opportunities, impacts and sustainability.

Managed by ITS, the ICT process is aligned with and seeks to ensure consistency and efficiency of CSU/campus business and compliance processes.

Executive guidance is provided by the VP, Information Technology Services/Chief Information Officer (CIO) in consultation with Cal Poly’s University Technology Governance Council (UTGC).

As the requestor, departments are accountable / responsible for understanding opportunities, risks and trade-offs to Cal Poly associated with their product/service acquisition. The ICT Decisions Standard-Responsibilities defines each role associated with the ICT decision process.

What is Covered?

The ICT process covers a broad range of products and services as defined by federal and state laws. CSU Executive Orders and Cal Poly policies/standards provide additional guidance.

ICT includes: software, Web sites and online “cloud based” services, licenses, subscriptions; computers, servers, appliances, and peripherals; mobile devices; multimedia; network, storage, telecom devices; and self-contained systems, e.g., copiers, instruments, printers, kiosks, digital cameras.

More than one type of ICT product or service may be covered by a single review.

When Does it Apply?

The ICT process applies to all new products and services regardless of cost, e.g., home-grown, purchased, donated, research or grant funded.  It applies to existing products and services when:

  • substantive changes occur, e.g., new user interface, new functionality; move to a “cloud-hosted” model; information security model updates; changes to data collection, handling, storage, retention practices
  • use expands, e.g., more users are affected
  • no prior review is on file
  • prior review occurred three or more years ago

ICT review is not required if the product will be used by a single individual solely for their own use or it is already licensed and approved by ITS for campus use, e.g., site licensed software.

The ICT review process is aligned with – but separate from – campus purchasing and other business processes.

Substantive product/service changes will invoke an ICT review, e.g., contract revision; upgrade that has compliance impacts; improvements on information security, accessibility).

Based on the completed review, an exception process is available for specific situations, e.g., products or services found to be non-compliant.

Where Do I Get More Information?

Topic Information AVAILABLE
ICT Review Process Flow
ICT Review Forms
ICT Online Form, HECVAT, VPAT, EEAAP, ICT Overview and Process Flow Charts
Accessibility & Disability Information CSU Executive Orders, Cal Poly Policies and Standards, Compliance / Legal, Reference Links/Information
Information Security CSU Policies and Standards, Cal Poly Policies and Standards, Compliance / Legal, Reference Links/Information
Procurement Services Cal Poly Policies and Procedures, Compliance / Legal, Reference Links/Information
University Advancement Gift Acceptance Forms


Related Content

Best Practices

10 Best Pactices

Our 10 Best Pactices

Contact Us

Contact Information Security at 756-7000


Did you know?

Stay Safe Online Tips