Memorandum

To raise campus awareness and compliance with IT purchases at NC State University, the Office of Finance and Administration collaborated with the Office of Information Technology to provide all campus members who participate in procurement activities with enhanced training opportunities via the new IT Procurement Training.

Topics covered in the new IT Procurement Training include:

• IT procurement process
• Documentation requirements
• Compliance requirements
• All areas of responsibility for the IT Purchase Compliance (ITPC) team
• Review process and timeline

Key takeaways include:

• All IT purchases that may potentially interact with sensitive university data might require a security assurance review prior to purchase approval. This interaction could include data access, storage or modification.
• Whenever ultra-sensitive (purple) data (such as Social Security numbers) are involved, a security assurance review will be required, regardless of cost. This is a change from the past, where a review was required only when an IT purchase exceeded $5,000. For guidance regarding data sensitivity, see the NC State Data Management Framework web page.

Training Recommendations

• IT Procurement Training is now part of the Certified Departmental Purchasing Representative (CDPR). Current CDPR certificate holders will be invited to register for the new IT Procurement Training module.
• Current employees with procurement specific Financial System roles will be registered and should complete the IT Procurement Training module by May 31, 2023.
• New employees who request the procurement specific Financial System roles will be registered and should complete the CDPR program within two months of being granted access.

Please refer to the IT Purchase Compliance web page and the IT Procurement Guide for further details and ongoing updates.