Skip to main content

SARB Request Questionnaire

Please answer (or obtain the answers from your vendor) the questions below prior to submitting a Software and Accessibility Review Board request.

For assistance, contact SARB@boisestate.edu.

Checklist for Required Vendor and Requestor Information

Requestor to Answer the Following Questions

  1. Please describe the reason for the software request. How will the software assist in creating a more effective business?
  2. Is there an existing system that this software will be replacing? If so, please describe the current process and the pain points that occur presently that the new software may alleviate.
  3. Please describe the end users of this software. Specifically, will students and/or the general public be an end user?
  4. Is there a time deadline our office should be made aware of and if so, what is it?
  5. What is the cost going to be yearly?
  6. What is the breakdown of the annual cost (e.g. flat yearly fee, monthly fee, per user, etc.)?
  7. Please confirm you have reviewed the University’s Software Application Inventory.

Vendor to Answer the Following Questions

  1. Does this product require any client software to be installed on Boise State machines?
  2. Are there any client OS compatibility requirements?
  3. What are the supported browsers?
  4. Will there be any browser plugins required?
  5. Will you be needing Boise State’s resources to support this product? Who is the first line of support?
  6. Will a software integration be required with other systems? List all systems.
  7. If there is integration, how is the data being transferred?
  8. Will the software use Boise State authentication? [If yes, please attach the vendor’s Single Sign On (SSO) documentation and metadata (or metadata URL) to the request, and identify the outgoing claims/assertions the vendor requires in the authentication response.]
  9. What SSO technology will be used?
  10. How will users be provisioned/deprovisioned?
  11. How will the user be authenticated?
  12. How are levels of access assigned within the system to users? Please define the levels.
  13. Will a test and/or development environment be provided?
  14. Will customizations affect warranty?
  15. Will Boise State IT resources be required for product configuration, installation, storage, or setup?
  16. How often is the software updated? Will it be automatic or on-demand?
  17. Do you require a server?
  18. If you do not require a server, will the software be installed on a work machine or cloud-hosted?
  19. If the software is cloud-hosted, what is the name of the cloud-hosting provider?
  20. If the software is cloud-hosted, where will the data and database backup be physically stored (Boise State wants to know if physical storage will be in the continental United States and, specifically, in which state?).
  21. If a server is required, can we use a virtual machine?
  22. If a server is required, will there be any hardware or wires that need to be plugged in?
  23. If a server is required, do you support Windows Server or Red Hat Linux?
  24. What type of database does the software use?
  25. If the system allows for automatic Operating System Patching does it require vendor approval for OS?
  26. Does the system availability impact your ability to operate?
  27. Type of data being stored/processed on this system?
  28. Is sensitive data (PCI, PII, FERPA, or HIPAA) being stored or transmitted? If so, a Boise State Vendor Security Assessment or the latest full HECVAT is required.
  29. Please list the data fields being stored/processed on this request and if possible provide what the source data system is for each of the fields?
  30. Will this software procurement require the use of existing Boise State data?
  31. Boise State requires without exception that all sensitive and/or regulated University data must be stored within the continental United States so that US regulations and law apply. This vendor must comply with this requirement and disclose to OIT, the State, and/or Region where the data will be stored as part of the SARB approval process. (Upon submitting the request, there is a 30 day maximum period of time to complete the information and present it to the Cybersecurity team, otherwise the SARB request will not be approved.)
  32. Is the stored data encrypted? All Boise State data should be encrypted if at all possible, but is required for sensitive data.
  33. Will the vendor send emails on the University’s behalf (e.g., as @boisestate.edu and/or @u.boisestate.edu)? If so, does the vendor support DKIM (Domain Keys Identified Mail)?

Accessibility Questions Required of Vendor

University Policy Requirement

Boise State Policy 8140 requires the University to evaluate software purchased or acquired to assure it meets accessibility standards, to the extent feasible.

Please answer the following questions only if the software will be used by the general public and/or students (not student employees):

Accessibility Questions

  1. Please provide the contact information for a person or team in your company who handles accessibility.
  2. Does the vendor have an accessibility roadmap?
  3. What is the process for responding to accessibility issues?
  4. What is the process for testing/fixing accessibility issues during development?
  5. Does the vendor have a current Voluntary Product Accessibility Template (VPAT) and/or Accessibility Conformance Report (ACR)? If so, please provide the most recent version of each.
  6. How have VPAT claims been verified?
  7. Does the vendor have accessibility reviews they can share?
  8. Is the vendor aware of the Boise State accessibility policy?
  9. Please provide the name, email address and title of your department’s leadership signing the accessibility acknowledgement.

SARB Process for Software Renewals

If the request is a renewal of a software that has been previously approved by the requesting department, and there are no changes with how the software will be utilized and/or who will utilize the software, then these are the renewal questions you may be able to complete.

  1. Requestor name.
  2. Email address of person making the request.
  3. Requesting department.
  4. Software or product requested.
  5. Please confirm that you have reviewed the Boise State University’s Software Application Inventory and your product is on the list.
  6. Describe the reason for the software request. How will the software assist in creating a more effective business?
  7. Please describe the end users of this software.
  8. Is there a time deadline our office should be made aware of and if so, what is it?
  9. What is the cost going to be yearly? What is the breakdown of the annual cost?
  10. Is sensitive data being stored or transmitted?
  11. Type of data being stored/processed on this system?
  12. Is the stored data encrypted?
  13. Please provide Vendor Contact Information.

Submit Your SARB Request

After we receive your submission, you will be contacted by a Project Management Office representative to help guide you through the SARB process.

Please allow at least 10 business days to complete your SARB request.

Submit a SARB Request