TARP Vendor Risk Assessment
Overview
As part of the Technology Acquisition Review Process (TARP), the IT Security Office (ITSO) conducts a Vendor Risk Assessment (VRA) to ensure that the vendor has sufficient technological, administrative, and physical safeguards in place to maintain the confidentiality, security, and integrity of the University data. Additionally, the VRA ensures that the vendors abide by CSU and SDSU policies.
Are you eligible?
All staff and faculty can make a TARP request. Prior to acquisition, all technology products and associated technology purchased or obtained at no cost (including free software) must be reviewed for potential accessibility and data security risks.
Cost
There is no cost to you or your department to submit a TARP request.
Get Started
To start your Technology Acquisition Review prior to processing a purchase requisition, please work with your College IT Procurement Coordinator (Opens in Google Drive) who will process your request using the following link for the TARP Request Submission:
ServiceNow Technology Acquisition Review process
* Please include your ServiceNow approval when uploading your purchase requisition.
Get Help
More information can be found at the main SDSU TARP website.
Get Help
To request a service, create a ServiceNow Ticket and assign the ticket to “IT-ITSO-Help Desk”.
https://it.sdsu.edu/get-help
Report an Incident
Please contact the Information Security team immediately if you experience or are aware of any of the following: