TARP Vendor Risk Assessment


As part of the Technology Acquisition Review Process (TARP), the IT Security Office (ITSO) conducts a Vendor Risk Assessment (VRA) to ensure that the vendor has sufficient technological, administrative, and physical safeguards in place to maintain the confidentiality, security, and integrity of the University data. Additionally, the VRA ensures that the vendors abide by CSU and SDSU policies.

Who can make a TARP request?

All staff and faculty can make a TARP request. Prior to acquisition, all technology products and associated technology purchased or obtained at no cost (including free software) must be reviewed for potential accessibility and data security risks. The technology acquisition review process utilizes ServiceNow ticketing to track requests. The TARP project is a partnership between the IT Division and BFA’s commitment to ensure the resources and tools used on campus are accessible, secure, and compatible with our IT infrastructure. 


There is no cost to you or your department to submit a TARP request.

Get Started

To start your Technology Acquisition Review prior to processing a purchase requisition, please work with your College IT Procurement Coordinator (Opens in Google Drive) who will process your request using the following link for the TARP Request Submission: 

ServiceNow Technology Acquisition Review process

 * Please include your ServiceNow approval when uploading your purchase requisition.

Get Help

More information can be found at the main SDSU TARP website.

Get Help

To request a service, create a ServiceNow Ticket and assign the ticket to “IT-ITSO-Help Desk”.

IT Security Office
Administration Building

Report an Incident

Please contact the Information Security team immediately if you experience or are aware of any of the following: