TARP Vendor Risk Assessment

Overview

As part of the Technology Acquisition Review Process (TARP), the IT Security Office (ITSO) conducts a Vendor Risk Assessment (VRA) to ensure that the vendor has sufficient technological, administrative, and physical safeguards in place to maintain the confidentiality, security, and integrity of the University data. Additionally, the VRA ensures that the vendors abide by CSU and SDSU policies.

Who can make a TARP request?

All staff and faculty can make a TARP request. Prior to acquisition, all technology products and associated technology purchased or obtained at no cost (including free software) must be reviewed for potential accessibility and data security risks. The technology acquisition review process utilizes ServiceNow ticketing to track requests. The TARP project is a partnership between the IT Division and BFA’s commitment to ensure the resources and tools used on campus are accessible, secure, and compatible with our IT infrastructure. 

Cost

There is no cost to you or your department to submit a TARP request.

Get Started

To start your Technology Acquisition Review prior to processing a purchase requisition, please work with your College IT Procurement Coordinator (Opens in Google Drive) who will process your request using the following link for the TARP Request Submission: 

ServiceNow Technology Acquisition Review process

 * Please include your ServiceNow approval when uploading your purchase requisition.

Get Help

More information can be found at the main SDSU TARP website.