TARP Vendor Risk Assessment
As part of the Technology Acquisition Review Process (TARP), the IT Security Office (ITSO) conducts a Vendor Risk Assessment (VRA) to ensure that the vendor has sufficient technological, administrative, and physical safeguards in place to maintain the confidentiality, security, and integrity of the University data. Additionally, the VRA ensures that the vendors abide by CSU and SDSU policies.
Who can make a TARP request?
All staff and faculty can make a TARP request. Prior to acquisition, all technology products and associated technology purchased or obtained at no cost (including free software) must be reviewed for potential accessibility and data security risks. The technology acquisition review process utilizes ServiceNow ticketing to track requests. The TARP project is a partnership between the IT Division and BFA’s commitment to ensure the resources and tools used on campus are accessible, secure, and compatible with our IT infrastructure.
There is no cost to you or your department to submit a TARP request.
To start your Technology Acquisition Review prior to processing a purchase requisition, please work with your College IT Procurement Coordinator (Opens in Google Drive) who will process your request using the following link for the TARP Request Submission:
* Please include your ServiceNow approval when uploading your purchase requisition.
More information can be found at the main SDSU TARP website.
To request a service, create a ServiceNow Ticket and assign the ticket to “IT-ITSO-Help Desk”. Connect with us at [email protected] for security-related-questions, consulting, and incident reporting.