ÀϾÅÆ·²è

What is ICT?

Information and Communication Technology (ICT) is anything that has the principal function of creating, manipulating, storing, displaying, or otherwise managing information for the University.

This can include:

• Software and web applications
• telecommunication products
• printers and scanners
• self-contained products, like copiers or fax machines
• desktop computers and laptops

Products that do not have the main purpose of managing information and/or communications are not considered ICT, even if they have embedded computer chips or computing capabilities. An ICT product is defined by its principal function relating to information and communication.

More examples:

• HVAC/smart thermostats are not ICT, since their primary function is not managing data.
• Smart refrigerators and smart microwaves are IT products but are not ICT.
• Microscopes and centrifuges with embedded computers are not ICT, since their primary function is not to manage or communicate University data. However, they may be used in conjunction with software applications that manage data and are considered to be ICT.
• A piece of electronic signage or a self-service kiosk is ICT because its primary function is to manage and communicate information, so it is in scope for accessibility and security review via the ICT review process.

If you’re not sure whether something is an ICT product, reach out to ictcompliance@colorado.edu.

ICT Review Process

The ICT review process serves two purposes:

1. It ensures that all required security and accessibility reviews are completed for ICT used on campus
2. It specifies security and accessibility contract language that may be needed in other parts of the IT procurement process

The ICT process is started by a requestor completing . The requestor may be asked to complete Form B if additional security information is needed or Form C if additional accessibility information is needed. The requestor may ask the vendor to complete Forms B and C for them; Forms B and C do not require an IdentiKey login to access.

The accessibility and security teams may contact the requestor to ensure the use of the product can meet campus and regulatory requirements. When the ICT review is complete, the completion email will contain contract provision recommendations that are used if the requestor is procuring the product through the Procurement Service Center (PSC).

The ICT review process must be completed at or before the time of purchase and during every renewal.

On average, an ICT request for review will be addressed in 2-3 business days. The completion timeframe for an ICT review is dependent on the complexity of the product and its usage.

An ICT review must also be initiated whenever there is a substantial change to the usage and/or audience of the ICT product/service, or if previous security or accessibility commitments can no longer be honored (e.g., a vendor removes their security controls for the handling of confidential University data).

Follow the link above to begin the ICT review process by or go to the Forms page to browse all of the ICT review forms.

If you have any questions about the ICT review process, send an email to ictcompliance@colorado.edu.Ìý