The Software and Services Selection Process (SSSP) allows IU departments, schools, and units to request to purchase information technology software or services while minimizing threats to the institutional data that they might interact with. It is used before any new software or service is developed or purchased.
If the product utilizes cloud services that will host or access critical data, the unit may also require a security assessment by UISO and a review by the appropriate Data Stewards before a purchase can move forward. If a security assessment is needed, the unit will need to have the vendor complete the Higher Education Community Vendor Assessment Toolkit (HECVAT) assessment and send to uisorisk@iu.edu. This documents how the vendor meets industry security standards.