GEORGETOWN UNIVERSITY
CONTRACTS DEPARTMENT
UIS CHECKLIST FOR CONTRACT REVIEW Rev. 6.23.15
Project:
Project title
GU Department: Client name
Project Sponsor:
Client contact name
GU Project Sponsor Phone Number:
GU Project Sponsor Email:
SUPPLIER:
Contractor Name
Contract Project Manager:
Contract PM Name
Supplier Contact Information:
UIS Account Manager:
UIS Account Manager Contact Information:
1. Is this a new project, or a renewal of an already existing project?
New Project
Renewal (Existing Contract Reference Number _________________)
2. Has this SUPPLIER contracted with the University for this system (or a similar system) in the past?
Yes
No
Unknown
If yes, with which department: _____________________
when:
3. Has the SUPPLIER done business with Georgetown University under any other names?
Yes
No
Unknown
If yes, under what name?:
with which department: _____________________
when:
4. Is the Product/Application under contract:
For Design
Commercial Off the shelf (COTS)
Modified Off the Shelf/Customizable (MOTS)
5. Will this project store or use any of the following data (check all that apply)?
Restricted Data
Electronically Protected Information (ePI) (names, addresses, DOB, SSNs, etc).
37th & O Streets, NW, Box 5711984 Washington, DC 20057
1
Protected Health Information (PHI)
Student Data
Credit Card Data
Other
6. Are any regulatory requirements involved in this project?
HIPAA
GLBA
FERPA
PCI
PII/Data Breach
Other _______________________
7. Does this project interface with any Georgetown University business systems?
Yes
No
a. If yes, which systems (check all that apply)?
Human Resources (GMS/Workday)
Student Data System (SIS or Banner)
Alumni Data System (Gambit)
NetID
LDAP
e-commerce
Other __________________________________________________
8. If yes to #5, how does this system interact with Georgetown University systems?
NetID Authentication
Data transferred to Georgetown systems
Data pulled from Georgetown systems
Data transferred to vendor systems
Scheduled jobs
Other:
9. How will the SUPPLIER access the Georgetown system during development, testing and after launch (select
all appropriate phases for each)?
37th & O Streets, NW, Box 5711984 Washington, DC 20057
2
Direct Access to Application & Database ( Development / Test / After Launch )
Access to de-identified data from database ( Development / Test / After Launch )
No direct access ( Development / Test / After Launch )
Through NetID login ( Development / Test / After Launch )
Not applicable
10. Where is this application or system to be hosted?
GU Data Center
Off Campus
a. What is the physical location (address) of the hosting server? ______________________________
b. Is host a cloud service provider? If yes, explain services:
Infrastructure as a Service (IaaS)
Platform as a Service (PaaS)
Software as a Service (SaaS)
11. If a server is involved in this project, what is the status of the server(s)?
UIS Managed
TSP
SUPPLIER’s Server
Not Applicable
12. Who has responsibilities for managing the server(s)?
SUPPLIER
Subcontracted Hosting
UIS
TSP
13. What other systems are located on the same box?
14. Will a load balancer be used?
15. Will user accounts be created in order to access this system?
Yes
No
a. If yes, how will passwords be transmitted to users?
37th & O Streets, NW, Box 5711984 Washington, DC 20057
3
Via UPS
Via Phone
In Person
Other ___________________
b. Are administrative accounts required to access this system?
Yes
No
16. Who will support this system after launch?
SUPPLIER
Georgetown University
a. Does a Service Level Agreement exist for this project?
Yes
No
17. Will the SUPPLIER have any access to the product (including any application, database or server) after the
project is completed?
Yes
No
18. Does the SUPPLIER subcontract or authorize other entities to review, work with, or access GU data?
Yes
No
If yes, Who :
19. Please request and submit to UISO with the contract a copy of the vendor’s SSAE-16 audit report, if available.
UIS Contract Routing (For UIS Staff Only)
Enterprise Applications
Online Initiatives
Security (Required, if it meets at least one of the below)



Cloud-hosted
Contains ePI
Involves Data Transfer
37th & O Streets, NW, Box 5711984 Washington, DC 20057
4
37th & O Streets, NW, Box 5711984 Washington, DC 20057
5