Nav Screen Region
Site Header Region
Page Header
Main Content Region

ICT Procurement Process

CSUBUY Procure-to-Pay (P2P)

ICT review has moved to CSUBUY! 

CSU BUY P2P

 

Launched on the CSUSB campus in February 2026, the new CSUBUY Procure-to-Pay (P2P) system was designed to streamline and improve the procurement and payment processes.  This enhanced platform will offer a more efficient, user-friendly experience. It will serve as your resource procuring, receiving, and paying for goods and services at CSUSB. The ICT accessibility and security review process has been integrated into the IT software and hardware procurement process in CSUBUY.  Therefore, the separate CSUSB ICT Review Form has been discontinued.

CSUBUY is a strategic, standardized platform designed to streamline the procure-to-pay process across the CSU system.  By eliminating manual steps, it enhances efficiency through automation, reduces risk, and delivers cost savings.  The platform supports the procurement and payment of all goods and services, excluding travel and reimbursements to employees and students and ensures seamless, end-to-end transactions from sourcing to final payment.

Resources: Information and guides for CSUBUY Procure-to-Pay (P2P)

 

ICT Accessibility & Security Review

The accessibility review process depends on several factors, including the impact of the purchase, the product's existing level of accessibility, and communication from the vendor. The requester is copied on all communication with the vendor. This provides transparency and allows the requester to help expedite the vendor response if required. Information Security requirements will be vetted as a parallel process by the Compliance Initiatives team. A security risk assessment will be conducted depending on how users access the product and the level of sensitive data a product stores. 

Purchase requestors are expected to:

  1. Inquire about product accessibility and security and obtain documentation from vendor (ex., VPAT/ACRs, HECVATs) PRIOR to entering the requisition

  2. Provide the following information when creating an IT requisition in CSUBUY (including, but not limited to):

    • Product information (name, version, description, scope of work/proposal, quotes)
    • Product use (purpose for campus use, length of time for use, support needs)
    • User and data access information (types of users, how they will access the ICT, what types of data they will access)
    • Attach any accessibility and security documentation received from the vendor


     

Framework for Review

Accessibility

  1. Level of Critical Review Established
    • Who will use this product and how?
    • Is the product required?
    • How many users will have access?
    • Will access be restricted or public?
    • Who are the users: Students, Faculty, Staff, Public?
  2. Potential barriers are documented and vendor is engaged in critical review process of stated accessibility conformance
  3. Action plan is implemented to mitigate barriers
  4. Vendors held accountable for ensuring accessibility of products

Security 

  1. Level of Critical Review Established
    • Will sensitive data be stored?
    • What level of sensitive data will be stored
    • How will users access the data
    • Will access be restricted or public?
    • Who are the users: Students. Faculty, Staff, Public?
  2. Security risk assessments completed
  3. Security recommendations given to procurement

  4. Vendors held accountable for ensuring security of products

     

Turnaround Time for ICT Assessments

Please note that the ICT Assessment Team makes every effort to expedite accessibility and security review. Some products may be considered low impact for accessibility but high impact for security and vice versa, so turnaround time fluctuates on a case-by-case basis. 

Depending on the level of review required and ease in communicating with the product vendor, it may take up to 90 days to receive approval. As such, please submit IT purchase requisitions in CSUBUY well in advance of required implementation date. For purchases that are high impact for both accessibility and security, the review may not be complete if the form is submitted with 60 days lead time, and is unlikely to be complete is less than 30 days notice is given. 

Selecting More Accessible ICT Products

As you are selecting a product for purchase, consider the following:

  1. Search for product's accessibility on the web to identify overall accessibility themes of the product.
  2. Ask the product vendor about the accessibility of their product.
  3. Ask the product vendor to provide you with a completed VPAT (Accessibility Conformance Report) if possible. (See more info about VPATs below).
  4. If the outlook for the product's accessibility looks poor (vendor is unaware or unwilling to engage), investigate a competitor product that meets your needs.

A Voluntary Product Accessibility Template (VPAT) is a blank document to be filled in by the product's vendor. Once the vendor has completed the VPAT, it is known as an Accessibility Conformance Report (ACR). The vendor is responsible for providing this document upon request, though it may be readily available on their website. If required, you can download a word version of a blank VPAT with instructions to your vendor.