Technology Review Process Frequently Asked Questions (FAQs)

Please allow a minimum of several weeks for the review process. Allow a minimum of several weeks to several months. 

Provide the following when you submit the form:

  •  Quote

  • Agreement (please include original agreement if your request is a renewal or the addition of new features to existing software)

  • Vendor contact name and email

  •  Security Review Form (required for all cloud based tools or tools with cloud or off site storage features)

  •  VPAT accessibility report (if over 500 users, tool required for class/department work or open to the public)

Please have your technology staff submit the form. This implies consent from the department to purchase this tool.

  • Introduction of tool on campus
  • Upgrade
  • Renewal
  • Notification of new agreement/terms
  • Change in use (e.g., you noted and licensed academic use and now you want to add research use)
  • Change in features (e.g., the tool has added cloud features to an installed software)

We may be able to bypass the review process if at least one of these are true:

  • Trial use/versions of tools, submit after trial if you are moving forward
  • Under $10,000.00 cost
  • Free or Open Source 

And if none of these risk factors are present:

  • Cloud based 
  • Confidential Information
  • Vendor will be on campus
  • Signature is required
  • Over 500 users or open to the public
  • Required tool (class or departmental work)     

How can I see that status of my review?

  • > Indicate "My Inbox"
  • Open the workflow package
  • Go to the Licensing Review and see what the Licensing Status is and check the Licensing Notes
  • If it is listed as Review in Progress, look at the Reviews Requested to see what reviews this tool requires
  • Go to the applicable review sections (Legal Review, Security Review, Credit Card Review) and look to see what the status is for each review required  
  • You can also look at the bottom of the page under the Workflow Routing History to see who needs to review this prior to approval.  Tracey Schmidt does not approve the workflow package until the very end.  We recommend that the requesting departmental persons don’t approve or indicate that are finished editing until the package is completed so they continue to get the information.

To edit your workflow information:

  • > Indicate "My Inbox"
  • Open the workflow package
  • Go to the bottom of the page
  • Click on the Edit Submitted Data button
  • Make your edits
  • Do not use the Office Use or Internal Use Only sections
  • Click on the Submit Edits to Workflow

To add comments:

  • > Indicate "My Inbox"
  • Open the workflow package
  • Go to the bottom of the page
  • Click on the Comments tab
  • The Add a Comment box should appear under the Package Comments section
  • Add your comments
  • Click the Add Comment button

To attach documents:

  • > Indicate "My Inbox"
  • Open the workflow package
  • Go to the bottom of the page
  • Click on the Attachments tab
  • The Upload an Attachment section should appear under the Package Comments section
  • Select the Attachment Type
  • Add Description if necessary
  • Add your Attachment, drag and drop or search/choose the file
  • Click the Upload File button

Some tools note free use, but when you get to the agreement, terms or web descriptions it is disclosed that it is free for personal (vs. enterprise) use, for one install/one user only, or other restrictions.  If in doubt, submit the review form.

  • Requester
  • Departmental IT Persons
  • ITS Enterprise Services (
  • ITS Accessibility Office (Lead: Todd Weissenberger)
  • ITS Security and Policy Office (Lead: Warren Staal)
  • Office of the General Counsel (Lead: Ian Arp)
  • UI Treasury Office (Lead: Jonathan Pacheco)
  • Purchasing (
  • Vendor (quote, agreement/terms, security and accessibility feedback, revisions, addendums)
  • There may be others based on the risks and use

If you are submitting a PO, Purchasing will take care of that. Otherwise, the department is expected to obtain counter-signature or confirmation that they accept our revisions.

All software – including shrink-wrapped goods, shareware and free downloads – have a license agreement.

Agreements can come in the following forms:

  • Document signed by both parties
  • Click-through (clicking “I agree”)
  • Document in the box
  • Document in a manual
  • Text “read me” file on the disk
  • Terms on the website

These are all legally binding agreements.

The only person who has delegated authority to sign or authorize these type of agreements is the UI Director of Purchasing. The Director of Purchasing consults with the Office of the General Counsel before signing these agreements to ensure the interests of the University of Iowa are covered. Generally, individuals, including managers, department heads or deans, do not have proper signature authority to sign and execute these type of agreements on behalf of the University.

To avoid institutional and/or personal liability, license agreements should be evaluated and reviewed from a legal perspective before acceptance. If you sign an agreement, click “I agree,” or agree to terms in any fashion, regardless of cost (including free web downloads), without this evaluation and proper signature process, you may be assuming personal and institutional liability. The potential ramifications include personal financial exposure, disciplinary action, and/or criminal liability.

  • Export To ensure the University does not violate any export regulations or expose the University to undue risk.
  • Usage Most vendors have different types of licenses for different use.  We review licenses to make sure we are licensing technology for the correct population, where they need access and how they need to use the software.
  • Signature Authority The only person who has delegated authority to sign or authorize these type of agreements is the UI Director of Purchasing. Generally, individuals, including managers, department heads or deans, do not have proper signature authority to sign and execute these type of agreements on behalf of the University. If you agree to terms outside of this process, you are accepting personal liability.
  • IP Rights/Risks As a higher education institution which has many patented and/or copyrighted products we need to respect the intellectual property (IP) rights of others. 
  • Accessibility The University of Iowa is committed to providing equal opportunities to all.
  • Cloud Tool Review of cloud services for storage, collaboration, office automation and general computing tasks.  The most important part to understand is that University data must be properly protected.
  • Risk of Safety or Property Damage In reference for medical and facility type tools.
  • Confidential Information Institutional data is information that supports the mission and operation of the University of Iowa. It is a vital asset and is owned by the University. It is likely that some institutional data will be distributed across multiple units of the University, as well as entities outside. Institutional data is considered essential, and its quality must be ensured to comply with legal, regulatory, and administrative requirements.
  • Vendor on campus Review agreement to cover the University of Iowa in the case of misconduct.

Licensing Reviews (Usage)

  • Who is using the software?
  • Where are they using the software?
  • How are they using the software?
  • Make sure the terms match the use


  • Export language
  • Confidential information if vendor has access
  • Other items deferred to them by other reviewers

Security Office

  • Cloud based tools

Accessibility Office

  • Tool is required for class or departmental work
  • Over 500 users or open to public

Treasury Office

  • Financial and/or credit card transactions within tool 

Purchasing Department

  • They take recommended revisions and apply them to the terms/agreement
  • Obtain authorized UI signature if necessary

Most Open Source agreements have been evaluated and approved.  Please insure sure your use...

  • Will comply with all the notice requirements and any other technical requirements included in the license.
  • You intend to use the software will not involve a risk to human life or property damage. 

If you cannot comply with above then the agreement should be reviewed, please submit a Technology Review Form.

Things to consider when purchasing Fonts:

  • Clarify if you need per user or per system license.  Per system licenses are typically required.
  • Go through the font foundries/order direct from developer if possible, avoid third party sources. 

Vendors known on campus:

  • Adobe Font Folio (has many fonts included, you may want to check this option first). Available via the UI Bookstore $191.95/install
  • Linotype
  • Hoefler & Company Fonts
  • House Industries
  • International Typeface Corporation (agreement not reviewed, submit a review form)
  • James T Edmondson via Lost Type Co-op
  • Lost Type Co-op
  • Monotype GmbH
  • Monotype Imaging Inc.
  • Myfonts

Risk Analysis

As a higher education institution, the University of Iowa has a diverse population of students, faculty, and staff who are engaged in a myriad of academic and scientific endeavors. Due to this wide array of activities, the University of Iowa must address the potential risk of any technology or software when it is purchased. Therefore the following general categories have been developed to help departments and the ITS Campus Software Program understand the University’s legal risk when purchasing tools. These categories are general and for reference purposes only.

Risk Categories

Low Risk – Agreements may be determined to be low risk if:

  • the tool is low cost or free.
  • there is no foreseeable risk of litigation based on your usage of the tool.
  • there is no risk to human life or safety by using the tool.
  • there is no risk of property damage by using the tool.
  • the use of the tool does not involve processing, storing or compiling confidential information. (Information that may be proprietary to the University or a third party or information that is required to be held confidential for one of many reasons including contract provisions or federal regulations such as HIPAA or FERPA or Social Security Numbers or research data.)
  • the tool is not export controlled. (“Export Controlled” means U.S. Export Control regulations are mentioned in the Agreement. The ITS Campus Software Program will review this issue for the department/purchaser.)
  • the vendor will not have representatives physically present on campus at any time.

Some Risk – The concerns that are not in agreement in the Low Risk definition or any additional risks as determined by the department. These licenses will need to be negotiated to reduce the risk to the institution, the department and the individual.

Not Recommended – These will need to be discussed directly between the Office of General Counsel and Department Head.