Cloud App Integration Request

Service Overview

Thousands of consumer software applications and plug-ins are available on mobile and cloud platforms, often for free, and almost always "at your own risk" from a data security perspective.  These applications (apps) have associated legal and privacy terms and conditions that you often must agree to before using them. Campus community members might use consumer or third-party apps in their daily lives with their own personal data, but when these apps are used with University data, care must be taken to ensure that regulatory, compliance, data security, and legal requirements are maintained to safeguard student, employee, financial and privacy data that is entrusted to the University.

UR has vetted and signed enterprise agreements with several cloud platforms (e.g., Box, Google, Microsoft O365, Zoom, Blackboard, etc.).  If you wish to integrate a consumer or third-party application with one of these supported enterprise platforms, the application must meet a number of requirements prior to integration:

  • Must support the same or higher level of regulatory, compliance, and data security requirements as the associated UR enterprise platform
  • Must support UR's single-sign-on (SSO) and password requirements
  • An enterprise agreement (contract) must be signed and funded by an appropriate University official

Submissions for integrating consumer or third-party apps to existing UR enterprise platforms will be reviewed bimonthly by UR's Cloud App Vetting Group and you will be notified of the outcome.  Please review Previously Submitted Cloud Apps and Current Blackboard Apps prior to submitting the Cloud App Integration Request form.

Available To

Faculty, Staff, and Students.

Getting Started

Instructions

Before submitting your request, please review the Previously Submitted Cloud Apps and Current Blackboard Apps articles to determine whether the application has already been reviewed or approved.

Complete and submit the Cloud App Integration Request form. To help expedite the review process, please provide as much information as possible, including:

  • The business need for the application.

  • Who will use the application (individual, department, or campus-wide).

  • How the application will improve or support your work.

  • Whether you have a departmental sponsor and funding for an enterprise agreement, if applicable.

Required Vendor Security Documentation

As part of the review process, please contact the software vendor and request the following documentation. Attach these documents to your request whenever possible.

  1. SOC 2 Type II Audit Report (including a gap letter, if applicable)

  2. Most recent Penetration Test Report or an executive attestation confirming the penetration test was completed

  3. Higher Education Community Vendor Assessment Toolkit (HECVAT), preferably Version 4

  4. Current Certificate of Insurance (COI)

Providing these documents at the time of submission helps Information Security begin its review sooner and may significantly reduce approval delays.

Please Note: Cloud application reviews typically take 1–3 months to complete, depending on the complexity of the request, the responsiveness of the vendor, and the completeness of the documentation provided.

Notability

 
Cloud App Int Request

Related Articles (1)

Box
Box is an encrypted, cloud-based file storage and collaboration platform that enables faculty, staff and students to securely store and share electronic business and academic files.