Vendor/Product review

Jane DelFavero jane.delfavero at
Mon Nov 12 18:40:04 GMT 2001


I'm on a committee to discuss and develop a mechanism for doing a 
technical review of new products/vendors, for projects that are 
developed internal to our IT group, as well as in consultation with 
other University divisions. There are many issues that come up in 
this process, so I'm interested to see how other universities handle 
this process. In particular:

1) Do you have any formal body for review of new projects? If so, is 
it just within your IT group, or across some portion of your 

2) How is review done (especially review of security concerns and 
issues)? Are there specific standards, a checklist of concerns, 
general policies, as hoc discussions? Web pages/forms you can point 
us to?

3) What happens if someone purchases a product or hires a vendor 
against your recommendation?

4) What are the potential pitfalls that we might encounter -- any 
disasters (or successes) that you didn't expect?

Thanks, Jane
Jane DelFavero
Network Security Manager		security at
Information Technology Services		jane.delfavero at
New York University			phone: (212) 998-3053

PGP fingerprint: 4F56 0A88 3AF9 60A0  DB73 E726 DA94 CBDD

More information about the unisog mailing list