Compliance Contract Review Portal

Beginning May 4th, 2026, the Compliance Contract Review OneTrust form that is currently required for all contracts related to IT vendors or the purchase of software will be replaced with the Technology Security and Compliance Review assessment. Security and Compliance reviews must be completed prior to loading any contract documents into the UA Contract Portal and must be completed for all purchase orders (POs). This assessment replaces the previous OneTrust form and will allow for a compliance review to be completed by personnel across campus who are responsible for privacy, compliance, accessibility, security, risk management, and other risks, as appropriate, in advance of submitting the contract for execution.

This assessment must be completed and approved before loading information or contract documents into the UA Contract Portal for Contract Management. A pdf of the approved review will be required. 

For assistance with answering questions or navigating this assessment, contact Compliance, Ethics and Regulatory Affairs.

InfoTechnology Security & Compliance Review Required for P-Card Purchases

Effective October 1, 2026, all purchases for software including application subscriptions, cloud and hosting services, AI (Artificial Intelligence), or data analysis tools will require an approved Technology Security and Compliance Review assessment. This applies to P‑Card purchases, reimbursable expenses, and any other payment methods.

Note: The form will not be required for asset purchases for example (stock images, font libraries, etc.)

A grace period will be in effect for all purchases made between July 13, 2026 and September 30, 2026, during which the form will not be required, but is highly encouraged. All purchases made on or after October 1, 2026, require an approved Technology Security and Compliance Review assessment  to be attached with Concur documentation before transactions can be approved.

Approved Technology Security & Compliance Review assessments are valid for one year. For ongoing or monthly subscription payments, the approved form must be attached to each P‑Card reconciliation, reimbursement, or Concur invoice.

To support this process, a streamlined “p-card purchase” option will be available in the Technology Security and Compliance Review Portal, designed to be shorter and faster than the existing contract and purchase order review form.

Compliance Software Contract FAQ

What documentation do I need?

All requests need to have a copy of the contract uploaded to the portal. If you have a Certificate of Insurance or any other supporting documents this will help expedite the approval process.

Can I fill this out on behalf of someone else?

Yes! You will need to note this on the submission for that you are acting a a proxy for another person on campus and identify them as well.

What about purchases for training and professional development?

Purchases for training, conferences, certifications, memberships, and other professional development opportunities that do not include the purchase, licensing, or use of software are not considered technology purchases and do not require the Technology Security and Compliance Review assessment.