IT Purchasing

The IT purchasing website is designed to help improve efficiency and effectiveness of IT purchasing.

IT Procurement

Information Technology (IT) Procurement typically begins with contacting your campus’ OIT Department to learn about supported solutions and established standards.

The University of Colorado has multiple enterprise-wide agreements for hardware, software, and other IT services. After speaking with your campus OIT Department, use this site to find CU’s existing agreements for suppliers that can meet your needs. Once you determine what to buy, complete your purchase in CU Marketplace (preferred) or use another approved procurement method.

Review the How to Buy tabs below for detailed information regarding the IT procurement process or review the IT Procurement Handbook for an overview of IT procurement at the University of Colorado.


How To Buy: IT Hardware

Desktop computers,
mobile technologies.


How To Buy: Software

Software agreements, recommendations, and purchasing guidelines.

How To Buy: AV & Telecom



How To Buy: Telecom

phone systems
and service, ISP, and VoIP.


How To Buy: IT Services

Finding developers,
consulting services
and other IT services.


IT Procurement Guidance


Use this information tool to aid in determining whether your IT purchase requires a contract. In addition, this tool will outline the necessary items that you will need to include upon submitting a contract for review or a purchase request to the PSC.

IT Procurement Tool


Get Help
Learn how to purchase and pay for goods and services and how to travel and process travel reimbursements. For a list of training requirements and access request forms, please visit the Access & Training Requirements guide.

CU Boulder OIT Services
Long list of tutorials by category

UCCS OIT Help Desk Knowledge Base
Search and categorized extensive list of tools to help you in the IT world.

CU Denver | Anschutz Medical Campus Service Desk
Get help with anything IT covering both CU Denver and CU Anschutz Medical Campus.

These are general forms related to purchasing or pay for items, to provide required documentation/approval for the purchase of items, or to request specific updates.

See Purchasing Forms


Financial Futures
Financial Futures is the process of supporting and enhancing the mission of CU Boulder through strategic financial alignment.

Cross Campus Collaboration (C3)
Learn more about CU's innovative new space for IT leaders to build relationships, share ideas, collaborate, address challenges, execute on visions, create efficiencies and explore possibilities. 

University Information Services (UIS) Initiatives
Find details of all current UIS projects and initiatives in the planning and execution phase for the CU System.

CU Boulder
Lean about the planning and initiatives from CU Boulder's Office of the Senior Vice Chancellor and Chief Information Officer.

UCCS Strategic Plan
Planning for the future - As the seven core strategies take shape, so too does the UCCS 2030 Strategic Plan. In June 2019, leaders from seven working groups presented initiatives to the Chancellor's Cabinet, further fueling the planning process.

CU Denver / Anschutz 
Find news and initaives from the CU Denver and Anschutz Office of Information Technology.

Term/Concept Definition
Access Ability to use, modify, view, or otherwise manipulate information on a system
Access Control Access control is the means by which the ability to use, create, modify, view, etc., is explicitly enabled or restricted in some way (usually through physical and system-based controls).
Account The combination of user name and password that provides an individual, group, or service with access to a computer system or computer network.
Active Directory Microsoft's Active Directory is part of the Windows network architecture and is used for managing permissions and user access to network resources. At CU, we use an IdentiKey. An IdentiKey consists of a CU login name and an IdentiKey password. An IdentiKey gives you access to:

Buff Portal and MyCUInfo, the student, faculty and staff portals
CUConnect, the legacy portal that still contains some tools and features
Email services like Gmail and Microsoft Exchange
Computers in OIT computing labs
UCB Wireless network
SkillSoft computer based training
Managed with IdentiKey Manager
Administrative/ Special Access Account  Privileged account that impacts access to an information system or that allows circumvention of controls in order to administer the information system.
Anti-malware software Any software package that detects and/or removes malicious code. This can include anti-virus software and spyware protection.
Arbitration  The hearing and determining of a dispute or the settling of differences between parties by a person or persons chosen or agreed to by them.
Augmented Reality (AR)  Augmented reality (AR) is the real-time use of information in the form of text, graphics, audio and other virtual enhancements
integrated with real-world objects and presented using a head-mounted-type display or projected graphics overlays. It is this "real
world" element that differentiates AR from virtual reality. AR aims to enhance users' interaction with the environment, rather than
separating them from it.
Authentication The process of confirming a claimed identity. All forms of authentication are based on something you know, something you have, or something you are.
Authorization The act of granting permission for someone or something to conduct an act. Even when identity and authentication have indicated who someone is, authorization may be needed to establish what actions are permitted.
Availability  The requirement that an asset or resource be accessible to authorized persons, entities, or devices.
BAA A BAA is a Business Associate Agreement. The HIPAA regulations call it a Business Associate Contract.
BAAs satisfy HIPAA regulations, and create a bond of liability that binds two parties.
Backup  Copy of files and applications made to avoid loss of data and facilitate recovery in the event of a system failure.
Bandwidth Bandwidth is the amount of data that can be transferred over a network in a specified amount of time. Limited bandwidth may disrupt the smooth transmission of data, causing files to transfer more slowly and potentially disrupting the smooth playing of videos or the loading of web pages.
Biometrics  Methods for differentiating humans based upon one or more intrinsic physical or behavioral traits such as fingerprints or facial geometry.
Biometric authentication Using biometrics to verify or authenticate the identity of a person.
Bots Microservices or apps that can operate on other bots, apps or services in response to event triggers or user requests. They may
invoke other services or applications, often emulating a user or app, or using an API to achieve the same effect. These requests can
be initiated via conversational UIs or in response to a change in the state of a back-end application or database. Bots automate tasks
based on predefined rules or via more sophisticated algorithms, which may involve machine learning.
Business continuity plan (BCP) The documentation of a predetermined set of instructions or procedures that describe how an organization’s critical business functions will be sustained during and after a significant disruption.
Centralized Storage  Storage on a central server made available over a network to users.
Change  Any implementation of new functionality, interruption of service, repair of existing functionality, and/or removal of existing functionality to an information system.
Change Management  The process of controlling modifications to hardware, software, firmware, and documentation to ensure that information systems are protected against improper modification before, during, and after system implementation.
Choice of Law The MSA identifies the place where a legal resolution will occur. This could include arbitration or a specific state or federal court.
CIO  A Chief Information Officer (CIO) is the company executive responsible for the management and implementation of information and computer technologies.
CISO Chief Information Security Officer: The person in charge of all staff members who are responsible for promulgating, enforcing and administering information security policies for all systems within an enterprise or division.
Click-Through Agreement  An on-line agreement that requires an individual to accept the supplier’s terms and conditions by clicking ok prior to proceeding into the site. Also known as a Clickwrap.
Cloud "The cloud" refers to servers that are accessed over the internet, and the software and databases that run on those servers. Cloud servers are located in data centers all over the world. 
Cloud Application Discovery  Cloud application discovery (CAD) refers to tools for security, compliance and I&O professionals, providing visibility into enterprise
activity associated with the use of public cloud applications. It provides information on application name and type, and usage by
individual and department, ideally including a mechanism for risk prioritization.
Cloud ERP  Off-premises-based, subscription-licensed ERP solution. It does not include remote hosting, where ownership remains with the
customer. Cloud ERP for manufacturing includes operational ERP and optionally administrative ERP, which normally includes human
capital management, financials and procurement.
Cloud Management Platforms  Tools that enable organizations to manage private, public cloud and multi-cloud services and resources. Their specific functionality
addresses three key management layers: access management, service management and service optimization. Management services
include accessing/requesting cloud services, and provisioning and managing them to defined SLAs. Optimization supports the
orchestration and automation of cloud services, as well as the underlying infrastructure resources, in accordance with defined
Cloud-Based AI as a Service (AIaaS)  Artificial intelligence (AI) developer toolkits are applications and software development kits (SDKs) that abstract data science
platforms, frameworks and analytic libraries to enable software engineers to deliver AI-enabled applications. They cover four maturing
categories: cloud-based AI as a service (AIaaS); toolkits for virtual assistants (e.g., Apple Siri, Amazon Alexa and Google Assistant),
device development kits; and AI serving SDKs.
Cloud-Based Grid Computing  Cloud-based grid computing involves using computers in a public cloud service or a hybrid of public cloud and internally owned
computers, to collectively accomplish large tasks, such as derivative risk analysis, candidate drug screening and complex simulations.
We do not include grids that use private cloud or traditional in-house servers only, which we instead cover as “grid computing not
using public cloud computers.”
Cloud Migration Tools  Tools that support the packaging and movement of production or disaster recovery workloads between on-premises infrastructure and
public cloud facilities, as well as between public cloud services. 
Confidentiality The parties both agree they won't share any secrets of the University with outside parties.
Confidential Information  Information maintained by the University that is exempt from disclosure under the provisions of the Public Records Act or other applicable state and federal laws. The controlling factor for confidential information is dissemination.
Configuration Auditing Tools Tools that provide change detection and configuration assessment across servers, applications, databases and networking devices,
across internal and public cloud infrastructure. Company-specific policies or industry-recognized security configuration assessment
templates (for example, NIST) maintain the fidelity of the system for auditing, hardening or improved availability.
Container Management Software  Container management software supports the management and orchestration of containers. This category of software includes
container runtimes, container orchestration, job scheduling, resource management and other container management capabilities.
Container management software is typically DevOps-oriented and depends on the use of a particular OS container technology or
specific container runtime.
Container Networking Container networking software provides internal and external connectivity (e.g., routing and switching) for containers located in one or
more containerized hosts. The software may provide policy, multitenancy and service registration. There are two primary ways to
handle containers on a network: treat the container as a connected host or create an abstraction (which is typically accomplished via
an overlay network). This typically works via controlling embedded bridges, switches or routers, or by allowing direct network access.
Content Collaboration Platforms  Solutions that provide file sync and share as the core capability. They are enhanced with collaboration and content management
functions. Integration with cloud productivity and collaboration suites (e.g., Microsoft Office 365, G Suite) is common. Some solutions
also have native capabilities for collaborative content editing, such as Box Notes and Dropbox Paper.
Content Management Content Management is the ability to manage unstructured information in an organization, wherever the information is found. CM technologies are applied to traditional content, such as office documents and printed graphics, as well as web pages, email, and rich media.
Control  Method used to reduce the probability of occurrence or the negative impact of the realization of a risk.
CRM Customer Relationship Management: An integrated information system that is used to plan, schedule and control the presales and post sales activities in an organization.
Crowd Sourcing Service  Crowd sourcing marketplace that allows individuals to complete micro-tasks on-line for small amounts of money.
CTO Chief Technology Officer: The executive responsible for the technical direction of an organization.
CU Marketplace  Our eProcurement system, CU Marketplace, is a purchasing and payment processing system that enables online shopping, including CU-specific catalogs. 
Data Governance Data governance is an umbrella term for a formal and systematic approach to maintaining high quality data within an organization. It includes data validation and cleansing as well as authorization, privacy and security issues.
Data Loss Prevention  Prevention of unnecessary exposure of protected information.
Data Mining Exploring and analyzing detailed business transactions; uncovering patterns and relationships contained within the business activity and history.
Data Security  Protecting digital data, such as those in a database, from destructive forces and from the unwanted actions of unauthorized users, such as a cyberattack or a data breach.
Data Standards Standards that provide consistent meaning to data shared among different information systems, programs, and agencies throughout a product's life cycle.
DBA Database Administrator: A person responsible for the physical design and management of the database and for the evaluation, selection, and implementation of the DBMS.
Delivery Requirements  The businesses decide who will deliver what and when.
DFS Desktop and Field Services.
Digital Certificate  An electronic document which uses a digital signature to bind specially derived numerical information with an identity - such as the name of a person or an organization. Most often encountered on web sites using encryption (SSL/https).
Digital Signage Digital signage is using electronic signs to advertise products or information. Digital signage includes various types of flat-panel display technologies to target audiences in different areas across the campus, such as the Student Union and the Library.
Digital Signature  Method of adding specially derived numerical information to a file or message (most often used as part of a digital certificate infrastructure).
Disaster Recovery A plan for duplicating computer operations after a catastrophe occurs, such as a fire or earthquake. It includes routine off-site backup as well as a procedure for activating vital information systems in a new location.
Disaster Recovery-as-a-Service (DRaaS) A cloud-based recovery service in which the service provider is responsible for managing virtual machine (VM) replication, VM
activation and recovery exercise orchestration. Increasingly, in addition to service offerings that just recover virtual machines, a
growing number of service providers are now offering managed hosting services for hybrid recovery configurations that are composed
of both physical and virtual servers.
Disclosure  The act, intentional or otherwise, of revealing information that is otherwise held as confidential or protected.
Dispute Resolution Should issues come up, the MSA outlines how the parties will resolve their conflict.
DNS  The Domain Name System (DNS) is a naming system for computers, services, or other resources connected to a network that associates a name with an IP address.
Document Management Document management involves the capture (imaging) and management of documents within an organization. The term originally implied only the management of documents after they were scanned into the computer. Subsequently, it became an umbrella term that embraces document imaging, workflow, text retrieval, and access to multimedia artifacts.
Document Management System (DMS) Document Management System software manages documents for electronic publishing. It generally supports a large variety of document formats and provides extensive access control and searching capabilities across local and wide-area networks. A document management system may support multiple versions of a document and may be able to combine text fragments written by different authors. It often includes a workflow component that routes documents to the appropriate individuals.
DQ (Documented Quote)  An informal process for obtaining pricing and delivery information on goods costing more than $10,000, or on services costing more than $50,000. Detailed specifications are given. Price, items offered, and delivery dates are supplied by the supplier. Evaluations are made against specifications. Determination of award is based on the quote offering the best value to the University with price as a consideration.
Electronic Information, Communication, and Technology (EICT)  Includes information technology and any equipment or interconnected system or subsystem of equipment used to create, convert, duplicate, or deliver data or information. 
Electronic-Learning: An umbrella term for providing computer instruction (courseware) online over the public Internet, private distance learning networks, or in-house via an intranet.
Electronic Workflow
Electronic workflow is the automatic routing of documents to the individuals responsible for working on them. Workflow systems provide the information required to support each step of a business cycle. The documents may be physically moved over the network or maintained in a single database with the appropriate individuals given access to the data at the required times. Triggers can be implemented in the system to alert managers when operations are overdue.
Encrypted Data  Data rendered unreadable to anyone without the appropriate cryptographic key and algorithm.
Encryption Process of numerically changing data to enhance confidentiality. Data is obscured using a specific algorithm and key both of which are required to interpret the encrypted data.
Endpoint Detection and Response (EDR) Solutions that have the following four primary capabilities: 1) Detect security incidents. This is done typically via monitoring of
endpoint activities and objects, via monitoring of policy violations, or by validating externally fed indicators of compromise (IOCs). 2)
Investigate security incidents. The investigate function should include a historical timeline of all primary endpoint events to determine
both the technical changes that occurred (such as file, registry, network, driver and execution activities) and the business effect (that
is, traversal, privilege escalation, spread, exfiltration, geolocation of command and control [C&C], and adversary attribution, if
possible). 3) Contain the incident at the endpoint, such that network traffic or process execution can be remotely controlled. 4)
Remediate endpoints to a pre-infection state. Ideally, solutions will remove malicious files, roll back and repair other changes.
End User  A person given authorization to access information on a system.
Enterprise The term enterprise is used when referring to the entirety of the University organization.
Enterprise License Agreement  Eneterprise licensing agreements (ELA) are contractual agreements that align vendor and customer incentives to provide select software at discounted, fixed pricing over a period of time.
Enterprise Software Software used in an organization as opposed to software used by individuals or departments.
Electronic Portfolio: A collection of electronic evidence assembled and managed by a user, usually on the Web.
ERP Enterprise Resource Planning: An integrated information system that serves all departments within an enterprise. Evolving out of the manufacturing industry, ERP implies the use of packaged software rather than proprietary software written by or for one customer.
Exposure  State during which a system’s controls do not adequately reduce risk that the information could be stolen or exploited by an unauthorized person.
FERPA  Family Educational Rights and Privacy Act. FERPA prohibits a school from disclosing personally identifiable information from students' education records without the consent of a parent or eligible student. 
Fiber Optic Network A method of transmitting information from one place to another by sending pulses of light through a series of optical fiber cables.
Firewall  An access control mechanism that acts as a barrier between two or more segments of a computer network or overall client/server architecture, used to protect internal networks or network segments from unauthorized users or processes. Such devices include hardware that is placed in the network to create separate security zones, provide NAT, and create a point of access control.
FTE Full Time Equivalent: Number of working hours that represents one full-time employee during a fixed period of time.
Geographic locations Both groups agree on where the employees will do the job.
Goods  Anything purchased other than services or real property. 
Help Desk A source of technical support for hardware or software. Help desks are staffed by people who can either solve the problem directly or forward the problem to someone else. Help desk software provides the means to log in problems and track them until solved.
HIPAA Health Insurance Portability and Accountability Act, a US law designed to provide privacy standards to protect patients' medical records and other health information provided to health plans, doctors, hospitals and other health care providers.
Homegrown Software developed by the institution to meet specific needs usually because no suitable commercial package is available.
HRMS Human Resources Management System
IFB (Invitation for Bid)  A formal process for obtaining pricing and delivery information on goods or services costing more than $500,000. Detailed specifications are given. Price, items offered, and delivery dates are supplied by the supplier. Evaluations are made against specifications. Determination of award is based on the bid offering the lowest price to the University while meeting the specifications.
Incident  Any set of circumstances in which the anticipated and configured delivery of a service is interrupted, delayed, or otherwise unavailable.
Incident Management  Process of returning service as quickly and effectively as possible.
Identity Management Identity management is management of an individual’s identity. Within the enterprise, an identity management system is made up of a system of directories and access control based on established policies. It includes the maintenance of the system (i.e., adds, changes, deletes) and generally offers single sign-on so that an individual only has to log in once to gain access to multiple resources.
Indemnification Indemnification is the buyer's remedy for a breach of any promises made in the purchase agreement or losses incurred relating to specific liabilities outlined in the purchase agreement. Indemnification allocates the risk of various post-closing losses between buyer and seller.
Information Resources Manager (IRM) Authorized and accountable to the State of Colorado for management of the university’s information systems to implement security policies, procedures, and guidelines to protect the information systems of the university. The Associate Vice President of Information Technology/CIO is designated as the university’s IRM.
Information Security  Protecting information so that it can only be seen, changed, deleted or copied by an authorized person and only in ways and to places authorized to contain it.
Information Technology Procurement  All technology resources and related services owned, used, or operated by the University, regardless of the source of funding, location or intended purpose.
In-house Solutions developed by the organization in which they are used.
Integration Platform as a Service (iPaaS) A cloud service that supports application, data and process integration projects, usually involving a combination of cloud services (i.e.,
cloud-based applications or APIs), mobile and on-premises systems. iPaaS delivers a mix of capabilities typically found in ESBs, data
integration tools, B2B gateways and, increasingly, API management platforms. IT departments and lines of business leverage these
capabilities to develop, manage and execute integration processes.
Integrity  The accuracy and completeness of information and assets and the authenticity of transactions.
Intellectual property rights The parties decide how to handle ownership and regulation of all patents and other IPs. The client will get all the IP in some instances. In others, the vendor provides perpetual rights while keeping his or her IP and patents.
Intrusion Detection System (IDS)  Hardware or a software application that can be installed on network devices or host operating systems to monitor network traffic and host log entries for signs of known and likely methods of intruder activity and attacks. Suspicious activities trigger administrator alarms and other configurable responses.
IoT Platform An Internet of Things (IoT) platform is software that facilitates operations involving IoT endpoints and enterprise resources such as
analytics, cloud services and so forth.
IT Information Technology: Processing information by computer, which encompasses "information management" and "computer science"
IT Compliance  Assessment of third party supplier applications and cloud services security for server applications facing the internet, or services provided by a supplier that will have access to University confidential data (HIPAA, FERPA, and PCI data), and ADA review (Boulder).
IT Financial Management Tools IT-owned and managed financial tools that provide IT leaders with multiple views of IT cost data and analytics to support strategic
decision making, financial planning, budget justification, chargeback/show back, performance analytics, benchmarking, and
measurement capabilities. 
IT Service Catalog A list of IT services that an organization provides its employees or customers.
IT Workload Automation Workload automation tools manage and automate the scheduling and movement of workloads and infrastructure tasks — within and
between applications, and across mainframes, and distributed, virtual and cloud environments. In addition, they manage mixed
workloads based on policies in which resources are assigned, or deassigned, in an automated fashion to meet service-level
Local Area Network: A communications network that is typically confined to a building or premises
Limitations of Liability The MSA lists who is the responsible party in the event of a lawsuit.
LMS Learning Management System: An information system that administers instructor-led and e-learning courses and keeps track of student progress.
Local Storage  Storage that is physically local to the workstation or server.
MB Megabyte: Approximately one million bytes (1,048,576 bytes)
Megabit: 131,072 bytes
mbps Megabits per Second: One million bits per second. Mbps is a measurement of peripheral data transfer or network transmission speed.
Mission Critical Information System  Information system defined to be essential to the university’s function and which, if made unavailable, will inflict substantial harm to the university and the university’s ability to meet its instructional, research, patient care, or public service missions. Mission critical information systems include those systems containing sensitive information.
Mobile Application A software application that runs in a smartphone, tablet, or other portable device.
MSA (Master Service Agreement) The goal of a master service agreement is to make the contract process faster. It also should make future contract agreements simplier. It spells out: confidentiality, delivery requirements, dispute resolution, geographic locations, intellectual property rights, limitations of liability, payment terms, venue of law, warranties, & work standards. 
NDA  A non-disclosure agreement is a legally binding contract that establishes a confidential relationship. The party or parties signing the agreement agree that sensitive information they may obtain will not be made available to any others. An NDA may also be referred to as a confidentiality agreement.
NDE Network Development and Engineering.
Network  All associated equipment and media creating electronic transmission between any information system(s), such as wired, optical, wireless, IP, synchronous serial, telephony.
Network Connectivity The measurement of a physical and logical connection of a computer network or an individual device to a network, measured in megabits per second (mbps).
Network Core The central part of a telecommunication network that provides various services to customers who are connected by the access network.
Network Performance Monitoring and Diagnostic
Network performance monitoring and diagnostics (NPMD) tools provide trend analysis and real-time alerting via performance
monitoring of the network (including devices and traffic). The tools collect performance data over time and include features such as
automated baselining, threshold evaluation, network traffic analysis, service-level reporting, trend analysis and historical reporting.
These tools leverage packet data, flow data, infrastructure metrics and device configuration data to enhance problem diagnosis and
Network Sandboxing Network sandboxes rely on sensors to monitor network traffic for suspicious objects (for example, executables, Microsoft Office files,
PDF files and JavaScript code) and automatically submit them to a sandbox environment, where they are analyzed and assigned
malware probability scores and severity ratings.
Offsite Storage  Based on data criticality, offsite storage should be in a geographically different location from the campus that does not share the same disaster threat event. Based on an assessment of the data backed up, removing the backup media from the building and storing it in another secured location on the campus may be appropriate.
OIT Office of Information Technology
Patch  A fix or update for a software program usually related to a security issue.
Payment Terms  These terms show what the estimated cost is as well as the schedule for payment.
PBX Private Branch Exchange: An in-house telephone switching system that interconnects telephone extensions to each other as well as to the outside telephone network (PSTN). A PBX enables a single-line telephone set to gain access to one of a group of pooled (shared) trunks by dialing an 8 or 9 prefix.
PCI  PCI compliant means that any company or organization that accepts, transmits, or stores the private data of cardholders is compliant with the various security measures outlined by the PCI Security Standard Council to ensure that the data is kept safe and private.
PII  Personally Identifiable Information; Any representation of information that permits the identity of an individual to whom the information applies to be reasonably inferred by either direct or indirect means.
Platform as a Service (PaaS) A cloud service that delivers application infrastructure (middleware) capabilities. Gartner tracks multiple types of PaaS (xPaaS),
including, among many more, application platform as a service (aPaaS), integration PaaS (iPaaS), API management PaaS
(apiPaaS), function PaaS (fPaaS), business analytics PaaS (baPaaS), IoTPaaS and database PaaS (dbPaaS). PaaS capability can
be delivered as a provider-managed public or virtual private service, or self-managed private service.
Portal A software tool available through a secured website which has the ability for the service provider to track users' web activity once they log onto the portal.
Project Portfolio Management (PPM) A discipline that seeks to better manage resources and project work, and to improve collaboration on like projects using specialized software.
Public Cloud Storage  An infrastructure as a service (IaaS) that provides block, file and/or object storage services delivered through various protocols. The
services are stand-alone but often are used in conjunction with compute and other IaaS products. The services are priced based on
capacity, data transfer and/or number of requests. The services provide on-demand storage and are self-provisioned. Stored data
exists in a multitenant environment, and users access that data through the block, network and REST protocols provided by the
Ransomware Ransomware is an ever-evolving form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable. Malicious actors then demand ransom in exchange for decryption.
Refresh The upgrading and replacing of computer systems, peripherals, and other technologies to ensure the access to the most basic services and efficiency of existing resources.
Residual Risk  Any risk remaining once controls have been applied.  The amount of residual risk allowed will be determined by the organization’s tolerance for risk.
Resolution  Returning service through the implementation of a permanent solution or a workaround.
RFI (Request for Information)  An informal process for solicitation or presentation of ideas from suppliers. The Purpose of an RFI is to gain familiarity with the current market for a particular supply or services and to gather information in a formal, structured and compartivie purpose. Pricing may or may not be requested, but is used for budgetary purposes only. RFIs primarily used to gather information to help make a decision on what steps to take next. No award is made
RFP (Request for Proposal)  A request for proposal (RFP) is a business document that announces a project or purchase, describes it, and solicits bids from qualified contractors to complete the request. 
Risk  Potential that a given set of circumstances and actions will lead to an undesirable outcome - in terms of information this means loss of one or more of (confidentiality, availability, and integrity).
Risk Assessment  The process of identifying, evaluating, and documenting the level of impact that may result from the operation of an information system on an organization’s mission, functions, image, reputation, assets, or individuals. Risk assessment incorporates threat and vulnerability analyses and considers mitigations provided by planned or current security controls.
Risk Management  Decisions to accept risk exposures or to reduce vulnerabilities and to align information system risk exposure with the organization’s risk tolerance.
Robotic Process Automation Robotic process automation (RPA), sometimes called smart automation or intelligent automation, refers to advanced technologies
that can be programmed to perform a series of tasks that previously required human intervention.
Root Access  Most privileged access to a computer system allowing the use, change, and deletion of any and all configuration information, system software, and data.
SaaS Software-as-a-Service: Capability to move files to an offsite location.
SAN Storage Area Network.
SCS System Computing Services.
SEA Systems Engineering and Administration
Security Administrator  The person charged with monitoring and implementing security controls and procedures for a system. Whereas each university will have one information security officer, technical management may designate a number of security administrators.
Self-service Application A software application that allows a user to obtain information or complete a business transaction on a computer that has traditionally required the help of a human representative
Self-service Functionality Self-service functionality is the ability for an individual to obtain information or complete a business transaction that has traditionally required the help of a representative over the phone or in person. Voice response systems and web sites are widely used for self-service applications.
Server A server is a computer system in a network that is shared by multiple users. A server may have a keyboard, monitor and mouse directly attached, or one keyboard, monitor and mouse may connect to any number of servers via a switch. Servers are often located in data centers containing hundreds and thousands of servers residing in equipment racks. Servers are primarily accessed over the network.
Serverless Infrastructure Serverless infrastructure, part of serverless computing, is a style of server deployment and management that hides resiliency,
scalability, operating system, management and hardware considerations from application developers. It's the style of infrastructure
that supports many major digital businesses, and the serverless initiatives announced by major vendors. Software components
include orchestration management, infrastructure as code and software-defined infrastructure.
Service/ Services Contract  1. An agreement calling for a contractor's time and effort. 2. The furnishing of labor, time, or effort by a contractor or supplier, which may involve to a lesser degreee, the delivery or supply of products. 
Service Level Agreement (SLA) A service-level agreement is a contract between a service provider and an individual needing that service. The agreement specifies the level of service expected during its term. SLAs are used by vendors and customers as well as internally by information technology units and the individuals and units who use their services. The agreements can specify bandwidth availability, response times for routine and ad hoc queries, response time for problem resolution (e.g., network down, machine failure, etc.) as well as expectations of the technical staff. SLAs can be very general or extremely detailed, including the steps taken in the event of a failure. For example, if the problem persists after 30 minutes, a supervisor is notified; after one hour, the account representative is contacted, etc.
SES Software Engineering Services
Shared Administrative Service An initiative that focuses on helping departments control costs and improve service delivery by improving administrative processes and procedures.
Single Sign-on  Ability for a user to sign in once and have that sign-in allow access to multiple information systems without the need for providing a username and password for each separate system.
SIS Student Information Systems
SPAM Disruptive online messages, especially commercial messages posted on a computer network or sent as email.
STAB Student Technology Advisory Board.
Stakeholder Any individual who may be affected by a business decision. The term may refer to just about anyone who has some interest in the University or its products.
System of Record A data management term for an information storage system that is the authoritative data source for a given data element or piece of information
Systems Analyst A person responsible for the development of an information system. Systems analysts design and modify systems by turning user requirements into a set of functional specifications, which are the blueprint of the system. They design the database unless done by a data administrator.
Team Collaboration Devices  Team collaboration devices combine a computer and, usually, videoconferencing and/or audioconferencing hardware with a digital
whiteboard and custom software to create a turnkey solution for meetings. As self-contained devices, these are relatively expensive;
however, they can provide customized interfaces and simple operation. They typically are shared devices, without a specific assigned
Terabyte Approximately one trillion bytes (1,099,511,627,776 bytes)
Thin Clients  A type of client/server computing in which applications are run, and data is stored, on the server rather than on the client. Because the
applications are executed on the server, they do not require client-resident installation, although the graphical user interface and
some application logic may be rendered to the client.
Third-party Typically a company that provides an auxiliary product not supplied by the primary manufacturer to the end user.
Ticketing System Also known as an issue tracking system, these computer software packages are usually used at an IT help desk to manage and maintain lists of issues.
TLC Teaching and Learning Center.
UPS  An uninterruptible power supply. An electrical apparatus that provides emergency power to a load when the input power source (usually commercial power) fails.
Virtual Assistants  Virtual assistants (VAs) help users or enterprises with a set of tasks previously only made possible by humans. VAs use AI and
machine learning (such as natural-language processing, prediction models, recommendations and personalization) to assist people or
automate tasks. VAs listen to and observe behaviors, build and maintain data models, and predict and recommend actions. VAs can
be deployed in several use cases, including virtual personal assistants, virtual customer assistants and virtual employee assistants.
Virtual Private Network  Encrypted connections over a larger network, typically over the Internet, which simulates the behavior of direct, local connections.
Virtual Reality  Virtual reality (VR) provides a computer-generated 3D environment that surrounds a user and responds to that individual’s actions in
a natural way, usually through immersive head-mounted displays and head tracking. Gloves providing hand tracking and haptic
(touch sensitive) feedback may be used as well. Room-based systems provide a 3D experience for multiple participants; however,
they are more limited in their interaction capabilities.
VoIP Voiceover Internet Protocol: A digital telephone service that uses the public Internet and private backbones for call transport. Support for the public switched telephone network (PSTN) is also provided so that VoIP calls can originate and terminate from regular telephones.
Vulnerability  Any exploitable aspect of a system or process.  
Warranties The groups agree on the scope and the coverage of the warranty.
Workstream Collaboration Tools  Tools that create a persistent, shared conversational workspace that helps groups initiate, organize and complete work. It integrates
direct and group messages, alerts, notifications, activity streams, files, tasks, bots, and real-time audio and video into searchable
groups or channels. 
Work Standards This section of the MSA defines what each party regards as acceptable work. Not living up to the work standards often causes disputes.

Can students, faculty and staff buy personal computers from Dell?
There is a CU Dell page separate from the Marketplace where faculty, staff and students can make personal purchases at There are Boulder-specific recommendations there if that is helpful to them, but CU staff and students can purchase anything from the page and get educational pricing on it.

Can students, faculty and staff buy personal computers from Apple?

Special discounts are available on Apple products through the CU Student Purchasing Program.  The best way to order is by going to where the special pricing will already be set to choose.  Then just follow through your order to checkout.  When checking out, please login or register with a CU-affiliated account in order to ensure your discounted price.  If you have questions or run into any issues, please email Brett Johnson at or call at 866.465.9917, and provide your order number.

Denver/AMC and Boulder are part of the “Apple on Campus” program, where personal purchases of Apple products can be made online thru the bookstore’s website, though the CDW-G process above is recommended and typically includes better discounts.

Can I buy a computer from HP, Lenovo, Acer, IBM, etc?
Please note that Dell is a preferred supplier as established by the PSC and campus OIT departments. The PSC recommends checking with your IT support group prior to purchasing a device that is not manufactured by Dell. To purchase HP, Lenovo, Acer, IBM, or another brand, please contact Brett Johnson at for a quote. The quote will be uploaded to Marketplace for ease of ordering.

Steps to procure below:

CDW: You can convert the CDW-G Quote # XX into an order in CU M@rketplace using the instructions below:

  • How to convert a CDW-G Quote into an Order in eSHOP:
    1. Log in to the CU M@rketplace using your CU login credentials
    2. Click on the CDW-G icon and select the “Punch-out” link that comes up
    3. Enter the supplied quote number in all CAPS into the text box on the CDW-G homepage and click “Find It”
    4. Click 'Add to Cart' and continue checking out the way you would any other order

Do I have to purchase AppleCare?
AppleCare is recommended when purchasing Apple hardware.

What contracted suppliers are mandatory?
Xerox, Konica Minolta, Infojini, & Lancesoft.

Where do I locate master service agreements or enterprise agreements?
You can locate master service agreements on the “How to buy” pages for hardware, software, audiovisual, and services pages.

How do I buy off a master service agreement or enterprise agreement?
Please see: IT Purchasing Method Guide 

Why do I have to order from Dell or CDW-G (for Apple)?
In addition to the Procurement Service Center negotiating discounted rates, warranty, support, and tracking, we have contracts in place that meet the University’s security and compliance requirements.

When items are on backorder from a contracted supplier, can I order from another supplier?
First, reach out to a Catalog supplier for a quote if you can’t locate an item on the punchout or reach out to Chrissy Alexander at or Angela Penzo at

Can I purchase hardware on my personal card and get reimbursed?
Our preferred method of purchasing IT Hardware is from one of our contracted suppliers and ideally through one of our catalogs. If you purchased hardware on your personal card tax will be charged and may not be reimbursed. It may not be our standard product, the warranty may differ, the security and other compliance may be below the required standards, there could be a lack of support, and it may not be approved by campus OIT.

Am I allowed to purchase hardware from Amazon?
We recommend you do not purchase hardware from Amazon as it may not meet our University performance standards, negotiated warranty, and support.

Who do I call about warranty repairs for Apple?
Please coordinate warranty repairs for Apple with your campus OIT or our CDW-G/Apple representative Brett Johnson at

Who do I call about warranty repairs for Dell?
Please coordinate warranty repairs for Dell products with your campus OIT or with our representative from Dell, Ashley Delgado Simo at

I can’t find the laptop that I want in the Dell punchout, what do I do?
Please reach out to Ashley Delgado Simo the University’s Dell Account Manager at for assistance with a quote or equivalent alternative. If the product is not available, please contact Brett Johnson at for a quote from CDW or contact Chrissy Alexander at You can also reach out to a Purchasing Agent responsible for the commodity

Who do I call about a problem with my Dell order?
You can contact Ashley Delgado Simo at

My Dell laptop is damaged, what do I do?
Please coordinate repairs for Dell products with your campus OIT or with our representative from Dell, Ashley Delgado Simo at

How do I make a return?
All Dell returns are subject to the terms and conditions of Dell’s Return Policy 

To initiate a return with Dell, follow these steps:

  1. Go to  and enter your order number. 
  2. Select “Return/Replace Items”. Verify your identity and follow the directions to submit your return. 
  3. Print return label and package your device in its original packaging for pickup or bring it to a local drop-off location. 
  4. Track your return online.  Go to, enter your order number and select “View Details” to learn more. Credit or refund will be issued after Dell receives and validates the authorized return. 

 Additional Notes: 

  • If an order is in-production status we do have a short window to get an order cancelled.  Once its status has been updated to “Shipping” or “Shipped” we are not able to cancel an order.  
  • All returns that are a non-Dell error are subject to the 15% restocking fee.  
  • Returns are allowed within the 30-day return policy. 
  • If an order is outside of the 30-day return policy, contact Dell support through the above link to request approval. 

For other suppliers, please contact our supplier representative and they will provide instructions on how to process a product’s return. 

My request is time sensitive. How do I get it expedited?
Please reach out to your purchasing agent or account manager to have an order expedited.

Due to extended lead times from Dell, can I order from another reseller or Best Buy?
While the lead times have decreased with Dell products, our next preferred option is to purchase from our CDW punchout catalog. If the product is not available on the punchout catalog, please contact Brett Johnson at for a quote. We discourage customers from going to retail outlets to buy IT products.

Where do I find the Dell standards?
The Dell standard configurations can be found by clicking the “Standard Configurations” button on the Dell Catalog landing page in Marketplace or by visiting the “How to buy IT Hardware” page.

How can I get support for the products I purchased from Dell? Apple?
For Dell support, please contact Ashley Delgado Simo at

For Apple support, please contact Brett Johnson at or call at 866.465.9917.

Also, you can contact your campus OIT for assistance with support.

What shipping options are available?
For expedited shipping requirements, please contact the supplier prior to submitting a requisition to determine the method for changing shipping options.

I found a sale for the item I want. Can I buy directly from this supplier?
The University's preferred purchasing method is utilizing the catalogs on our Marketplace. Purchasing IT equipment on a procurement card is highly discouraged.

How can I purchase a custom configured computer?
To customize a computer on the Dell Catalog, select the “Customize & Buy” option right of the product description.  To customize an Apple computer, use the filters on the left side of the catalog page for CDW-G to narrow down the options and find the selection you’re looking for.

How do I procure software?
Please reach out to your campus OIT to establish whether they already have licenses available for purchase. If they do not have what you need, please check the University’s Enterprise Agreements on the “How to Order Software” page for ease of ordering. If the Enterprise Agreements do not have what you need, please follow the Purchasing Guidelines and Policies. All Software purchases require a security and compliance review and need to be approved and often negotiated. This includes but not limited to Clickthrough/Clickwrap procurements.

Campus OIT Home Pages: UIS (CU System), CU Boulder, UCCS, CU Denver / Anschutz

How do I know if my order needs a Security and Compliance review?
For ALL goods or services that involve, but not limited to, digital interface, software, licenses, or systems that can store, manage, control, manipulate or retrieve information/data for human interaction, including videos, platform, web content/web development, and communications products require compliance review and approval. Please allow 2 to 8 (estimated) weeks for this process and another 2-8 (estimated) weeks for the contracting process, when applicable.

How long does the Security and Compliance review take?
A Security and Compliance review can typically take between 2 to 8 (estimated) weeks so please make purchases well in advance if you believe it will require one. The contracting process can also take 2 to 8 (estimated) weeks.

Computers and imaging equipment—including multifunction copiers such as printers and copiers—often contain toxic materials and are energy intensive to manufacture and operate. It’s important to evaluate the full product lifecycle of the product from design and production to energy use and recycling. This is also a product category to lease instead of own the product, and it’s the producer’s responsibility to offer proper end-of-life disposition. ENERGY STAR certified office equipment saves energy through efficient design and power management options.

According to the U.S. Environmental Protection Agency, almost 3.4 million tons of electronics were disposed of in 2014 and, of this amount, only 41 percent were collected for recycling. The rest ended up in landfills and incinerators. Recycling conserves resources and keeps toxic materials out of the landfill. Glass, plastic, and metals can be recycled and used again in other products. Many of the heavy metals can also be recycled and safely reused.

  • Energy efficient products
  • Laptops
  • Re-manufactured/ ​refurbished equipment
  • Repair equipment to extend life
  • Power down electronics when not in use for over an hour
  • Utilize "sleep" or ‘hibernate’ mode
  • Desktops
  • Using screen savers
  • Non-certified recyclers
  • Recycle
  • Send working electronics (including keyboards, mice, monitors, chargers, telephones, calculators, etc.) to surplus or see if another deparment can use them
  • Send broken or non-functioning electronics to e-Stewards certified recycler
  • Recycle with vendor, if applicable
  • EPEAT;
  • Energy Star;
  • Federal Energy Management Program; 
  • e-Stewards


Crystal DiCino
Procurement Manager
Amber DeTemple
Purchasing Agent
Brian Hutchison
Strategic IT Sourcing Specialist
Chrissy Alexander
Senior Purchasing Agent
Kylee St. Germain
Purchasing Agent