DA/DA(+) play a crucial role in the process for proposing new LTIs. The DA step consists of the following the parts:
- LTI Intake Form Review. Validate the case for the LTI including:
- Justification/Need for the LTI
- The LTI cost and whether there is appropriate funding
- Whether the LTI has AI capabilities
- The LTI POC and Business Owner
- Initiate Review Cycles
- Accessibility review
- Security/architecture review
- Third-party review
- Complete Third-Party Tool Request Form
For more information on the other steps in the process, refer to the New LTI Request Process guide which overviews each step.
Note: The LTI Intake form should be completed prior to beginning the activities listed on this page. Typically, the form is completed by instructors, but other individuals, such as DAs, may complete the form as well.
LTI Intake Form Review
The following list identifies key pieces of information from the LTI Intake form that DAs must validate or otherwise assess. If any information is missing from the LTI Intake form, return the form to the requestor.
- Validate that there is a need for the new LTI – DAs will need to review the justification provided for the new LTI in the LTI Info section of the LTI Intake form. The justification should explain why the new LTI is beneficial and should provide a case for unique support to the school/unit. Additionally, DAs will need to confirm that none of the currently deployed LTIs meet the need. Refer to the table in the All Third-Party Tools guide for a list of all currently deployed LTIs.
- Confirm that there is funding available for the new LTI – DAs will need to review the total cost of the new LTI provided in the LTI Info section of LTI Intake form and compare that against the school/unit budget to determine if deploying the LTI is feasible.
- Determine to what extent, if any, the LTI has AI capabilities.
- Identify the LTI POC and Business Owner – This information should have been provided on the LTI Intake form in the Vendor Contact Info section.
Initiate Review Cycles
DAs are responsible for kicking off the accessibility, security/architecture, and third-party reviews. To do so, they need to obtain Voluntary Product Accessibility Template (VPAT), Higher Education Community Vendor Assessment Toolkit (HECVAT), and Service Organization Control Type 2 (SOC2) reports from the vendor. In rare instances, these reports can be found on the vendor’s site; however, it is much more common that these reports can only be obtained by contacting the Customer Success Manager (CSM). The CSM’s contact information should be documented in the Vendor Contact Info section of the completed LTI Intake form.
- Accessibility Review. All new LTIs must, at minimum, meet section 508 accessibility requirements and follow Web Content Accessibility Guidelines (WCAG). To assess a new LTI’s compliance, DAs conduct a review of the VPAT themselves. Refer to the appendix for the VPAT Quick Review Score Card.
- Security/Architecture Review. All new LTIs must also be assessed in terms of security vulnerabilities and weaknesses. To initiate this step, complete the Security Questions for New LTIs form. Once that form has been completed and the HECVAT and SOC2 reports have been obtained from the vendor company, complete the Application Add-On SNOW Form and add all three documents as attachments.
- Third-Party Review. Complete the Third-Party Security Risk Management SNOW Form.
Complete Third-Party Tool Request Form
Once all other steps have been completed, DAs will need to complete and submit the Third-Party Tool Request Form.
Glossary
- Higher Education Community Vendor Assessment Toolkit (HECVAT) – a questionnaire tool intended to help higher education institutions assess their vendor risk.
- Service Organization Control Type 2 (SOC2) – a cybersecurity framework that helps ensure client data is kept secure.
- Voluntary Product Accessibility Template (VPAT) – a document that describes how a product meets accessibility standards.
- Web Content Accessibility Guidelines (WCAG) – technical standards and guidelines with testable success criteria. Third party tools need to meet USC’s digital accessibility standard of WCAG 2.1AA.
Appendix
VPAT Quick Review Score Card
| Question | Data Location | Low Risk | Medium Risk | High Risk |
|---|---|---|---|---|
| Who conducted the review? | First or second page. | Third-party company such as Allyant, Level Access, Deque, or TPGi. | Internally conducted by an accessibility specialist. | Internally conducted by someone other than an accessibility specialist. |
| When was the review conducted? | First or second page. | Within the last year. | Within 1-3 years. | More than 3 years ago. |
| Is this VPAT version 2.4? | First or second page. | Yes | N/A | No |
| Is the VPAT assessment for the correct product/service? | First or second page. | Yes | N/A | No |
| What is the overall pattern of WCAG Standard support? | WCAG Standards section | Answers span the full scale of supports, partially supports, does not support, and N/A, | N/A | All answers say support. This is more than likely an indication that a report is not accurate. |
| Are there notes/explanations for the WCAG standards? | WCAG Standards section | Yes, there are detailed notes for nearly every standard. | The notes are light in volume, detail, or both. | There are little to no notes and/or the notes are not thorough. |