Now Live: The PSC has released a significant redesign of CU Marketplace. Learn more and register for training here.
Contract Review
Contracts and contract language are frequently presented by suppliers. Any contract, supplier-provided terms or other conditions associated with a purchase must be reviewed by the appropriate PSC staff for special provisions, to ensure compliance with university policies, and to mitigate risk as part of the purchasing process at the University. This contract review process is completed as part of the procurement workflow, however depending on the vehicle for the purchase, there may be additional manual steps involved to ensure compliance.
The PSC Purchasing Agents have been delegated authority to enter into contracts on behalf of the University. Department purchasers, fiscal staff and most other university employees do not have this authority. In fact, there are very few campus employees with the authority to enter into contracts on behalf of the University. If purchase documents are found to have contract language, they should always be submitted to the PSC Purchasing Agent for negotiation of the contract terms as needed during the purchase review process. The Purchasing Agent will also provide required signatures on these contracts following negotiation, ensuring the university is accurately represented and protected.
Contract Signature Authority
The University has a clear policy that only individuals with delegated contracting authority are authorized to sign contracts on behalf of the University. Departments and employees without formal delegation of authority are not permitted to sign any contracts, agreements, or binding documents. Signing a contract without this authority can expose the individual and the University to significant legal and financial risks, and such contracts may be considered invalid.
All contracts must be reviewed and signed by the Procurement Service Center (PSC) or the designated Contracting Officer. Departments are encouraged to submit contracts for review and signature to ensure compliance with university policies and state laws. For specific information on contracting authority, refer to the University’s Administrative Policy Statement on Contracting Authority (APS 2005).
Departments should follow the official procurement process and submit all contracts for approval prior to engaging with suppliers to avoid any unauthorized commitments.
Procedure for Contracts Above $10,000
For contracts exceeding $10,000, departments must submit a Purchase Requisition via CU Marketplace and ensure that all documents related to the contract are attached and unsigned. A WORD version of the contact is preferred. The requisition enterer will be prompted to provide the contact details of the individual who will be negotiating the contract on behalf of the supplier, including their name, phone number, and email address.
Procedure for Contracts Under $10,000
For procurement contracts of $10,000 or less, departments are required to use the Small Dollar Contract Request Form in CU Marketplace. This form streamlines the process for smaller contracts and ensures proper review and approval. For more information and to access the form, visit the following link: CU Marketplace Small Dollar Contract Request Form.
Questions Regarding Existing Contracts
For any questions related to existing contracts, including contract amendments, renewals, or issues with terms and conditions, please contact the Procurement Service Center (PSC). The PSC can assist with contract negotiations, troubleshooting, and ensuring compliance with university policies. Do not hesitate to reach out for guidance or support regarding any ongoing contractual obligations.
IT Security Risk and Compliance Review
The Service Center (PSC) is responsible for reviewing negotiating and signing contracts, IT Security Risk and Compliance Reviews are conducted exclusively by each campus's IT security office. These reviews ensure that contracts for IT software, applications, and services include the appropriate IT security and compliance language.
IT suppliers, including application service providers and software suppliers, can present significant data security risks to the University. To mitigate this, the campus IT security office reviews supplier security protocols to ensure proper controls are in place for contracts that involve sensitive information.
The IT Security Risk and Compliance Review process is required for any purchase or renewal involving access to or transmission, processing, or storage of the following types of information:
- Protected health information
- Student records
- Personal identification information
- Payment card information
- Export-controlled data
At the Boulder campus, the review also includes an assessment of compliance with accessibility policies, ensuring that both IT security and accessibility requirements are clearly defined in the contract’s terms and conditions.
Departments should initiate the IT Security Risk and Compliance Review as early as possible in the procurement process to allow time for security reviews and negotiations. The final security assessment must be attached to the purchase requisition in CU Marketplace. When procuring through an existing agreement (enterprise, campus, or other), the security review is generally already complete, so no additional documentation is needed.
For more details on promoting security controls in contracts, visit the Office of Information Security’s IT Purchasing Standards webpage.
To ensure compliance with the security review process at your campus, follow the appropriate guidance:
Boulder Information and Communication Technology Integrity Office
Denver | Anschutz Application and Cloud Services Security Assessment Process
Colorado Springs Email Information Security Office (ISO) at ITComply@uccs.edu
System Email Keith Lehigh at Keith.Lehigh@cu.edu and Brad Judy at brad.judy@cu.edu