blog navigation

Business & Finance News Center

blog posts

  • UIUC: Software Purchase Process Change – Effective July 1, 2025, New Software Purchasing Workflow Begins July 1

    Jun 2, 2025 12:30 pmFY 25Buying and Contracts

    This announcement applies to the University of Illinois Urbana-Champaign only. 

    Starting July 1, 2025, a new process for software purchases in iBuy will take effect, designed to simplify workflows and eliminate duplicate forms. The Software Intake Form will be retired, and departments may now be required to complete a Lightweight Risk Assessment (LRA) before submitting their iBuy purchase request.

    To determine if your software purchase requires an LRA, refer to the iBuy Purchase Requisition Form Instructions (see below for a sample). For additional questions, please contact urbanapurchasing@uillinois.edu.

    Key Changes and Features

    LRA Requirement

    • An LRA is required if the third-party vendor will host or access non-public university data (e.g., cloud-based services or integrations, or unit sharing data directly with the vendor).
    • If you're unsure whether your purchase requires an LRA, consult the instructions in iBuy or the UIUC Purchasing and Contract Management Office at urbanapurchasing@uillinois.edu.
    • For more information on university data classifications, see Data Classification.

    TDX Ticket Number

    • When an LRA is submitted, the Governance, Risk and Compliance Office (GRC) will provide a TDX ticket number to the requester who submitted the LRA.
    • Requesters must include this ticket number in the Internal Notes and Attachments section of the iBuy Requisition.
    • If GRC indicates to the requester that no further review is needed, please note that in the Internal Notes and Attachments section of the iBuy Requisition.

    Contract Review Dashboard – Power BI

    • A new dashboard will allow requesters to track the status of their software purchase reviews in real time.
    • Once Governance, Risk, and Compliance (GRC) has begun their review of the software/solution, the status of the GRC and Privacy Office reviews can be tracked by accessing the Contract Review Dashboard.
    • It provides transparency by showing the current review stage and what actions are needed.
    • Additional guidance on using the dashboard will be shared closer to the go-live date.

    Sample – iBuy Purchase Requisition Form Instructions (Effective July 1, 2025)

    Urbana (UIUC), Springfield (UIS), and System Offices (Charts 1, 4, and 9) Only: The Lightweight Risk Assessment (LRA) questionnaire will be required for all software purchases submitted on an iBuy requisition where the third-party vendor will be hosting, or have access to, university data. The LRA will collect information related to the classification of the data that will be shared with the third party, as well as information to determine if there are FERPA, HIPAA, Privacy, and/or Security issues that need to be addressed. The LRA can be accessed at https://go.uillinois.edu/lra (opens in a new tab). If you have questions or concerns with the LRA, Urbana units can reach out to urbanapurchasing@uillinois.edu. Springfield units can reach out to UISPurchasing@uillinois.edu. System Offices can reach out to AITS Enterprise Systems Assurance at aitsesa@uillinois.edu.

    Contact
    For additional information, contact the Urbana-Champaign Purchasing & Contract Management Office at 217-333-3505 or uiucpurchcs@mx.uillinois.edu.

The Office of Business and Financial Services is committed to maintaining the privacy of our website users. Some forms on this site request personal information such as name, email address, and other information. This information is used to provide services to the University community and is for internal use only. Personal information about our users is not sold, given, or otherwise transferred to outside organizations.