HUIT Policies:


Harvard Strategic Procurement  is the sole office which can assign the designation of Preferred Vendor. Selection of a PV includes stakeholder representation in the evaluation and decision making process.

Using Preferred Vendors meets the Uniform Guidance requirements for small purchases between $10,000 and $250,000.

HUIT has a conflict of interest policy with respect to Vendor Procurement and Management.  All staff involved in any procurement activity is expected to comply to the following policy:

HUIT staff should not accept any items, including event tickets, food/drink, clothing,
from current or potential vendors at any time. HUIT staff are expected to reimburse
vendors for any expenses incurred on their behalf.

Harvard Responsibilities of Purchases, Preparers and Approvers (ROPPA) - The University has rolled out a new policy, the Responsibilities of Purchasers, Preparers and Approvers (ROPPA). The purpose of this policy is to reinforce sound approval practices, clarify responsibilities and emphasize the shared stewardship of spending University funds. These responsibilities include individuals who hold Corporate or PCards, process web reimbursements, transact in HCOM, as well as those who sign invoices or negotiate quotes with vendors.  A brief course on ROPPA is available on the Harvard Training Portal (Harvard Key is required). 

Vendor Confidentiality Policy Includes:  Use of Harvard NameEndorsements 

  • Accounts Payable: (617) 495-8500 Desk Hours M-F mornings 9a-12p afternoons 1p-4p

Information Security Policy - Includes policy statements/requirements/how to's

Harvard University is committed to protecting the information that is critical to teaching, research, and the University’s many varied activities, our business operation, and the communities we support, including students, faculty, staff members, and the public. Everyone at Harvard has a responsibility for proper handling and protection of confidential information.

In cases where Harvard is outsourcing management or processing of confidential information to an external service provider, the selected vendor must be capable of maintaining appropriate safeguards that may span legal, contractual, and University policy considerations. HUIT project managers should understand Harvard’s requirements for working with vendors. Depending on the type and classification level of data within the service, these requirements may include specific data protection contract riders and a security review of the vendor’s policies, procedures, and system design.

After identifying a potential vendor, engage Harvard Information Security for a Vendor Risk AssessmentTo initiate a VRA, complete the Level 4 VRA intake questionnaire

Overview of Harvard's Accessibility Requirements for Vendors

Required Vendor Architecture Review- Contact Raoul Sevier (raoul_sevier@harvard.edu) to schedule a review with your vendor before signing a contract with a new vendor.