Important BearBuy Updates: December 2016

Important BearBuy Updates

December 2016

Dear BearBuy Users,

We would like to inform you of a few updates. Please review the topics below and follow the links or scroll down for more information on each topic.

This month's BearBuy News:

New BearBuy Software Form Coming Soon
IT Security Risk Assessments before a Purchase
ATTENTION: Action required by Requesters shipping to Parnassus Addresses
America To Go Caterer Suggestions
"Did you know?" Useful BearBuy Tips

As always, if you have any questions, please contact Customer Support at (415) 514-4100, Option 2 or [email protected] for immediate assistance.

Thank you for your continued support,

BearBuy Team

UCSF Supply Chain Management

1. New BearBuy Software Form Coming Soon

As the number of software and cloud computing purchases has increased significantly in the past 12 months, the need for a BearBuy Software form has been identified as there is potential risk exposure in current purchasing processes. This form will help identify and mitigate such risk. This form will be used for purchases including cloud computing, software, licenses to software, software-as-a-service, and equipment that contains embedded software. We will be launching the BearBuy Software form in early 2017. More details will be forthcoming.

2. IT Security Risk Assessments before a Purchase

IT Security Risk Assessments must be conducted on all new systems, applications, and vendors when they are initially introduced into the UCSF infrastructure and when making significant changes such as a new server or new operating system. This includes transactions wherein outside parties may be sent sensitive UC data (including but not limited to PHI, PII, payment card information) or they may access such data or store it.

SCM has had a number of conversations with UCSF IT Security with regards to the IT Risk Assessment process. Apparently, there are a number of end users who are unaware of the fact that they should be partnering with the IT Risk Assessment team to complete the assessment process prior to their submitting their purchase requisitions, as there can be delays and communication challenges with IT Security's end users and the vendor with regards to answering the technical questions.

What is a Delphiis Risk Assessment at UCSF?

Using Delphiis is a way to measure the security of a system. The process is called a distributed Systems Technical Risk Assessment and it includes measuring the security aspects of all computing devices involved in a system such as - phones, tablets, computers, servers, routers, switches, network connections, and other types of technologies. The goal is to protect the information. A risk assessment will demonstrate how the system protections positively affect the confidentiality, integrity, and availability of the information.

End users have indicated that they didn't even know this process was required, so we are sharing this information so that our customers are prevented from potential delays.

3. ATTENTION: Action required by Requesters shipping to Parnassus Addresses

All non-urgent packaged items that Parnassus Requesters order through BearBuy should be routed through the Last-Mile Package Delivery Program (with few exceptions ). When creating your requisitions, select "616 Forbes Blvd (Oyster Point)" as the delivery address . Be sure to select the "616 Forbes Blvd" address that corresponds to your Parnassus location.

Read more about the Last-Mile Package Delivery Program Pilot for Parnassus here. Additional information and instruction for the program is available in a webinar, guide, and FAQs.

Please select "616 Forbes Blvd" for all your non-urgent packaged items beginning TODAY, if you have not already done so.

Thank you.

For questions or comments about this program, please email [email protected].
For BearBuy support, please contact the IT Service Desk at (415) 514-4100, option 2 or [email protected].

4. America To Go Caterer Suggestions

The America To Go (ATG) Punch-out now offers 135 caterers/restaurants with a wide variety of cuisines. A full listing of all ATG caterers is available on the Supply Chain Management (SCM) website and on the main ATG Punch-out landing page.

If you have a caterer that you would like to see in ATG, you may send your caterer suggestion to ATG Customer Service at [email protected] or (866) 284-8646. Be sure to provide ATG customer service with the caterer name, address, and contact information. ATG will contact the caterer to discuss joining ATG. Please note that the caterer must agree to join ATG and meet UC policy standards before they can be added as an ATG caterer.

5. "Did you know" Useful BearBuy Tips

Q: My department's only Voucher Approver will be retiring at the end of the month. What do I need to do?

A: If a person who holds a BearBuy role leaves your department, it is important that your department's Access Administrator assign someone else that BearBuy role before the person leaves. Access Administrators can submit BearBuy role change requests through the UCSF Access Management System.

If the person leaves before you assign someone else the BearBuy role, and s/he is the only person who holds the BearBuy role, your department will not be able to complete the purchasing and payment process. For example, if your department does not have a Voucher Approver, your department's high dollar vouchers cannot be approved and paid.