Important BearBuy Updates
Dear BearBuy Users,
We would like to inform you of a few updates. Please review the topics below and follow the links or scroll down for more information on each topic.
This month's BearBuy News:
As always, if you have any questions, please contact Customer Support at (415) 514-4100, Option 2 or
for immediate assistance.
Thank you for your continued support,
UCSF Supply Chain Management
2. IT Security Risk Assessments before a Purchase
IT Security Risk Assessments must be conducted on all new systems, applications, and vendors when they are initially introduced into the UCSF infrastructure and when making significant changes such as a new server or new operating system. This includes transactions wherein outside parties may be sent sensitive UC data (including but not limited to PHI, PII, payment card information) or they may access such data or store it.
SCM has had a number of conversations with UCSF IT Security with regards to the IT Risk Assessment process. Apparently, there are a number of end users who are unaware of the fact that they should be partnering with the IT Risk Assessment team to complete the assessment process prior to their submitting their purchase requisitions, as there can be delays and communication challenges with IT Security's end users and the vendor with regards to answering the technical questions.
What is a Delphiis Risk Assessment at UCSF?
Using Delphiis is a way to measure the security of a system. The process is called a distributed Systems Technical Risk Assessment and it includes measuring the security aspects of all computing devices involved in a system such as - phones, tablets, computers, servers, routers, switches, network connections, and other types of technologies. The goal is to protect the information. A risk assessment will demonstrate how the system protections positively affect the confidentiality, integrity, and availability of the information.
End users have indicated that they didn't even know this process was required, so we are sharing this information so that our customers are prevented from potential delays.
ATTENTION: Action required by Requesters shipping to Parnassus Addresses
All non-urgent packaged items that Parnassus Requesters order through BearBuy should be routed through the
Last-Mile Package Delivery Program
). When creating your requisitions,
select "616 Forbes Blvd (Oyster Point)" as the delivery address
. Be sure to select the "616 Forbes Blvd" address that corresponds to your Parnassus location.
Read more about the Last-Mile Package Delivery Program Pilot for Parnassus
. Additional information and instruction for the program is available in a
Please select "616 Forbes Blvd" for all your non-urgent packaged items beginning TODAY, if you have not already done so.
- For questions or comments about this program, please email email@example.com.
- For BearBuy support, please contact the IT Service Desk at (415) 514-4100, option 2 or firstname.lastname@example.org.
4. America To Go Caterer Suggestions
The America To Go (ATG) Punch-out now offers 135 caterers/restaurants with a wide variety of cuisines. A full
of all ATG caterers is available on the
Supply Chain Management (SCM) website
and on the main ATG Punch-out landing page.
If you have a caterer that you would like to see in ATG, you may send your caterer suggestion to ATG Customer Service at
or (866) 284-8646. Be sure to provide ATG customer service with the caterer name, address, and contact information. ATG will contact the caterer to discuss joining ATG. Please note that the caterer must agree to join ATG and meet UC policy standards before they can be added as an ATG caterer.
5. "Did you know" Useful BearBuy Tips
My department's only Voucher Approver will be retiring at the end of the month. What do I need to do?
If a person who holds a BearBuy role leaves your department, it is important that your department's Access Administrator assign someone else that BearBuy role
the person leaves. Access Administrators can submit BearBuy role change requests through the UCSF Access Management System.
If the person leaves before you assign someone else the BearBuy role, and s/he is the only person who holds the BearBuy role, your department will not be able to complete the purchasing and payment process. For example, if your department does not have a Voucher Approver, your department's high dollar vouchers cannot be approved and paid.