Application Review Committee (ARC)
University of Toronto staff and faculty can request access to third-party applications that integrate with their U of T Microsoft 365 accounts. When the request is approved by the requester’s divisional IT administrator, it will be subject to review by the University’s Application Review Committee (ARC).
The ARC is comprised of IT stakeholders from across the tri-campus community. The committee meets monthly to evaluate and approve application requests. If an application is approved by ARC, it will be submitted for a risk assessment and final review before being implemented.
Please review the frequently asked questions below to learn more, including:
- Who can request an application.
- What applications can and cannot be requested through this process.
- The steps involved in requesting a new application integration.
- How support is provided for approved applications.
Frequently asked questions
App requests and integrations
University of Toronto staff and faculty can submit requests for new application integrations.
Applications that integrate with University Microsoft 365 accounts must go through a formal request and review process. The review process looks at the application, its intended function and whether similar applications have already been approved. It also includes a risk assessment that specifically examines the type of account information the app will have access to once it is installed by a user. The review process is an important part of promoting the sustained efficacy and security of possible third party application solutions.
No. Applications developed by EASI do not currently require an information risk assessment (IRM), but they do require a privacy impact assessment (PIA). These applications have an existing governance process and are outside the scope of the Application Review Committee.
The availability of an approved application depends on its risk status. Two types of apps and add-ins can be implemented as part of the approval process:
- Low-risk apps: Identified low-risk applications that do not access Microsoft 365 data are available for University-wide use.
- Higher risk apps: Applications that are higher risk and integrate with Microsoft 365 data can be enabled for specific user groups after going through a request and approval process.
If you would like access to a higher risk application, please submit a request through the Enterprise Service Centre.
There is an approved application I want to add, but the table says it has user restrictions. How can I add it?
Applications with indicated user restrictions can be enabled for specific users/user groups after going through an approval process. For more information, please submit a ticket to the Enterprise Service Centre.
Depending on the tool, support for approved applications and add-ins will normally be provided by a user’s local IT units or by the product vendor. Before requesting an application, please discuss support with your local IT staff.
University staff and faculty can request that third-party applications and add-ins that connect with their Microsoft 365 accounts be enabled. These requests are subject to a formal review process.
If you are requesting one of the following applications, please purchase a license through the Library. There is no need to submit a request through the Application Review Committee:
- Microsoft Power BI Pro
- Microsoft Project
- Microsoft Visio
Microsoft apps that are part of existing Microsoft licenses such as Power Automate, Power Apps and Sway are granted on a by-request basis. Some Microsoft apps such as Power BI Pro, Project and Visio require that additional licensing be purchased through U of T Libraries: How to Purchase Software.
University of Toronto staff and faculty can request third-party applications and add-ins from the University’s Microsoft 365 team using this form. These requests are subject to a review process that could include:
- Approval by the requester’s divisional IT administrators.
- An evaluation by the Application Review Committee.
- A risk assessment.