The distinction here is that just because there is a contract in place with a supplier doesn't mean that it is appropriate for all use cases.
An example is our Google agreement which will meet the overwhelming majority of our needs in the e-mail/calendar space, but that is not HIPAA compliant and as such is not a good fit for use cases where Protected Health Information is in play. For assistance with IT policy questions, contact security-policy@berkeley.edu.