Child pages
  • Hardware and Software Acquisition Policy

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

In This Space

Information & Technology Services provides a standard computer software image for all new computers.  This image creates a consistent technology environment that is secure, compliant with all licensing and usage agreements, and meets the general requirements of most constituents.  Specialized needs may require the acquisition of additional software.

Purpose:

The purpose of this policy is to define the process by which additional software is reviewed, purchased and maintained, with respect to data security and integrity, as well as long-term sustainability regardless of the funding source.   ITS will not install or support software that is not approved in advance of purchase.  The ITS department has a library of software available.  Please be sure to explore the list of options here (link)

 

Process:

Prior to purchasing any hardware or software, please complete the Software Acquisition Request form.

Guidelines:

Software and vendor services review

ITS must be included in all software acquisitions to ensure compliance with the campus infrastructure

  • Include ITS to be sure the software meets all of the operational requirements such as OS, auxiliary or third-party software (browser compliance, Java version, etc.) as well as the user needs.
  • In addition to the software, ITS will also review data hosting and/or storage services, whether data is hosted internally or by the vendor (or a cloud agent acting on behalf of the vendor).
  • ITS will assess the level of internal support necessary for continuous operation, and the support services that are either provided by or will need to be purchased from the vendor.

 

Vendor compliance

All vendors that provide cloud-based services must meet acceptable industry security standards as specified by Washington & Jefferson College audit standards.   The determination for compliance is based on several factors. 

  • Acquire SOC (1 or 2), SSAE-16 and other compliance and audit reports as needed that illustrate the vendor has committed an appropriate level of resources to data protection and security
  • Make sure the software under review provides a high quality service that improves our technology environment without jeopardizing network/server performance, or data integrity or security.
  • Particular attention to any software that requires data exchange where FERPA or HIPAA requirements apply.

Software demonstrations

  • Include ITS and all stakeholders in vendor software demos. 
  • ITS recommends full demonstrations prior to the purchase of any software. 
  • No data transfers to vendors until all required data security and compliance documents are received and reviewed by ITS.  All FERPA requirements apply to software demonstrations.  Refer to Data Protection Guidelines for more information. 

Software quotes

All quotes must be reviewed by ITS

  • to ensure that quotes are based on the correct system configurations currently in use and supported in our environment
  • to ensure that the quote includes all necessary components and services (licensing, third-party products)

 

Budget

ITS budget supports licensing and maintenance costs of the software included in the standard image.  Budget includes cost of software, installation costs, training, annual maintenance and licensing for the anticipated duration of use.  Also costs associated with updates/upgrades, third-party products that may be required for primary software operation, costs associated with data transfers, etc.

  • No labels

This page has no comments.