Child pages
  • Hardware and Software Acquisition Policy

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 9 Next »

In This Space

 

HARDWARE

All departments must contact the ITS HelpDesk for any computer hardware purchases that do not fall under the Computer Replacement Policy.   Administrative offices requiring a replacement of office computers must account for them in their operational budgets.  ITS will provide cost information as needed to administrative offices for planning purposes, and then ITS will purchase, install and support the new systems for offices.   Computer hardware that is not acquired through the ITS department will not be supported. This includes installing college owned software on non-approved devices as well as any physical repairs that might become necessary.

SOFTWARE

Information & Technology Services provides a standard computer software image for all new computers.  This image creates a consistent technology environment that is secure, compliant with all licensing and usage agreements, and meets the general requirements of most constituents.  Specialized needs may require the acquisition of additional software.

Purpose:

The purpose of this policy is to define the process by which additional software is reviewed, purchased and maintained, with respect to data security and integrity, as well as long-term sustainability regardless of the funding source.   ITS will not install or support software that is not approved in advance of purchase.  The ITS department has a library of software available.  Please be sure to explore the list of options here.  ITS can assist you in determining if we already own software that meets your needs.

Process:

Prior to purchasing any hardware or software, please review the guidelines below and complete the Software Acquisition Request form.


Guidelines:

Software and vendor services review

ITS must be included in all software acquisitions to ensure compliance with the campus infrastructure.

  • ITS will ensure that the software meets all operational requirements including server configurations, operating systems, and auxiliary or third-party software products (browser compliance, Java version, etc.) as well as the user needs.
  • In addition to the software, ITS will also review data hosting and/or storage services, whether data is hosted internally or by the vendor (or a cloud agent acting on behalf of the vendor).
  • ITS will assess the level of internal support necessary for continuous operation, and the support services that are either provided by or will need to be purchased from the vendor.

 

Vendor compliance

  • All vendors that provide cloud-based services must meet acceptable industry security standards as specified by Washington & Jefferson College audit standards.   The determination for compliance is based on several factors. 

    • Vendors must provide their SOC 1 or SOC 2 reports, their SSAE-16 (formerly SAS-70) or comparable compliance documents, and audit reports as needed that illustrate the vendor has committed an appropriate level of resources to data protection and security.
    • The software under review must provide a high quality service that improves our technology environment without jeopardizing network or server performance, data integrity or data security.
    • All software that requires data exchange that may include FERPA or HIPAA protected information must comply with all state and federal requirements.


Software demonstrations:

ITS must be included with all stakeholders in vendor software demonstrations.  ITS recommends comprehensive demonstrations prior to the purchase of any software, and will work with vendors to arrange remote (video conference) demonstrations as needed.  In the case where institutional data may be required for demonstration purposes, vendors must provide in advance all security compliance documentation as specified above, including written assurance that all data will be permanently removed from their systems following the demonstration.  All FERPA and HIPAA requirements apply to software demonstrations.  Please refer to the ITS  Data Protection Guidelines for more information. 
 

Software quotes:

All quotes must be reviewed by ITS to ensure that quotes are based on the correct system configurations currently in use and supported in our environment.  Also, ITS need to determine that quotes include all necessary components and services (licensing, third-party products, continuing support services, etc.).

 

Budget

When acquiring new software, the budget must include the cost of the software as well as all associated costs such as installation, training services, updates/upgrades, third-party products that may be necessary for software operation, costs associated with data transfers, and the cost of any specialized hardware or equipment that must be acquired.  An estimated cost of the annual maintenance and licensing fees must also be included.  ITS will assist as needed with identifying all costs and the development of the budget.

  • No labels

This page has no comments.