Purchasing New Sofware and Applications for Use on University Systems

Before purchasing new software/applications for use on University systems, many things must first be considered and several steps must be taken.  This article will provide the steps that must be taken prior to purchasing or requesting installation of new software/applications.

About

Before purchasing new software/applications for use on University systems, many things must first be considered and several steps must be taken.  This article will provide the steps that must be taken prior to purchasing or requesting installation of new software/applications.  All IT Technology and IT Services-related purchases must be processed and approved through the IT Department.  It is important that you know and adhere to the following guidelines and procedures for acquiring approved software/applications.

Environment

La Salle strives to promote the reliable delivery of computing services, ensure a favorable user experience for students, faculty, and staff, and assist the University's user community.  In order to accomplish that, it is important that we are able to:

• maintain data privacy and security;
• maintain legal compliance;
• guarantee interoperability between computing systems;
• provide effective software support and assistance; and
• comply with software licensing

La Salle University Information Technology will approve and support a limited number of carefully curated software applications and services for conducting the University's official teaching and business functions.  It is important that the proposed software offer unique or significant improvements.

Steps

When requesting new software, the following steps must be taken:

1.   Before submitting requests:
   1. Faculty and staff proposing new software should first review the following policies, guidelines, standards, and procedures:
      1. ​​​​Information Technology Approved Software Applications Guidelines;
      2. IT Purchasing and IT Service Vendor Management Policy;
      3. Information Technology Software Add-In Guidelines;
      4. Information Technology Vendor Evaluation and Management Standards and Procedures
   2. The user or department requesting the new software must work with the vendor to provide the following:
      1. EDUCAUSE Higher Education Cloud Vendor Assessment Toolkit (HECVAT) or equivalent to assess security and compliance;
      2. IT Voluntary Product Assessment Template (VPAT) to establish Section 508 Compliance;
      3. University References from universities that have adopted the software;
      4. Terms of Service and/or End User License Agreement (EULA);
      5. Privacy Policy and Data Security Policy
2. After the above listed policies, guidelines, standards, and procedures have been reviewed and the required documentation has been obtained, a written request shall be submitted through the IT Service Portal.  To facilitate the quickest possible turn-around all requests should include:
   • Quantities;
   • Complete item description(s);
   • Date needed;
   • Maintenance and support costs;
   • Expected economic life of the technology purchase and funding source for its replacement (see Paragraph 5 of the Information Technology Purchasing and IT Service Vendor Management Policy);
   • Explanation for purchase, noting project-related purchases;
   • Documentation requested in Paragraph 1(2) above. 
3. After the request has been submitted, it will go through a review process.  Requests for IT Services require that the IT Department and University Counsel conduct a thorough evaluation of the IT Service Vendor.  This evaluation includes reviewing the IT Service Vendor's security policies and practices, their security and financial controls, and their regulatory compliance and financial stability.  IT and University Counsel will need to review - and possibly negotiate - the IT Service Vendor's contract terms.  Depending on the nature of the services, the IT Service Vendor may be required to execute a Confidential Data Sharing Agreement with the University.  This process can require 4 to 8 weeks or longer.
4. Acknowledge the potential risks and legal issues for non-compliance.  The use of non-approved software exposes the University to the risk that it will not be able to comply with government-mandated compliance requirements, thereby subjecting the University to substantial fines and other penalties.

Final Notes

It is important to note that:

• Requests that do not include the required information, including the above-listed documentation, will be returned with a request to provide same, and will delay the review process
• THE USE OF UNSUPPORTED SOFTWARE APPLICATIONS AND SERVICES FOR TEACHING OR RESEARCH, UNIVERSITY ADMINISTRATIVE FUNCTIONS, PERSONAL USE, OR ANY OTHER APPLICATION IS PROHIBITED
• The IT Department reserves the right to restrict or block network access to PCs and other IT technology acquired in violation of University policy.  If network access is allowed, the IT Department may limit privileges to Guest access, thereby preventing access to files and services stored or hosted on the network.  The IT Department will not support, repair, troubleshoot, or offer assistance in resolving compatibility issues for any IT Technology acquired without conforming to University policy
• The University will not reimburse individuals or departments for the purchase of any IT Technology-related item, unless that purchase was made through the IT Department and with the approval of the Assistant Vice President of Information Technology/Chief Information Officer.