Hardware and Software Acquisition Review Policy

CATEGORY: Information Technology, Security
STATUS: Approved

POLICY PURPOSE:

The purpose of the review process is to ensure that all hardware and software purchased is compatible with the University’s environment, and to be as efficient as possible with University assets.

The review process is intended to ensure the following:

  • all hardware and software will operate effectively in the University environment;
  • compliance with legal, regulatory, and University policy including Payment Card Industry Data Security Standards (PCI-DSS);
  • the best pricing is received through consolidation of purchasing power;
  • there is proper review of licensing agreements for all software;
  • clarify expectations for maintenance, licensing, network connectivity, etc., of all hardware and software.

APPLIES TO:

This policy applies to Truman State University faculty and staff, and to any software that requires a license agreement (i.e. either a physical signature is needed or one must be provided using an online click-through process before the software can be used).  Only the Truman Business Office is authorized to sign license agreements on behalf of the University.


CONTENTS:

Approval for Acquisition
Standardization of Technology
Credit Card Equipment (Hardware and Software)
Copyright and License Agreements
Textbook Software
Installation of Software
Software Maintenance
Purchases with External Funds


POLICY STATEMENT:

Approval for Acquisition

Requests for software and/or hardware must have the appropriate approvals required by the University to complete the purchase. It is the responsibility of the requesting department to send pricing requests to Information Technology Services, have funds available in the appropriate budget if there is a cost to the software, and to process a requisition. Additionally the requesting department should coordinate with Information Technology Services to ensure dependencies for the ongoing operation of the software and/or hardware is available. The end goal is to determine all components are in place to deliver a complete, working system. These dependencies include but are not limited to: dedicated hardware, additional supporting software, SQL Server space, file server space, backup server space, network bandwidth, and Internet bandwidth.

  • All purchase requisitions for computers, computer peripherals or related equipment and software must be initially directed to Information Technology Services (ITS). Any requisitions for computer technology received by the purchasing department that do not have IT approval will be forwarded to Information Technology Services for review. Any purchase requisition problems/questions/issues will be directed to the purchase requisition originator.
  • Request for Proposals (RFP), Request for Information (RFI), or Invitations to BID (ITB) for hardware and/or software systems are issued by Purchasing but will be reviewed by Information Technology Services before release of the document.
  • Any purchase of software that necessitates data transfer/interface with any University enterprise application (such as Banner, the University website, Blackboard, etc.) must be approved by the Information and Applications Steering Committee.
  • Technology support will be based on the support level agreed upon as part of the purchase approval process, and as defined in the Computer Workstation Hardware Support Policy.
  • Software or hardware acquisitions available at no cost still need to go through the University acquisition process (this includes required use of applications hosted on off-campus systems).
  • ITS approval does not circumvent the University’s bidding process that takes place through Purchasing (http://businessoffice.truman.edu/purchasing).

Note: Consumables (CDs, inkjet or toner cartridges, paper, etc) are not considered hardware or software and do not need approval for purchase by the requesting department.

Standardization of Technology

The University benefits from maintaining, within reason, the practice of purchasing equipment according to agreed-upon standards. Agreement by a purchaser to accept standardized hardware or software helps ensure the University receives the benefits of better pricing for technology and supplies and less administrative overhead. Benefits to the purchaser include competitive pricing, timely processing of requests, higher levels of support, less costly maintenance, and an improved ability to provide assistance with technologies purchased through focused staff training.

Purchase of non-standard hardware or software is not prohibited. However, such purchases should be minimized as much as reasonably possible. The purchase of non-standard technology must be justified by the existence of special circumstances. Also, the purchaser of a non-standard technology must document the source of support for the hardware and/or software before the purchase will be approved.

Information Technology Services will work with the department to document those situations. Department chairs/heads will be asked to approve any non-conforming purchases that will be made in spite of potential conflicts. Once completed, Information Technology Services must also approve the purchase so that the procurement process can continue.

Information Technology Services will evaluate purchase requests and will communicate to the requesting department the level of support that will be provided as part of the purchase approval process.

Credit Card Equipment (Hardware and Software)

The University has purchased payment gateway services for the acceptance and processing of credit card transactions via the Internet. This payment gateway is to be used for all Internet credit card activity. Truman does not store credit card numbers in any of its systems. Credit card processing, along with all eCommerce processing, is handled by contracted remote hosted services. Accepting payments over the Internet must be done in a secure manner complying with PCI-DSS standards.

All equipment, including but not limited to servers, firewalls, PCs, netbooks, laptops, etc., that will be used for processing credit card transactions must be approved by Information Technology services and comply with PCI-DSS standards. No wireless hardware may be used to process credit card payment data on the Truman network.

Use of imprint machines to process credit card payments is prohibited, as they display the full 16-digit credit card number and expiration date on the customer copy.

Copyright and License Agreements

It is the policy of Information Technology Services to respect all computer software copyright and to adhere to the terms of all software licenses to which the University is a party.

University personnel may not duplicate any licensed software or related documentation for use either on Truman State University premises or elsewhere unless Truman State University is expressly authorized to do so by fair use or by agreement with the licensor. Unauthorized duplication of software may subject employees and/or the University to both civil and criminal penalties under the United States Copyright Act.

University personnel may use software on local area networks or on multiple machines only in accordance with applicable license agreements.

Textbook Software

It is the responsibility of the faculty and staff member to inform Information Technology Services about software bundled with textbooks chosen for use, as noted in the Textbook Software Notification Guidelines.  If the software is to be installed on the network, it must be removed from the network when the textbook is no longer in use.

Installation of Software

Truman State University computers are University assets and must be kept both software legal and virus free. Only legally licensed software may be used on University machines. University purchased software are University assets and must be installed properly to meet the requirements of all related contracts and license agreements. Generally, the purchase of a single copy of software entitles the owner to use the software on a single machine at any given time. Before installing any University software on home computers, please check with Information Technology Services. Some software may have provisions in their licensing agreements that require additional purchases for home computer use. Some software may not be eligible for home computer use under the existing license agreements.

Software Maintenance

Software can be purchased with maintenance or upgrade options. This allows the license holder to use updated versions of the product as it becomes available over the time specified in the agreement. As with renewals this should be factored into business and purchase decisions and details of all value-added services should be recorded for future reference. Proof of ownerships of the original base license is required to be retained to support all future upgrades. Note that most upgrades and new versions are subject to the same terms as the original license, however some may not be. Therefore, care must be taken to record the basis on which upgrades are licensed.

Funds required for ongoing maintenance or upgrades are the responsibility of the requesting department unless other arrangements are established and agreed upon by both the University parties involved. A record of the agreement should be kept as part of the original purchase.

Purchases with External Funds

All software and hardware purchased with external funds (grants, Foundation, contracts and collaborative agreements) that will be installed on the Truman network must follow the same policies and procedures as Truman software and hardware purchases.

EXCLUSIONS OR SPECIAL CIRCUMSTANCES:

Any exceptions to this policy must be approved in writing by ITS (see contact information below).

CONSEQUENCES:

By failing to abide by this policy or policy procedures, individuals may be subject to sanctions, up to and including the loss of computer or network privileges, disciplinary action, suspension, termination of employment, dismissal from the University, and legal action. Some violations may constitute criminal offenses under local, state, and federal laws. The University will carry out its responsibility to report such violations to the appropriate authorities.


REVIEW/CHANGE HISTORY: 2012/03/01, 2013/11/12, 2018/04/11


DEFINITIONS:

Hardware is a comprehensive term for all of the physical parts of a computer, as distinguished from the data it contains or operates on, and the software that provides the instructions for the hardware to accomplish tasks. As used in this policy, external hardware also known as peripheral devices are considered hardware.

Software is a general term primarily used for digitally stored data such as computer programs and other kinds of information read and written by computers.

RELATED DOCUMENTS:

Payment Card Industry Data Security Standard (PCI DSS – https://www.pcisecuritystandards.org/security_standards/index.php)

Computer Workstation Hardware Support Policy Textbook Software Notification Guidelines

Textbook Software Notification Guidelines

KEYWORDS:

Line of authority

Policy Administrator: Provost and Executive Vice President for Academic Affairs

Contact: Chief Information Officer, 111 McClain, 660-785-4163

Effective date

Effective Date: 04-11-2018

Approved Date: 04-11-2018

Policy Type: Operations