Purpose:
To outline the decision-making criteria of different groups for university software purchases or subscriptions.
Background:
The use of software is critical to successful teaching, learning, research and administrative activities. It is critical that the software suit the required purpose – but it is also critical that the software fit within the extensive compliance, security, accessibility and supportability requirements to which the university is bound as well as being fiscally responsible. The procurement of software must exhibit a balance between these factors.
The university’s new IT Governance process recognizes the fact that employees need freedom to explore and utilize software quickly and easily. At the same time, the university must meet its responsibilities as noted above. To accomplish this, the revised IT governance process includes options for individuals to make immediate purchases, with automated approval, under certain conditions. Requests that do not meet the criteria will continue in the IT governance process. All requests will begin with the submission of an IDEA form through the OIT support portal .
It should be noted that any software deemed by OIT to have unacceptable risk to the university, regardless of how it was approved, can be removed from university equipment or blocked from use on the university network.
Individual or Research Grant Approval Criteria
Licenses or subscriptions for any software already in the university’s application portfolio (link to KB), and not provided through a university enterprise license, can be purchased by an individual or research grant.
For software not in the application portfolio, Individual users or reserach grant can make a software purchase without any additional interaction that meets the following criteria:
- Intended use is low risk data (how to identify data classification)
- Individual licenses (can be for a limited number of additional people, for instance a PI, co-PI and a grad student on a grant)
- Not for use by a whole class or department (whether free or paid)
- Any cost is born by the individual/department (no additional funds requested)
- No support required from OIT except possible administrative rights for installation.
- Does not require a connection to any existing UI systems
- Not on the banned vendor list.
- Purchase/subscription is for the current version which is actively supported and maintained by the vendor or manufacturer.
Individuals are responsible for agreeing to the following when making a purchase:
- Ensuring that any research or grant requirements are not violated by the purchase.
- Reading, understanding and following terms & conditions for software use.
- Utilizing a University of Idaho email address for registration and use of the product.
- Following all federal or state laws and university policies (APM and FSH)
- Following the U of I Purchasing processes and Pcard use rules.
- Software will not require linking to university products or services like OneDrive, Outlook, Department Shares, etc.
Technology Solutions Partner (TSP) Approval Criteria
TSPs will not be approving purchases/subscriptions but may be involved in working with customers on purchases and facilitating administrative rights for software installation.
Technical Product Managers (TPM) Approval Criteria
TPMs can approve:
- Utilization of existing products unless the use changes the current data classification.
- Use of the product by a new department that isn’t currently using it.
- New integrations of applications currently in use.
- New functionality or mobile applications that have no additional costs depending on the outcome of a Vendor Security Assessment (VSA).
IT Governance Advisory Boards Approval Criteria
Advisory Boards can approve:
- Individual requests that do not meet the criteria for individual approval
- An IDEA to move to the IT Steering Committee with their recommendation
- Applications for use in courses/programs that have no cost to the student and have been approved through the IT Governance review process.
- Unit/department level application pursuant to the IT Governance review process
- Utilization of existing products where the use changes the current data classification pursuant to the IT Governance review process
- Proof of concept for unit/department/enterprise applications
IT Steering Committee Approval Criteria
The IT Steering Committee can approve:
- Enterprise level applications pursuant to the IT Governance review process
- Applications for use in courses/programs that have a cost to the student.
- Revised prioritization of projects impacting OIT and non-OIT IT resources based on strategic focus
- Recommendations to Senior Leadership on new technologies that require a broader view and potential adoption beyond an individual department. (e.g. AI and Chatbot tools).
- Revision of Advisory Board decisions through an appeal process.
Executive Leadership Approval Criteria:
Executive Leadership can approve:
- Enterprise level applications that require new funding.
- Initiatives mandated by the State of Idaho or Federal government.