°ÄÃÅÁùºÏ²Ê¹ÙÍø¿ª½±

Scope

This policy applies to all University employees.

Note: Remote offices, such as Extension offices located throughout the State, may be granted an exception to this policy by the Vice President for IT or the CIO at the applicable business unit due to the uniqueness of the services needed and availability in a given geographic area.

Reason for Policy

Information Technology (IT) and Telecommunications (Telecom) products, services and systems are vital to the °ÄÃÅÁùºÏ²Ê¹ÙÍø¿ª½±’s teaching, research and business activities.  Coordination of IT and Telecom related purchases is essential to maintaining an environment capable of supporting these activities.  Significant cost savings are also possible by aggregating purchases and avoiding duplication.

The goals of this policy are to ensure IT and Telecom purchases, leases, lease purchases, deployments and consultations meet or exceed each business unit’s objectives for standardization, supportability, sustainability, ADA accessibility, compatibility and information security requirements, and that they are the best solutions(s) at the best price.  Such acquisitions should be researched and coordinated early in the procurement process with the appropriate business unit’s central IT department.

Policy Statement

Consistent with the Delegation of Authority Policy, all IT and Telecom products and services must be utilized or purchased from the central IT department of each business unit.  Any exception to this requirement must be documented in writing and signed by the Chief Information Officer (CIO) to the specific campus, hospital or System. 

All IT and Telecom purchases, irrespective of dollar value and including no-cost items, must be reviewed and approved based on the requirements established by this policy and must meet all other unique IT/Telecom-related requirements and technology standards in place at each business unit.  All software must be approved by IT prior to use, even if the software is free.  The IT approval is meant to ensure the software meets data and security standards for the organization.  This policy also applies to purchases of surplus property.

The central IT division of each business unit will publish detailed procedures for making IT and Telecom purchases and/or purchase requests.  These procedures will include items currently exempted from requiring CIO approval and the process to request exemptions based on need.

Business unit’s engaged in patient care activities may place additional restrictions on the type of software authorized for installation on computers and computer-based systems used for patient care.  In such environments, special care must be taken to comply with IT policies and standards specific to patient care environments.

RFBs/RFPs for IT or Telecom related systems or solutions must include specifications and standards, including information security requirements, as established by the central IT department at each business unit.

Definitions

Commercially Available Desktop Software - is individually licensed software typically purchased for use on a single computer. The University maintains contracts with a variety of software providers, often at significantly discounted prices.  Departments should check with their central IT department to determine if such a contract is in place before purchasing desktop software.

Computing Equipment - includes but is not limited to servers, electronic storage devices, high performance computing systems, and tape back-up systems.

Patient Care-Related - all IT related contracts and maintenance agreements, regardless of dollar amount, intended for use in patient care-related organizations or departments or that have access to or facilitate transmission of patient information

IT Consulting Agreements - are primarily for intellectual activities and involve the provision of specialized expertise and advice.  They include, but are not limited to, guidance through implementation of systems, information gathering to advise regarding future direction, software development/modification, and assistance with unique project.

Service and Maintenance Agreements - involve routine, possibly transaction-based activities in which some expertise may be needed but is widely available on the market.  They include, but are not limited to, agreements for delivery of software packages/applications, IT-based services, and maintenance of IT-based systems

Data Network and Telecommunications Equipment and Services - includes, but is not limited to, telephone systems, PBXs, voicemail systems, call centers, FAX servers, routers, Ethernet switches, firewalls, intrusion prevention/detections systems, load balancing systems, data loss prevention systems, optical networking equipment, wireless access points/routers, and virtual private networking devices.

A software Application (Commercial, Custom Developed or Hosted) - is a browser-based or proprietary interface used to allow multiple users or customers to read, access, share, modify, input or retrieve data from a server-based system. Application development is the creation of a custom application specifically for use by the University.  Application hosting exists when vendor maintains the application on its own systems/servers and provides such services to the University or to its customers.

Video Conferencing Equipment - installed in a permanent (i.e., non-mobile) configuration

Whole Systems - are IT-related systems that include two or more of the IT areas listed in this policy.

Accountabilities

University employees:

• Work with CIO designated Delegate on all IT and Telecom purchases, leases, lease purchases, deployments and consultations.

CIO Designated Delegate:

• Work with employees and Procurement Strategic Sourcing Specialist on all IT and Telecom purchases, leases, lease purchases, deployments and consultations to ensure that they meet or exceed the objectives for standardization, supportability, sustainability, compatibility and information security requirements, and that they are the best solutions(s) at the best price.
• Provide timely approvals.

Surplus Property:

• Do not sell used IT equipment for departmental use without getting approval from the CIO Designated Delegate.

Campus/business unit ISO:

• Work with CIO Designated Delegate and Procurement Strategic Sourcing Specialist to ensure that information security requirements are met for all IT and Telecom purchases, leases, lease purchases, deployments and consultations.

Procurement Strategic Sourcing Specialist:

• Work with CIO Designated Delegate and ISOs for timely processing when IT and Telecom purchases, leases, lease purchases, deployments and consultations meet or exceed the objectives for standardization, supportability, sustainability, compatibility and information security requirements, and that they are the best solutions(s) at the best price.
• Obtain necessary approvals.

Campus/business unit CIOs:

• Timely approvals when IT and Telecom purchases, leases, lease purchases, deployments and consultations meet or exceed the objectives for standardization, supportability, sustainability, compatibility and information security requirements, and that they are the best solutions(s) at the best price.

Vice President for Information Technology:

• Timely approvals when IT and Telecom purchases, leases, lease purchases, deployments and consultations meet or exceed the objectives for standardization, supportability, sustainability, compatibility and information security requirements, and that they are the best solutions(s) at the best price.

Additional Details

Forms

IT Security & Requirements Questionnaire (ITSRQ) – Please contact your Information Security Officer

Related Information

Information Security Officers (ISO)

Policy 26101 on Procurement Authority
Policy 26402 on Special Purchases

For a listing of software solutions that have been reviewed by IT, please see the 

History

Formerly Business Policy Manual 1204 – Information Technology and Telecommunications Purchases (6/15/2010)

Procedure

https://umsystem.edu/ums/is/infosec/procurement-requirements