Policy No: 2030 Responsible Office: Computer Services Center Last Review Date: 10/27/2023 Next Required Review: 10/27/2028
Software and Cloud Services Purchase/Acquisition
The purpose of this policy is to ensure the compatibility, integrity, and security of University data systems.
This policy applies to all campus Division employees (excluding USA Health) who procure the acquisition of institutional software or cloud-based systems by\for the University of South Alabama.
Cloud Service: A software or service that is hosted on a third party provider server as opposed to USA (on-premise) server.
4. Policy Guidelines
Institutional software acquisitions require pre-approval by the Assistant Vice President and Director of Information Technology Services. This approval is required before purchase, contract execution, or implementation of software or cloud services, whether software is purchased or acquired without charge. The software vendor must complete a Higher Education Community Vendor Assessment Toolkit (HECVAT) and provide it to the Office of Information Security prior to approval being provided. Software and/or services (hereafter termed “software”) requiring pre-approval are as follows:
- Software which processes or stores any University data, including financial, medical, student, faculty or staff data;
- Software requiring the processing of credit/debit cards and bank information;
- Software requiring integration with other institutional systems (Banner, etc.);
- Software that utilizes data transferred from another institutional system;
- Software which will utilize credentials that are authenticated by an institutional directory service (Active Directory, LDAP, Single Sign On, etc.);
- Software which will be made generally available to students and/or faculty and staff;
- Software which will be made available to the general public as a University-supported program or activity;
- Software for which Computer Services Center (CSC) assistance will be required to install or implement;
- Software for which ongoing support from CSC is required or expected.
Pre-approval by the Assistant Vice President and Director of Information Technology Services is not required for the purchase of commercially available software intended for use on individual workstations (Microsoft Office, Adobe Acrobat, etc.
University employees must submit contracts and legal agreements to the Attorney's Office for legal review before any purchase, contract execution, or implementation of software or cloud services, whether software is purchased or acquired without charge. To submit a contract or agreement for legal review and approval:
- Visit the DocRoute Agreement Review page;
- Login using your JagNet credentials.
Any software or cloud service agreement acquisition that does not go through this process will not be approved for purchase.
7. Related Documents
DocRoute Agreement Review portal.