ITS Security

Acquiring IT Hardware, Software, Applications, Services or Licensing

 

The usage or purchase of any Hardware, Software, Application, Service or License for the University or involving University or Student data is subject to BPM 1204. This University policy exists "to ensure IT and Telecom purchases, leases, lease purchases, deployments and consultations meet or exceed each business unit's (i.e. UMSL's) objectives for standardization, supportability, sustainability, compatibility and information security requirements, and that they are the best solutions(s) at the best price. Such acquisitions should be researched and coordinated early in the procurement process with the appropriate business unit's central IT department (i.e.ITS)."

Procedures for compliance differ from campus to campus. Below are the procedures for UMSL.

On the UMSL campus, IT-related consulting contracts are processed through Business Services while IT-related purchases are processed through Procurement Services. BPM1204 also applies to qualifying Pro-Card and Show me Shop purchases.

In order to comply with BPM 1204, the following procedures are being enacted immediately:

  1. Send all approval requests and supporting documentation to the address BPM1204@umsl.edu prior to submitting information to Business Services or to Procurement Services. Do not send the information to or call the CIO or the IT Security Officer. Do this as early as possible; otherwise your request may be delayed.
  2. Include:
    • A paragraph or two labeled "IT SUMMARY" that clearly states what the request is for and justifies its acquisition relative to any other alternatives. Please indicate the total dollar amount. A quick reference table is attached that identifies the required approvals.
    • All appropriate supporting documentation, e.g., contract terms.
    • Please tell us if this is a request for something that would run on the UMSL network or something hosted offsite and accessed over the Internet. An UMSL IT security review will be required if either of these is true.
    • Please tell us if UMSL data would be provided to third parties. Third Parties collecting our data must have a Privacy Policy that will be reviewed by and must be approved by ITS.
    • A telephone number where you can be reached to answer questions.
  3. Failure to provide all the information listed in 2. above may result in your request being delayed or returned.
  4. The goal of UMSL IT is to provide an answer by email to the original submitter as quickly as possible. However, a security and/or privacy policy review and/or the necessity of approval by the UM Vice President may delay the response.
  5. To the extent possible, UMSL IT will review contracts for IT-related issues and may request contract language modifications, or other actions before approval. All contracts must be reviewed by the UM Office of the General Counsel (via Business Services or Procurement Services) and an UMSL IT contract review is not a substitute. Complex contracts, especially those involving PeopleSoft integration may delay the response.
  6. Compliance with this policy does not obviate the need for compliance with any other applicable pre-existing Procurement or ITS policy, e.g., desktop standards.
  7. Once appropriate CIO approval(s) have been received, the submitter should send the approval to Business Services or Procurement Services and continue the process to obtain the requested goods or services.

BPM 1204 APPROVAL - QUICK REFERENCE GUIDE

Item

CIO Approval

Vice President Approval

Commercially available desktop software (see FAQ below)

>$10,000

>$25,000

Computing Equipment (see FAQ below)
Patient Care-Related

>$20,000
All

>$50,000
>$50,000

Consulting Agreements

All

>$25,000

Service and Maintenance Agreements
Patient Care-Related

>$15,000
All

>$25,000
All

Network and Telecommunications Equipment and Services

All

>$50,000

Software Applications (see FAQ below)

All

>$25,000

Video Conferencing Equipment (fixed installations)

All

All

Whole Systems (2 or more of the above)

All

>$25,000

FAQ

1. What happens if I just ignore this?

Your purchase request will be diverted to ITS from Procurement or Business Services. Working any problems out in advance will result in faster service.

2. What if I am contracting for web site help?

BPM 1204 applies, but UMSL has made a conscious decision to let a legal review suffice.

3. Can you really assure us that "[the acquisition] is the best solutions(s) at the best price."?

ITS does not currently have the staff necessary to meet that goal.

4. What is Commercially available desktop software?

Commercially available desktop software is defined as individually licensed software typically purchased for use on a single computer. The University maintains contracts with a variety of software providers, often at significantly discounted prices. Departments should check with their central IT department to determine if such a contract is in place before purchasing desktop software.

5. What is Computing Equipment?

Computing equipment includes but is not limited to servers, electronic storage devices, high performance computing systems, and tape back-up systems.

6. What are Software Applications?

A software application is defined as a browser-based or proprietary interface used to allow multiple users or customers to read, access, share, modify, input or retrieve data from a server-based system. Application development is the creation of a custom application specifically for use by the University. Application hosting exists when vendor maintains the application on its own systems/servers and provides such services to the University or to its customers.

7. Does this apply to free services?

Yes. Free services, applications and software still have license agreements that have to be officially signed by members of the University with signing authority and reviewed by UM legal. IT Security must also ensure privacy is protected.