Body
Description
This article describes the workflow and processes for the approval of an Enterprise Software Acquisition/Purchase.
NOTE: If you are purchasing a single software license for an ISU-owned computer you do not need to go through the Enterprise Software Purchase process; please see KB article located at Software Application Purchase/License for process to purchase a software license to install on an ISU-owned computer.
Workflow, Process Steps and Responsibilities
To request a software acquisition/purchase, select the Service titled Enterprise Software - Purchase Request in the TeamDynamix Service Catalog (listed under the sections Hardware, Software, and Printing|Software Support and Licensing”).
For any enterprise software application, whether it is hosted on or off (cloud-based) campus, requires a contract signature approval (Purchasing is the only authorized signator for ISU) is considered an "Enterprise Software License application" and must go through the approval audits and technical reviews.
To start the acquisition/purchasing request, select “Begin Software Purchase” and complete the service request administrative information-through “Type of Purchase”. Follow the steps below depending on whether you are requesting productivity software or an enterprise/shared/web-based license.
Enterprise License Software
To request the purchase/acquisition of software that requires contracting and approval as you complete the request form:
- In the “Type of Purchase” field, select “Shared/Enterprise/Web-based”.
- Provide information in the displayed fields.
- Click "Request" to begin the approval process.
- Failure to fill out the form completely will delay the approval process.
The system will route your request to the OIT Technology Support Services (TSS) office, who will begin the approval process which can take up to 30 days for reviews and contract negotiations. It can take longer than 30 days if the initial request is not filled out completely, the vendor does not respond to the reviewers or if contract negotiations are difficult.
Note: If the implementation of the software requires OIT support, an OIT project may need to be created and approved, prioritized for the acquisition and project, which may result in the acquisition and implementation falling outside the requested need date.
If necessary, each responsible unit will collaborate with the Client to capture the necessary detail in order to complete the audit/review and the workflow has the following stages:
Stage 1: Initiation and Verification
OIT Technology Support Services (TSS) will review the acquisition intake information, and work with the Client to verify that all required information has sufficient detail to proceed with the approval process.
Stage 2: Initial Audit
This stage contains the initial contracting, security, and PCI-DSS audits to ensure that the requested application environment adheres to ISU policy, guidance, and constraints. Each of these units will provide any changes in contracting language as part of the service request ticket. If required, these units will collaborate with the Client and Vendor to capture and specify all necessary information.
Based on these units audit, these units have the authority to disapprove the software acquisition based on contracting, security, or privacy reasons. The following stages of the process will not proceed until all of the Audit authorities approve and pass the audit.
- ISU Purchasing/Contracting evaluates the initial contract to determine adherence to legal and other ISU acquisition standards and begins negotiations with the vendor.
- TIS-Security evaluates the application and its environment to ensure security measures are in place to protect the integrity of the ISU environment, staff, faculty, and students. Security reviews the application to ensure HIPPA policy and guidelines are enforced.
- PCI-DSS reviews the application and its environment to ensure all credit card and data security standards are satisfied.
- FERPA reviews the application and its environment to ensure there is no unprotected FERPA information that will be stored or exposed to unauthorized people.
- HIPPA reviews the application and its environment to ensure there is no unprotected HIPPA information that will be stored or exposed to unauthorized people.
Stage 3: Unit Reviews
Once the initial audits are complete and approved, the OIT Directors will review the application for their units to ensure the ISU environment can support the requested application.
Failure to pass a unit review will require collaboration with the other units on the impact and may affect the timing of the final approval of the acquisition.
Stage 4: Contracting and Procurement
Once all the audits have been approved, and once all the units have successfully completed their reviews, ISU Purchasing/Contracting will finalize the contract and procure the application.