Procurement Policy in Support of Information Security

New Procurement Policy in Support of Information Security: “Technology and Software Subscription Procurement and Registration Policy”

The Information Security Office (ISO) in collaboration with Procurement and Payment Services (PPS) finalized a new procurement policy that provides guidance related to obtaining and registering technology acquisitions, whether free or paid.

The new “Technology and Software Subscription Procurement and Registration Policy” provides several key benefits to the university and its employees:

  • New tracking and reporting requirements will help identify opportunities for enterprise licenses, which could lead to cost savings across colleges/schools and departments
  • A new framework for identifying terms of acceptable use will meet the acquisition needs of campus while ensuring appropriate methods of procurement are used
  • A new checklist/workflow will help people make decisions about whether to use ProCards or business contracts to make purchases
  • Future users can access quickly existing technology contracts
  • Updated coding for ProCard purchases will facilitate the cataloging of all software used across the university for compliance purposes

As part of the new policy, ISO and PPS has provided the following updates and deliverables:

The ProCard can be used to purchase technology and software which has been identified as “Low Risk” as well as software including Clickwrap Agreements that meet the requirements of “Low Risk Services.” Use of the ProCard is dependent upon adherence to the updates and deliverables above, which are detailed in Handbook of Business Procedures 7.8.1.1 Procedures of Procard Holders.  Additional detail is also available through the Procard Reference Kit. Technology and software identified as “High Risk” will be completed through a purchase order or negotiated contract with approval by the Business Contracts Office.