VCOM Institutional Policy and Procedure Manual

VCOM Policy and Procedure

Policy # U034

• All software that is purchased or freely used and licensed from third-party vendors, developers, or companies irrespective of the college entity approving or making the purchase. • Any software or service where VCOM IT support is required or expected during initial implementation or any time thereafter. o This primarily refers to software used for administrative and academic support purposes, whether it is cloud or server-based and multi-user. o This could also include certain desktop/workstation types of software if IT resources are expected. • Multi-user software requiring IT networking expertise to configure and operate. • Server-based software requiring a server and/or database locally hosted and managed by IT resources. • Remotely hosted software that will house VCOM owned data, especially employee, or student data. • Systems or services with implementation, annual maintenance or licensing fees. • Lab software of any type that will require configuration by and resources of the IT. • Software that requires an interface to central administrative systems (e.g. Anthology or Canvas) regardless of where such systems are physically located or managed. 3. SOFTWARE ACQUISITION PROCESS Employees interested in purchasing or acquiring/installing software are required to consult with the IT Department and Business Office before purchasing the software or entering into any agreement with a vendor to use the software either remotely or locally. No individual may enter into any binding agreement on behalf of VCOM, including software purchases or end‑user license agreements, without proper authorization by the Vice President for Finance and the President. The Authority to request an agreement to bind the college to software‑related contracts is limited to the Campus Deans and Division Officers with final approval by the Provost and the President as well as Senior IT Leadership. All software acquired for or developed by the college is considered VCOM property unless otherwise specified, with usage rights reserved exclusively for organizational business purposes. Personal credit or debit cards may not be used to purchase software for institutional use. The required method of purchase is a purchase order through the Business Office. Individuals may not procure or use software that will be used to access, process, analyze or maintain sensitive institutional data. Examples of sensitive institutional data include personally identifiable information (PII), protected health information (HIPAA), student education records (FERPA), and payment card industry information (PCI). Such software may only be procured by the IT, or through a college/departmental purchase. To request a software purchase, employees must follow the following steps prior to purchasing: • Assure the software purchase is pre-approved by the Division Officer and/or the Campus Dean or for certain Divisions who report to the Provost and/or the President, by the Provost or the President.

VCOM Software Procurement and Licensing Compliance Policy

Page 2 of 4