All significant purchases, leases, gifts, loans, renewals and contracts for new, used or upgraded Information Technology goods, services and implementations, shall occur in coordination with the Office of Information Technology in a timely manner across the schools and campuses.
Note that the line above is University Institutional Policy and that what follows is University Operational Policy. Both were approved by the Information Strategy and Policy Committee (ISPC) on 12/17/07.
Information Technology (IT) has now permeated virtually every aspect of our academic lives and business processes. Increasing concerns over cost, reliability, security, staffing, business continuity and the management of customer relations is, and will continue to be, moving the various academic and administrative units of the University towards greater interdependence. Individual unit decisions now affect the greater University as never before. We can no longer afford, in terms of dollars, efficiency, or security, uncoordinated action relative to IT. The scope and process of the required policy are outlined below.
Proposals or plans for the activities described above must be brought forward to the appropriate Director in OIT, at the time the decision is first made to investigate or pursue, but no less than 30 days before an offer or contract expires, or is scheduled to renew, or the functionality is required. Note that some contracts renew automatically if 30 to 60 days advance written notice is not provided. The preferred methods of bringing plans and activities forward are is as follows:
The appropriate OIT Director and/or the CIO will coordinate, if necessary, with the Information Strategies and Planning Committee, seeking its endorsement and recommendation as appropriate.
Prior to execution, all proposals, contracts and licenses that fall under the auspices of this policy are subject to a Security Review by the Information Security Officer, in consultation with Risk Management, as appropriate. As a practical matter, if a proposal is viewed as possibly having security issues, taking it to the Information Security Officer (ISO) first may expedite the process. The ISO will then distribute it to the appropriate OIT Director.
Coordination is working to the spirit of this policy in good faith, regardless of technicalities.