Acquisition of Information Technology                            UPPS No. 05.02.06

Products and Services                                                        Issue No. 1
Effective Date: 12/14/2012
Review: October 1 E3Y

 

 

01.         POLICY STATEMENTS

 

01.01  This UPPS identifies policies applicable to the acquisition of information technology (IT) products or services including, but not limited to, the purchase, rental, lease, or free acceptance of IT products or services from third-party providers.

 

01.02  Acquisition of IT products or services shall be in accordance with UPPS No. 05.02.02, Texas State Purchasing Policy.

 

01.03  The vice president for Information Technology or designee will be responsible for central review and oversight of all university acquisitions of IT products or services, including, but not limited to, computing hardware, software, and hosting services, regardless of source of funds, as authorized in the Rules and Regulations of The Texas State University System, Chapter III, Paragraph 19.3. Administrative heads shall consult with the vice president for Information Technology or designee prior to acquiring any IT products or services to a) assess the acceptability of the licensing or contract terms,  b) ascertain the nature and amount of university IT support required and available for such products or services, and c) ensure accessibility of purchased software and hardware. 

 

01.04  Administrative heads shall address the applicable IT contracting issues described in the IT Contract Issues Checklist when acquiring IT products or services from third-party providers. The office of the vice president for Information Technology or designee shall maintain the IT Contract Issues Checklist and assist administrative heads with evaluation and review of proposed agreements with third-party providers of IT products or services.    

 

01.05  University departments and individual faculty and staff shall not entrust any third-party provider with sensitive or confidential business data in the absence of a duly approved and authorized agreement between the university and the provider. (NB. See definition of ‘business data’ in Section 02.05 below and definitions for sensitive and confidential data in         Section 04.08 of UPPS No. 04.01.01, Security of Texas State Information Resources). 

            Public Web information services from third-party providers (e.g., Google, Dropbox, etc.) may be inappropriate for storing, sharing, or processing business data because their standard terms of service may fail to afford adequate protection against loss, destruction, or inappropriate use or disclosure of these data. Consistent with UPPS No. 03.04.04, Processing, Approving, and Executing Contracts, Purchases, and Agreements, only designated university officials may enter into information services agreements involving the university’s business data.

 

01.06  Before engaging third-party IT products or services to store, share, or process scholarly data (see definition of ‘scholarly data’ in Section 02.04), individuals shall review Web 2.0 and Cloud Computing Best Practices for guidance and insight into the numerous issues that should be considered. These issues include information security, personal privacy, personal liability, copyright and content ownership, minimum service levels, and provider lock-in, just to name a few. Additionally, staff in the Educational Technology Center and the Alkek Library can provide experienced assistance in determining the efficacy and suitability of third-party products and services for specific scholarly endeavors.

 

01.07  University faculty and staff who individually engage third-party services by accepting online Terms of Service or Terms of Use agreements are personally liable for compliance with those agreements, as well as any consequences that result from their engagement with those third-party services. 

 

02.         DEFINITIONS

 

02.01. Information Technology Products or Services – computing hardware, software, and related services, including externally hosted “cloud” services, software as a service (SaaS), infrastructure as a service (IaaS), platform as a service (PaaS), and consumer-oriented Web services governed by so-called “click-through” agreements.

 

02.02  Acquisition – purchase, rental, or lease of information technology products or services with university funds, or the acceptance of free information technology resources from a third-party provider.

 

02.03  Third-Party Provider – any provider of information technology products or services that is a) not an organizational component of Texas State University and b) not an employee of Texas State University who is supplying the products or services as works done for hire.   

 

02.04  Scholarly Data – documents, files, and other items of information created, developed, collected, or maintained solely for research or instructional purposes, or for direct support of those purposes. Examples include the scholarly work of faculty or students, the personal or intellectual property of individuals, and instructional content in which the university has no ownership interest or license. Owners of scholarly data shall ensure that the security and privacy controls of third-party service providers are adequate to protect the security and privacy of their data. Note that research-related data held by units with research administration and oversight responsibilities (e.g., the Office of Sponsored Programs, the Office of Commercialization and Industry Relations) is considered business data (as defined below).  

 

02.05  Business Data – documents, files, and other items of information created, collected, maintained, and used to support the continued operations of Texas State University. Examples include administrative records, student education records, financial and human resource records, works made for hire, commissioned works, and similar informational objects, held by the institution’s organizational units, contracted service providers, or individual faculty or staff. Business data also includes the following subsets of scholarly data (as defined above):  

 

a.    Informational items in which the university has an ownership interest; and

 

b.    Informational items licensed by the university for instructional or research purposes.

 

03.       ACQUISITION COMPLIANCE REQUIREMENTS

 

03.01  In accordance with §2054.460, Texas Government Code, and §213.37, Texas Administrative Code, any university contract for the purchase, lease, or free acquisition of information technology products or services shall contain the following vendor certification:

 

“Vendor certifies that the electronic and information resources and all associated information, documentation, and support that Vendor provides under this agreement, comply with the applicable requirements set forth in Title 1, Part 10, Chapters 206 and 213 of the Texas Administrative Code dealing with accessibility by individuals with disabilities (as authorized by Chapter 2054, Subchapter M of the Texas Government Code).”

 

03.02  Prior to contracting with another state agency or institution of higher education via an “interagency cooperation contract”, Texas State must assure compliance with Texas Administrative Code Title 1, Part 10, Chapter 204, Subchapter C for any commodity or service identified as “information resource technologies” with a total cost estimated to exceed the dollar amount specified in Texas Administrative Code (TAC), Rule §204.31.

 

04.       REVIEWERS OF THIS UPPS

 

04.01  Reviewers of this UPPS include the following:

 

Position                                                         Date

 

Director, Purchasing                                   October 1 E3Y

 

Director, Contract Compliance                  October 1 E3Y

 

Director, Technology Resources              October 1 E3Y

Business Services

 

Director, Educational Technology            October 1 E3Y

Center

 

Special Assistant to the Vice                     October 1 E3Y

President for Information Technology

 

05.       CERTIFICATION STATEMENT

 

This UPPS has been approved by the following individuals in their capacities and represents Texas State policy and procedure from the date of this document until superseded.

 

Director of Purchasing; senior reviewer of this UPPS

 

Associate Vice President for Financial Services

 

Vice President for Finance and Support Services

 

President