It is the mission of SAU ITS to mitigate SAU network and information risk. It is the responsibility of all campus stakeholders to fulfill this mission.
Purpose
The technology purchase policy establishes requirements for the procurement of computer hardware, software, and all technological devices for Southern Arkansas University. The purpose of this policy is to ensure that all technology operating on and in the SAU network adheres to network security protocols, is compliant with the security framework followed by SAU ITS, and does not pose unauthorized risk to the SAU network.
Scope
This policy applies to all computer hardware, software, and technological devices purchased with institutional funds or for institutional use (for example, technology assets purchased with grants funds).
Policy
All purchases of computer hardware, software, or technology devices must be coordinated with the Information Technology Services department (ITS) to ensure security compliance, integration, and proper functionality with the SAU network.
Users should:
- Email helpdesk@saumag.edu.
- In the subject line of the email, include the following:
- Department/College name
- Item needed to procure
- Example subject line: COHEP needs printer
- In the body of the email, include the following:
- A description of the item that is needed
- A description of what the item needs to accomplish
- Contact information for the requestor, including mobile phone number
- The date by which the item/response is needed
- Any additional information relevant to the request
Example 1. The COHEP needs a color printer/scanner to provide XX in office XXX. Please contact XX at XXX mobile phone number for additional information, or email XX at XXX SAU email address. XX needs the printer purchased and installed by X date.
Example 2: The CSE needs new statistical software for COURSEXX for the XX semester. The software should be installed and available in computer lab X but will also need to be available for students to work with remotely. We have reviewed available software and identified 2 options that are within our budget: xxx and xxx. Could ITS review these options and inform us which option is approved based on network integration? Please reach out to XX or XX at XXX mobile phone numbers or XXX SAU email addresses to discuss these options.
ITS personnel will:
- Create a Help Desk ticket upon receipt of Help Desk email and review each request.
- Conduct research based on the scope of the request as necessary.
- ITS may provide a vendor intake form to be completed by the requestor to assess network integration, security features, etc.
- ITS may request a virtual joint meeting between the requestor, the proposed vendor, and ITS personnel to assess the proposed product.
- Contact requestors as needed to complete the research and make recommendations.
- Evaluate each potential vendor and deny the purchase of any technology that does not meet SAU network security protocols.
- Provide timely feedback on requests.
All written communication regarding each request should be conducted through the Help Desk Ticket Generator system for each specific request.
It is important to note that even if an asset meets the characteristics for compliance, the asset may still be prohibited for other reasons. SAU ITS will always work with campus stakeholders to meet technological operational and educational needs.
Enforcement
Technology purchased outside this policy’s guidelines will be considered unauthorized (see definitions below) and be deemed non-compliant.
Unauthorized device
An unauthorized device is any device that is not listed as a supported device on the approved hardware page, or devices approved to function in the capacity the device supports (such as programs and additional software required to make a primary software function).
Unauthorized software
Unauthorized software is any software that ITS has not been approved to operate within the SAU environment. View a list of authorized software.
- Unauthorized software discovered on the SAU network will be terminated on the endpoints on which it was installed.
- ITS will notify the VP of the department in which the software was discovered.
- The VP will communicate with the supervisor/department/dean of the area.
- ITS will evaluate the software for network compliance.
- ITS will restore software functionality if possible.
- If the software is determined to pose risk to the SAU network, ITS will work with the VP of the department and the department using the software to search for solutions.
Compliance, Violations, and Remediation
Compliance with the technology purchase policy is not optional. ITS will not install software on any endpoint that exceeds acceptable risk to the SAU network infrastructure. Devices, platforms, or other types of technology purchased in violation of this purchase policy will not be supported by SAU ITS.
Additional network restrictions may be taken toward individuals or departments which violate this policy as determined by Administration in consultation of ITS.
Any personnel actions related to noncompliance with the technology purchase policy will be determined by the employee’s/department’s vice president and/or SAU Administration. ITS does not have any jurisdiction regarding personnel matters.