500.00 Registration and Approvals for IT Purchases at MSU Bozeman
- Table of Contents
- 500.00 Approvals prior to purchase and registration
- 510.00 Information Technology Resources
500.00 Approvals prior to purchase and registration
For IT purchases made at MSU-Bozeman, departments are required to obtain prior approval for purchases and/or register purchases in accordance with the Policy below.
Each Affiliated Campus shall establish its own Policy for Information Technology purchases.
510.00 Information Technology Resources
Introduction
At any dollar amount of information technology (IT) purchases (hardware, software, and services) can have risks associated with them, such as problems with regulatory compliance, information security and privacy, FERPA requirements, export-control, system compatibility, system support, or performance degradation of the computing environment resulting in adverse impacts for others. Unfortunately there is no price threshold or easy way to define for constituents what type or level of purchase could pose a risk to the computing environment, other constituents in the computing environment, or MSU as a whole. The risks associated with IT purchases and this Policy apply to MSU purchases regardless of the source of funds.
In order to address the risks as simply as possible, University Information Technology (UIT) maintains a list of pre-approved computing devices at the IT Purchasing Support web site. MSU-negotiated contracts and volume discounts are made available at this site for direct purchasing whenever possible. Purchasing through the vendor portals (preferred vendors) through this website is encouraged. The UIT also offers custom systems, consultation, and assistance through the IT store.
UIT also provides a list of site-licensed software purchased by the University for the University community. Before purchasing any software, employees are encouraged to review this list at the UIT Procurement Support website.
The University will also establish a system for registration of institutional computing hardware. Computing devices must be registered with this registration system as described below.
In addition, some purchases of hardware, software, and IT consulting requires prior approval by University Information Technology in alignment with the MSU Enterprise IT Resource Management Policy https://www.montana.edu/policy/enterprise_it/resource_management.html
The requirements of this Section 500.00 apply in addition to all other requirements MSU’s Procurement Policies and Procedures and state purchase laws and regulations.
521.00 Hardware Purchase Registration Requirements. All computing devices including (but not limited to) desktop, laptop, and tablet computers must be registered with the University. Departments must register hardware on the list within 30 days of purchase.
522.00 Networking Equipment Requires Prior Approval. University Information
Technology must pre-approve all networking equipment including, but not limited to, bridges, routers, and switches.
523.00 Servers Require Registration and Security Provisions.
523.01 All servers, regardless of source of funds for purchase, must be registered with the University.
523.01 A system administrator shall be identified for all servers. This information will be reviewed and updated on an annual basis by the system administrator.
523.01aThe System administrator has responsibility for assuring compliance with MSU and MUS IT policies.
523.02 To the extent practicable, all servers shall have installed any required software as defined by the campus IT standard to check for known vulnerabilities. The Chief Security Officer may exempt a server from this requirement.
524.00 Cloud Based Data Storage Requires Prior UIT Approval. University Information Technology must approve, prior to purchase any cloud based software which stores confidential or FERPA protected University data; UIT will conduct the initial assessment of the security of these software solutions in a timely manner.
525.00 IT Consulting Requiring Prior University Information Technology Approval. University Information Technology must approve, prior to engaging, consulting services related to IT matters which could affect the IT network or other IT policies or requirements. UIT will provide this review in a timely manner.
526.00 UIT Procedures for Pre-approval. University Information Technology shall establish procedures for submission of proposed purchases which require UIT approval. UIT shall consider such submissions in a timely manner and provide a written explanation of any denials.
527.00 University Information Technology Policy Oversight. University Information Technology shall be responsible for interpreting the requirements of this Policy, and it shall provide guidance concerning which hardware and software must be registered or receive prior approval for purchasing as required by the Policy. Any questions about the application of the Policy to specific purchases of hardware or software shall be addressed to the UIT.
528.00 University Information Technology Involvement in IT Purchases over $25,000. Under the guidance of MSU Procurement services, UIT shall coordinate and assist with all purchases of hardware, software, and IT services with a value of $25,000 or greater.
529.00 Policy Application. This Policy applies to all IT purchasing, regardless of the delegation of authority in Section 310.00.