The university is obligated to review software to ensure its quality, security, and effectiveness in meeting the educational needs of students, staff,  and faculty. This review process is crucial to protect the integrity of academic work, safeguard personal and institutional data, and promote an efficient and productive learning environment. Furthermore, it ensures that the software aligns with the university’s mission and values, complies with legal and ethical standards, and provides equitable access and usability for all users. 

At this time we are not evaluating device drivers or device firmware.   

Currently all software requests must be reviewed. However, we are working to eliminate this requirement in an upcoming version. 

No, only those individuals named in the request will have access.

We are not currently monitoring the version of the software. Automatic updates are preferred because this is how the software developer improves their product and it's security. However, if you are aware of significant changes to its terms and conditions or its privacy policy, please notify your help desk.

Once your request is approved, you will purchase the approved software. Then, you will need to contact the helpdesk to get your software installed. When you contact the helpdesk, please have your ticket number from the software request ready.

For the purposes of this review process, we are concerned with the following types of software:

Application Software:  Application software is typically installed on your device. Examples of application software could be products such as AutoCAD, and Adobe Photoshop.

Software as a Service (SaaS):  Software as a service (SaaS) allows users to connect to and use cloud-based apps over the Internet, typically in a “pay as you go” model. Examples include Asana, Slack, and Salesforce.

In general, anything that is on the restricted purchase list in the ProCard Manual does need to be reviewed. Some exceptions have other Procurement Waiver requirements that are not addressed through this process such as copyright evaluations. Please contact Procurement if you need assistance. 

However, these Defined Exclusions exist:

• Stock photo services
  
  
• Web hosting and design services (requires separate review​)
• • UAA has specific guidelines for web pages; please visit their site for more information
    
    
• Subscriptions to newspapers, journals, and streaming services
  
  
• Memberships in professional organizations
  
  
• Network Hardware (Starlink, communication equipment, cellular services)
  
  
• Online training (to receive instruction/training, products where no data other than a login is provided to the vendor)
  
  
• Computing hardware (and the installed OS, firmware, drivers, etc)
  
  
• Data files, records, or database access

Current review groups that review every product:

•  Accessibility Review
• Contract/EULA/T&C Review 
• IT Risk & Compliance Review

Current review groups that review only those products identified as containing sensitive data: 

• Data Export Control Review
• Intellectual Property Review 
• IRB/Human Subject Review
• Foreign Company/Tax
• PCI-DSS Point of Sale Review

Follow the steps outlined in this KB Article.

If you're adding licenses to the same request, or 'true-upping' a product then an additional review is not necessary. The key to this is ensuring that the business use case, the department, or the contract language for the software has not changed from the original request. If it has changed significantly, a new request form will need to be submitted.

Yes, freeware and open source software need to be reviewed just the same as purchased software.