UM BPM 12004 Policy

ALL IT and telecommunication products, software, and services must be purchased through the Information Technology Department and/or require CIO approval. These items include, but are not limited to, computers, tablets, servers, monitors, routers and switches, audio visual equipment, printers/copiers, research equipment, software, etc. In accordance with UM policies, additional approvals may be required depending on the cost. Access the full policy here.

What is the process for?

The goal of the approval process is to ensure that all IT hardware, software, and services are compatible with the University's technology environment and that they meet UM IT security policies prior to purchase. The Information Technology Department works closely with UM Procurement and Legal Counsel to ensure technology purchases are compliant with applicable policies, regulations, contracts, and vendor licenses. IT requests are also reviewed to ensure they align with IT best practices and standards, which improve reliability and reduce the total cost of ownership. Additionally, IT expenditures must abide by the UM President’s directives regarding budget challenges to make certain that we are getting the most value from our technology investments.

Steps for Purchasing IT Products and Services

Prospective purchasers are expected to work with IT early in the review and purchase process. The procedures for S&T CIO approval are outlined below:

1. Prior to purchasing any IT product or service, the designated office/person for IT approvals in the academic unit or department should review and approve the request.
2. A departmental representative should then submit a Cherwell ticket to request the hardware or software. Click here to submit an IT ticket.
3. After you log in to Cherwell using your university credentials and click on Submit a Ticket, the Service Catalog will appear.
4. Click on IT Procurement.

5. At the IT Procurement window, click on BPM 12004 Policy.

6. At the BPM 12004 Policy window, click on Hardware/Other Approval for hardware or other technology purchases, or click on Software Approval for software purchases.

7. Click on Request Approval.
8. At the BPM 12004 Policy – Request Approval window provide the following information:

1. 1. Purchaser - Name of the person/department who the item or service is for
   2. Requestor – Name of the person/department who is requesting the item or service
   3. Item Type – Select from the drop-down list box
   4. Funding Source – Select from the drop-down list box
   5. Yes/No on whether it is an IT or Non-IT purchase
   6. MoCode for non-IT purchases
   7. Authorized Signer Name and Email
   8. The price – both initial and ongoing fees
   9. A short description and brief justification for the purchase – How it will be used
   10. The URL for the IT product or service (version, vendor, etc. as applicable) that you are requesting

9. Click on Submit.
10. The CIO or their designee will review the request and either approve, reject or request additional information. Normally, a communication will be provided to the department within a day or two.
11. Please note that third-party services require completion of an information security audit. Departments are advised to submit their requests well in advance of the desired use date to accommodate the time needed to complete an audit.
12. Upon approval, IT will work with the department and UM Procurement to purchase the product or service in the most cost-effective manner possible and will communicate delivery/install dates as appropriate.

Exceptions and Notes

The following items do not require CIO approval and can be purchased by departments. For items in bold below, it is recommended that you work with IT to purchase and ensure it will function properly. In many cases, IT may be able to source the technology at a lower cost. Please submit a ticket if you require assistance in purchasing these items.

1. Consumables (paper, toner, etc.) for printers and multifunction devices may be purchased by departments.
2. Surge Protectors
3. Mice/Keyboards – please check with IT first as these may be covered under warranty.
4. Electronic cases
5. Headphones
6. Computer cables
   1. Ethernet– available for purchase from Net/Telecom. If purchased elsewhere, be sure it is a certified CAT6 cable.
   2. USB
   3. Video
7. Port Adapters
8. Flash Drives – must use encrypted drives for DCL3 and DCL4 data
9. WordPress Plugins
   1. Any plugin using eCommerce must be approved by IT Security. Once approved, the business unit can make the initial purchase and subsequent renewals.
   2. Any plugin storing DCL3 (Restricted) or DCL4 (Highly Restricted) data must be approved by IT Security. For example: Birth date, employee id, drivers license number, more info at: https://www.umsystem.edu/ums/is/infosec/classification-definitions
   3. Departments must update all plugins at least monthly or have them set to auto-update.
   4. Departments must remove all plugins that are no longer being supported and/or updated by the author.
   5. Departments must remove all paid plugins that they have stopped paying for.
   6. Departments must conduct an annual review of all plugins and remove plugins and themes not in use.
   7. The use of plugins and themes that significantly affect the style/brand must have approval of S&T's Marketing and Communications department.

Note: Software purchased under existing site-licenses or contracts still requires CIO approval and needs to be purchased through Information Technology. You can do so by submitting a ticket.

If you are unsure as to whether your purchase requires CIO approval, please ask.