Software Procurement and Licensing Compliance
Faculty, staff, or campus Units with software needs limited to individual desktop or laptop installation and which do not require integration with University information systems, shall first review and purchase software through the Ann Arbor ITS Software Store.
If the desired software is not available through the Software Store faculty, staff, or campus Units shall then consult the Procurement Services Strategic Supplier List for potential software vendors and use existing strategic contracts for their software procurement needs.
However, when faculty, staff or campus Units have software needs that meet ANY of the below criteria, then Dearborn ITS shall be contacted prior to procuring any software or entering into any University contract:
- U of M authentication will need to be used along with the application;
- The application needs to have data loaded from other University systems;
- The application accesses, could access or collect, or store, or is loaded with sensitive data or FERPA (student records) data;
- The software connects to campus infrastructure, such as software related to campus safety or security;
- The application will require significant time and effort from Dearborn ITS to establish and maintain, including physical infrastructure connection time;
- Total payments over the life of the application exceed $10,000;
- If ITS will need to install the software, either in the ITS data center or on users’ devices;
- If the software is for fulfilling student business processes or providing students with resources and information via a website or portal.
In these situations, Dearborn ITS may also consult with Dearborn Financial Services if questions arise regarding the initial and continued funding arrangements supporting software purchases, and in cases of where the software budget shall be housed on the Dearborn campus.
Faculty, staff, and campus Units shall follow best practices when planning any software purchases to ensure the requested software will be:
- Supported by the Dearborn campus ITS department staff or supported by staff within the campus Unit;
- Complementary to existing software contracts in place at the University of Michigan;
- Not redundant or similar to software packages currently deployed on the Dearborn campus;
- Acceptable to Procurement Services in regards to license language contained in any vendor proposal or contract. Units should contact Procurement Services Technology to seek assistance with this review;
- Appropriate for the source of funding, as licensing terms and conditions may be dependent on the funding source (e.g., state or federal grant, gift, external funding from a corporation or other organization);
- Appropriate for use on personally-owned devices (PODs), as some software licenses do not permit software to be used on PODs, even for university-related work;
- Appropriate for use at either on or off campus campus, as some software licenses specify locations at where software may be used (e.g., classroom, research, administrative, etc.) and prohibit usage in other locations (e.g. off campus locations, home office, etc.);
- Appropriate for the original purpose stated at the time of purchase, as software licenses may specify the purpose or activity for which the software may be used (e.g., research, commercial, educational) and disallow its use for a new or different purpose or activity;
- Appropriate for multi-device usage, as “per-seat” or “per-student” or “per-employee” software licenses do not normally allow for multi-device usage by same end user;
- Inventoried by the campus Unit which shall include the financial records supporting the purchase. All campus Units shall maintain a complete inventory of all software currently used within their Unit, including software used for research;
- Removed when no longer in use, which includes deleting and destroying software no longer in use and/or under a active license agreement;
- Transferred, if appropriate and allowable, when a faculty member or researcher leaves the University.
Campus Units shall also review all relevant SPG’s and University Compliance Standards including those below prior to purchasing software:
- Data Sensitivity and Safe Computing at the University of Michigan
- DS-20: Third Party Vendor Security and Compliance
- SPG 601.12 – Institutional Data Resource Management Policy
- SPG 601.11 – Privacy and the Need to Monitor and Access Records
- SPG 601.07 – Responsible Use of Information Resources
- SPG 601.03-3 - Software Procurement and Licensing Compliance
Issued by: Financial Services and Dearborn ITS
Date Issued: 4/2019
Next Review: 4/2021