Reminder for UShop users: A specific form is required for all software purchases, regardless of cost
Ahead of a series of revisions to its software purchase request form in UShop, Financial Services (FS) wishes to remind University of Utah and University of Utah Health Sciences personnel that they must complete the form for all new and renewal software, web-based applications, and mobile application acquisitions — regardless of cost.
“This process applies to purchases from $1 to $1 million,” said Colette Brown, a procurement supervisor for FS’s Purchasing department. “Getting an accurate inventory of software purchases is a growing issue for the university, and we need everyone’s help to get a handle on it.”
The form is used to facilitate compliance with University of Utah Policy 4-050, Rule 4-050A, and Rule 4-050B. Aimee Ellett, special assistant to the Chief Information Officer (CIO), noted new purchases or renewals of any software which may access, manipulate, create, or store restricted data require the full version of the Higher Education Community Vendor Assessment Tool (HECVAT), a questionnaire framework specifically designed for higher education to measure vendor risk, to be completed by the software vendor for review by UIT.
The software purchase request form helps UIT determine if software meets various IT security, accessibility, and payment card industry (PCI) requirements; if integration with university IT systems like PeopleSoft, Canvas, and Epic is needed; and if a similar software solution is already owned by the university and available at reduced or no cost through campus licensing agreements.
“Of course, our goal is to avoid being billed multiple times for software that’s already purchased and available for use,” Brown said.
Ellett noted that a review by the Information Security Office (ISO) is part of the UIT review process on all requisitions.
The software purchase request form also helps UIT/ISO determine if a software product:
- Is considered university enterprise software based on Rule 4-050A.
- Will have broad institutional impact, affecting the operations of more than one university unit.
- Has particular integration, implementation, project management, or support needs.
- Fulfills Government Accounting Standards Board (GASB)-96 reporting requirements. GA-96 establishes uniform accounting and financial reporting requirement for subscription-based information technology arrangements (SBITAs).
Per university policy, software is defined as anything that “can be used on a local workstation or server, as well as in either a public or private cloud; and can access, delete or create public, restricted, or sensitive data as well as PHI (Protected Health Information) and HIPAA (Health Insurance Portability and Accountability Act) and University IP (Intellectual Property) data.”
This includes, but is not limited to:
- Cloud applications
- Application software
- Web applications
- Mobile applications
- Driver software
- System software
- Software included with the purchase of other software
- Utility software
- Programming software
- Open-source software
- Propriety software
- Closed software
Financial Services will soon launch a new version of the Software Purchase Request form, which can be found in the UShop Marketplace below the Purchase Request form.
Brown noted the following upcoming user interface changes:
- The name of the form will drop the word “new” from “new software purchase request form” to better reflect it applies to all software purchases, including renewals. This name, Brown said, also reflects how UIT must review all software acquisitions regardless of the purchase threshold. Previously, UIT focused mainly on new software purchases. Going forward, all software purchases (including renewals) will require review by UIT regardless of the amount and will continue to be reviewed by Purchasing for those exceeding the small purchase threshold of $10,000.
- Input fields to purchase-related required information will be featured more prominently toward the top of the form, while the software/IT related required information for new software will be toward the bottom of the form.
- Purchase-related information will be more separate from software/IT questions.
Please note new UShop users must complete the relevant required trainings.
If you have questions about completing the software purchase request form, please access this IT Knowledge Base article or contact Aimee Ellett via UITSoftwareReview@utah.edu. For questions about UShop training and UShop technical support, please email the UShop team at email@example.com or call 801-585-2255.
Our monthly newsletter includes news from UIT and other campus/ University of Utah Health IT organizations, features about UIT employees, IT governance news, and various announcements and updates.