/
Enterprise Software Acquisition

Enterprise Software Acquisition

Sep 18, 2025

Statement and Purpose

Table of Contents

Enterprise software are those products, applications, or systems that are provided and supported for shared and wide-spread campus use. This policy outlines the requirements for enterprise software acquisition by members of the campus community. This policy is intended to act as a guide to departments that are considering software that will be purchased by individuals or departments with institutional funds and requiring centralized support and administration by SPU's IT Department. Examples of other enterprise /wiki/spaces/CIS/pages/36143440 are linked here.

Entities Affected By This Policy:

All University departments and employees.

Reason for Policy

This process and guide are intended to improve technology project success and sustainability by:

  • Ensuring software investments align with institutional strategy and institutional data policy
  • Verifying new systems will function effectively in SPU's technology environment
  • Verifying new systems meet institutional security, data access standards, and comply with legal regulations
  • Properly reviewing licensing agreements with technology and risk management staff
  • Negotiating the best pricing through consolidation of purchasing power and relationships
  • Determining support impact, implementation costs and ongoing support requirements, maintenance fees, and resource availability
  • Evaluating downstream or cross-departmental impacts by the new system to coordinate training and process changes


Version: 1.0

Effective Date: November 15, 2016
Last Updated:  November 15, 2016

Responsible Office:
Computer & Information Systems
Responsible Executive:
AVP for Information Technology / CIO

Enterprise Software Definition

Enterprise Software is defined as any software where:

  • SPU IT support is expected or required during the procurement, implementation, or at any time thereafter
  • The software/system (locally or remotely hosted) will house, and/or require access institutional data. See Institutional Data Policy.
  • Integration or data extracts to or from other enterprise data systems (Banner, Workday, Canvas, Raisers Edge, etc.) is needed
  • Institutional credentials and identity management systems are used
  • The software is a SaaS, IaaS, or PaaS cloud hosted platform with a contract
  • SPU IT supported and maintained servers or systems are being used

SPU IT Role and Involvement

SPU IT has the responsibility for ensuring any new software acquisition fits within the campus's existing technology ecosystem and does not create undue cybersecurity risks or unnecessary cost increase.

SPU IT Involvement in Enterprise Software Procurement

Involving SPU IT early and often is the best strategy to ensure that software projects and implementations are successful.  There are many areas SPU IT can provide assistance including:

  • "Heads-up" - you are casually looking for a software solution, you saw a demo, a product was recommended by a peer.  SPU IT may have knowledge about the vendor, the product, or other possible systems.
  • Do we already have a potential software solution?  SPU IT already supports more than 75 enterprise software systems. An existing investment may already meet your needs.
  • Product requirements, requests for proposals, software reviews, technical and functional assessment, vendor assessments, and final product selections?  SPU IT has assisted in many projects and have established valuable procedures to assist you.  Take advantage of that expertise.

Technology Risk and Compliance

New enterprise software and cloud services must be reviewed by SPU IT and the Office of Risk Management to ensure it falls within an acceptable risk tolerance for the University.  Cloud services vendors must submit a Higher Education Community Vendor Assessment (HECVAT) to SPU IT for review and approval prior to the University entering into contract.  All new software and cloud services will be reviewed to ensure they meet or exceed the Institution's technology and data regulatory compliance obligations.

Accessibility

SPU IT must verify vendor services are consistent with federal civil rights and accessibility laws, specifically Section 504 of the Rehabilitation Act of 1973 and the Americans with Disabilities Act Amendments Act (ADAAA).


Enterprise Software Acquisition Process

Departments or individuals interested in purchasing enterprise software systems (described above) should contact SPU Information Technology prior to purchasing the software or entering into any agreement with a vendor to use the software either remotely or locally.  The steps outlined below can guide a department through the process of considering, selecting, purchasing, and implementing enterprise software solutions.  SPU IT can assist in many ways along this process.

Follow these procedures:

  • What are your software requirements: Describe the business or functional requirements.  What are the needs to be addressed?  What data is required and does that data already exist? What departments and/or campus users will interact with the software?  
  • Review existing systems and solutions:  Can the business or functional requirements be met with existing systems or solutions? Can departmental processes or procedures be adjusted to meet your functional requirements without going through an additional software procurement process?
  • Determine departmental and institutional strategies and goals:  Once a clear statement of business requirements has been completed, and a review of existing systems and solutions has determined that your requirements can't be met with current systems – the department needs to determine whether a new enterprise software solution should be considered.  This may involve broad campus discussions, institutional priorities, budget/financial considerations, availability of department skills and resources, availability of centralized CIS programming and implementation resources. 
  • Vendor and product reviews:  There are often many products that could be implemented to meet your business and functional requirements.  Due diligence is required to measure and evaluate product and vendor quality, sustainability, cost/benefit considerations, data use and integration, implementation requirements, local vs cloud/remote hosting, and other issues.  Some products may deliver full functionality "out-of-the-box" while other solutions may require extensive data integration.  
  • SPU IT technical evaluation and assessment: Prior to an enterprise software procurement SPU IT must evaluate the software to determine resource requirements, compatibility with other University systems, integration capabilities, security challenges, impact on Institutional Data Policy and confirm that there are no existing University systems that provide equivalent functionality.
  • Licensing agreement legal and contract review: Software license agreements and contracts need to be reviewed by the Office of Risk Management, SPU Information Technology, and signed by the appropriate signature authority. Neither procurement nor implementations will proceed until review and approval has been performed and granted.
  • Procurement financial considerations:  Throughout the software procurement process the financial and budgetary costs will be assessed.  These costs should include the initial procurement costs, implementation, hardware costs and requirements, data integration and data conversion costs, product customization costs (initial efforts plus future efforts as upgrades are made), ongoing software maintenance and implementation costs, any staffing costs (internal to the department, or an impact on centralized SPU IT staffing).
  • Project Intake:  Completing the enterprise software procurement (as described above) is only the first step. Decisions and priorities around enterprise software implementation need to be included at each step along the procurement process.  SPU IT also provides more details on the Project Intake Process on this page.

Non-Compliance With Acquisition Process

The procurement of enterprise software (as defined above) requires the support and involvement of SPU IT. Departments or individuals who do not follow this policy forfeit IT support and may be restricted from full operation or use of those software system functions. This may include data integration, credential integration, server and storage resources, or system administration activities. In addition, failure to comply with this policy may result in disciplinary action, including termination of employment or contract termination or criminal prosecution, depending on the severity of the violation.

Technical Support and Resourcing

If extra resources are needed for hosting, licensing, or other services to run a software application or system, the Department must annually secure and allocate funds to SPU IT through SPU’s Zero-Based Budget process.


Related Policies and Procedures