Enterprise Software Acquisition

Owned by Micah Schaafsma
Last updated: Nov 21, 2023 by Guo, Chiyao (Deactivated)
5 min read

Statement and Purpose

Table of Contents

Enterprise software are those products, applications, or systems that are provided and supported for shared and wide-spread campus use. This policy outlines the requirements for enterprise software acquisition by members of the campus community. This policy is intended to act as a guide to departments that are considering software that will be purchased by individuals or departments with institutional funds and requiring centralized support and administration by CIS. Examples of other enterprise /wiki/spaces/CIS/pages/36143440 are linked here.

Entities Affected By This Policy:

All University departments and employees.

Reason for Policy

This process and guide is intended to improve technology project success and sustainability by:

  • Ensuring software investments align with institutional strategy and institutional data policiy
  • Verifying new systems will function effectively in SPU's technology environment
  • Verifying new systems meet institutional security, data access standards, and comply with legal regulations
  • Properly reviewing licensing agreements with technology and risk management staff
  • Negotiating the best pricing through consolidation of purchasing power and relationships
  • Determining support impact, implementation costs and ongoing support requirements, maintenance fees, and resource availability
  • Evaluating downstream or cross-departmental impacts by the new system to coordinate training and process changes


Version: 1.0

Effective Date: November 15, 2016
Last Updated:  November 15, 2016

Responsible Office:
Computer & Information Systems
Responsible Executive:
AVP for Information Technology / CIO

Enterprise Software Definition

Enterprise Software is defined as any software where:

  • CIS support is expected or required during the procurement, implementation, or at any time thereafter
  • The software/system (locally or remotely hosted) will house, and/or require access institutional data. See Institutional Data Policy.
  • Integration or data extracts to or from other enterprise data systems (Banner, Canvas, Raisers Edge, etc.) is needed
  • Institutional credentials and identity management systems are used
  • The software is a SaaS, IaaS, or PaaS cloud hosted platform with a contract
  • CIS supported and maintained servers are being used

CIS Role and Involvement

CIS has the responsibility for ensuring any new software acquisition fits within the campus's existing technology ecosystem and does not create undue cybersecurity risks 

CIS Involvement in Enterprise Software Procurement

Involving CIS early and often is the best strategy to ensure that software projects and implementations are successful.  There are many areas CIS can provide assistance including:

  • "Heads-up" - you are casually looking for a software solution, you saw a demo, a product was recommended by a peer.  CIS may have knowledge about the vendor, the product, or other possible systems.
  • Do we already have a potential software solution?  CIS already supports move than 75 enterprise software systems. An existing investment may already meet your needs.
  • Product requirements, requests for proposals, software reviews, technical and functional assessment, vendor assessments, and final product selections?  CIS has assisted in many projects and have established valuable procedures to assist you.  Take advantage of that expertise.

Technology Risk and Compliance

New enterprise software and cloud services must be reviewed by CIS and the Office of Risk Management to ensure it falls within an acceptable risk tolerance for the University.  Cloud services vendors must submit a Higher Education Community Vendor Assessment (HECVAT) to CIS for review and approval prior to the University entering into contract.  All new software and cloud services will be reviewed to ensure they meet or exceed the Institution's technology and data regulatory compliance obligations.

Accessibility

CIS must verify vendor services are consistent with federal civil rights and accessibility laws, specifically Section 504 of the Rehabilitation Act of 1973 and the Americans with Disabilities Act Amendments Act (ADAAA).


Enterprise Software Acquisition Process

Departments or individuals interested in purchasing enterprise software systems (described above) should contact Computer & Information Systems prior to purchasing the software or entering into any agreement with a vendor to use the software either remotely or locally.  The steps outlined below can guide a department through the process of considering, selecting, purchasing, and implementing enterprise software solutions.  CIS can assist in many ways along this process.

Follow these procedures:

  • What are your software requirements: Describe the business or functional requirements.  What are the needs to be addressed?  What data is required and does that data already exist? What departments and/or campus users will interact with the software?  
  • Review existing systems and solutions:  Can the business or functional requirements be met with existing systems or solutions? Can departmental processes or procedures be adjusted to meet your functional requirements without going through an additional software procurement process?
  • Determine departmental and institutional strategies and goals:  Once a clear statement of business requirements has been completed, and a review of existing systems and solutions has determined that your requirements can't be met with current systems – the department needs to determine whether a new enterprise software solution should be considered.  This may involve broad campus discussions, institutional priorities, budget/financial considerations, availability of department skills and resources, availability of centralized CIS programming and implementation resources. 
  • Vendor and product reviews:  There are often many products that could be implemented to meet your business and functional requirements.  Due diligence is required to measure and evaluate product and vendor quality, sustainability, cost/benefit considerations, data use and integration, implementation requirements, local vs cloud/remote hosting, and other issues.  Some products may deliver full functionality "out-of-the-box" while other solutions may require extensive data integration.  
  • CIS technical evaluation and assessment: Prior to an enterprise software procurement CIS must evaluate the software to determine resource requirements, compatibility with other University systems, integration capabilities, security challenges, impact on Institutional Data Policy and confirm that there are no existing University systems that provide equivalent functionality.
  • Licensing agreement legal and contract review: Software license agreements and contracts need to be reviewed by the Office of Risk Management, Computer and Information Systems, and signed by the appropriate signature authority. Implementations will not proceed until review has been completed.
  • Procurement financial considerations:  Throughout the software procurement process the financial and budgetary costs should be assessed.  These costs should include the initial procurement costs, implementation, hardware costs and requirements, data integration and data conversion costs, product customization costs (initial efforts plus future efforts as upgrades are made), ongoing software maintenance and implementation costs, any staffing costs (internal to the department, or an impact on centralized CIS staffing).
  • Project Intake:  Completing the enterprise software procurement (as described above) is only the fist step. Decisions and priorities around enterprise software implementation need to be included at each step along the procurement process.  CIS also provides more details on the Project Intake Process on this page.

Non-Compliance With Acquisition Process

The procurement of enterprise software (as defined above) requires the support and involvement of CIS. Departments or individuals who do not follow this policy forfeit IT support and may be restricted from full operation or use of those software system functions.  This may include data integration, credential integration, sever and storage resources, or system administration activities.


Technical Support and Resourcing

If the system requires additional resources for server hosting, software licensing, and/or any other services associated with operating a given software application or system, CIS may charge the requesting department or academic unit annual cost recovery fees corresponding to those resources. This will be determined by CIS on a case-by-case basis.


Related Policies and Procedures