Date: Tue, 19 Mar 2024 09:57:27 -0400 (EDT)
Message-ID: <1541381197.6520.1710856647118@confluence05.rowan.edu>
Subject: Exported From Confluence
MIME-Version: 1.0
Content-Type: multipart/related;
boundary="----=_Part_6519_1693275996.1710856647114"
------=_Part_6519_1693275996.1710856647114
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Content-Location: file:///C:/exported.html
ROWAN UNIVERSITY POLICY
=
Title: Data Governance: IT Acquisition Policy
=
Subject: Information Resources and Technology
Policy No: IRT:2013:02
Applies:=
University-Wide
Issuing Authority: =
Senior Vice President for Information Resources and Technology and =
;Chief Information Officer
Responsible Officer: Date Adopted: 07-01-201=
3
Last Revision: 04-01-2016
La=
st Review: 04-01-2016
I. PURPOSE
This policy sets forth the process for th=
e approval and acquisition of all Information Technology (IT) including, bu=
t not limited to software, hardware, IT consulting, and IT services.
II. A=
CCOUNTABILITY
Under the direction of the Chief Informat=
ion Officer, Rowan University management shall implement and ensure complia=
nce with this policy.
III. =
APPLICABILITY
This policy applies to all members of the=
Rowan community who seek to acquire IT Resources for Academic, Administrat=
ive, Clinical, or Research purposes. This includes all sources of Universit=
y funding including, but not limited to department budgets, grant funds fro=
m contracts and/or transmittal forms between the University, and external f=
unding sources (public and private), are covered by this policy.
IV. DEFI=
NITIONS
- Academic IT Resources =E2=80=93 any software, hardware, IT con=
sulting or IT services that is used to support users (faculty and students)=
in their teaching, learning, and research activities. Academic IT Resource=
s can be distributed and accessed locally or through the cloud.
- Administrative IT Resources =E2=80=93 any software, hardware, =
IT consulting or IT services that is used as an ancillary system in support=
of Rowan University's Enterprise Relationship Management system (Ellucian'=
s Banner System), whether to augment or replace specific functions with bes=
t-of-breed niche products.
- Clinical IT Resources =E2=80=93 any software, hardware, IT con=
sulting or IT services that allows the user to enter patient specific infor=
mation, and using formulae or other forms of analysis based on clinical inf=
ormation, glean from that information a patient-specific diagnosis or treat=
ment recommendation that is used to assist in making a clinical decision.=
li>
- FERPA - The Family Educational Rights and Privacy Act (FERPA) =
is a federal law that protects students' privacy by prohibiting disclosure =
of education records without adult consent.
- GLBA - The Gramm-Leach-Bliley Act (GLB Act or GLBA), also know=
n as the Financial Modernization Act of 1999, is a federal law enacted in t=
he United States to control the ways that institutions deal with the privat=
e information of individuals.
- Hardware =E2=80=93 computer devices that use, process, store, =
or transmit electronic information.
- HIPAA =E2=80=93 The Health Insurance Portability and Accountab=
ility Act (HIPAA) is the federal law passed by Congress in 1996 that requir=
es the protection and confidential handling of protected health information=
- Information Resources and Technology (IRT) =E2=80=93 the Rowan=
University department responsible for the governance of all information an=
d technology.
- IT Consulting =E2=80=93 a third party used to=
provide IT consulting services including system design, planning, auditing=
, and/or advisory services.
- IT Services =E2=80=93 a third party used to provide any other =
IT services, not classified as IT consulting, including IT management, host=
ing, repair, installation, maintenance, etc.
- Rowan University IT Purchasers =E2=80=93 faculty, staff, non-e=
mployees, students, attending physicians, contractors, covered entities, ag=
ents, and any other third parties of Rowan.
- Software =E2=80=93 computer programs that direct the operation=
of a computer or processing electronic data.
V. REFEREN=
CES
- Data Governance Policy
- Mobile Computing & Removab=
le Media Policyhttps:/=
/confluence.rowan.edu/display/POLICY/Mobile+Computing+and+Removable+Media=
a>
- Workstation Use Policyhttps://confluence.rowan.edu/display/POLICY/Workstation+=
Use+Policy
VI. POLICY
- Rowan University wants to ensure that we are meeting our responsibiliti=
es as IT users by guaranteeing that all IT Resources purchased within Rowan=
University are compatible with Rowan's information technology (IT) and in =
compliance with security requirements and regulations. IT purchasing can be=
an intricate process involving obscure terminology and possible legal or f=
inancial obligations for you and the University. Accordingly, prospective p=
urchasers will obtain consultation and approval from Information Resources =
and Technology personnel who are familiar with these details, and who routi=
nely implement and manage these IT Resources.
- All IT acquisitions including, but not limited to, software, hardware, =
IT consulting, and IT services by academic, administrative, and clinical &a=
mp; research departments will require approval for purchase from the Office=
of IRT (Information Resources and Technology) since IT Resources:
May be used by more than a single individual and/or have the likely =
potential for the same or
May need to interface with other University IT Resources or
- May be used to process, store, or transmit University data.
- The IT purchaser is responsible for obtaining all funds needed to purch=
ase, install, and maintain the IT Resource for current and future costs. Th=
ese funds will be transferred into the IRT budget via yearly DCA transfers =
(or other means as needed). The transfers will cover all cost, including:
The internal cost to install the IT Resource(s).
Any consulting required configuring or maintaining the IT Resource(s=
).
Any additional cost for bandwidth and storage.
Ongoing annual maintenance, licensing, and fees.
- Any additional cost to properly protect University data.
- NON-COMPLIANCE AND SANCTIONS
- Violations of this policy are strictly prohibited and may require the r=
emoval of any unapproved IT Resources at the purchaser's expense and possib=
le disciplinary action.
VII.&nb=
sp; ATTACHMENTS
- Attachment A - IT Acquisition Requests
By Direction of the CIO:
Mira Lalovic-Hand,
SVP and Chief Information Officer
ATTACHMENT A
IT ACQUISITION REQUESTS
Responsibilities:
- IT purchasers will submit IT acquisition requests, and make themselves =
available during the IT evaluation process to answer questions. IT purchase=
rs are required to notify IRT of any changes and/or cancellations prior to =
the renewal of IT Resources. IT purchasers are required to complete DCAs wi=
thin 10 days of notice from ITR so that funds are available to IRT to purch=
ase or maintain IT Resources.
- IRT functional leaders (or relevant committees) will evaluate each IT a=
cquisition request and recommend approvals to the CIO within a reasonable t=
ime frame.
- IRT staff or IRT approved delegates will image and manage all Rowan own=
ed computers
- Procedures
- Requests for the acquisition of IT Resources will be submitted to the O=
ffice of IRT via the University's On-line IT Acquisition Form available as =
an option in the Finance section of Banner Self Service.
- Academic IT Resources
- IRT functional leaders will review the request based upon the informati=
on provided in the on-line form's "Justification" section along with the fo=
llowing criteria: Can the University:
- Utilize concurrent licensing to eliminate wasteful per-workstation lice=
nse costs and only purchase based on actual monitored need.
- Where concurrent licensing is not available from a necessary vendor, le=
verage all individual licenses into one master agreement.
- Utilize existing University-licensed software (or other IT Resources) f=
or the request to achieve similar functionality.
- Utilize open sources or other lower cost alternatives if they provide s=
imilar functionality.
- Office of IRT will complete their section of the University's On-line I=
T Acquisition Form within 10 business days of its receipt.
- All Academic IT Acquisitions, including those exempt from this policy, =
must be authorized by and managed by IRT, and comply with all applicable IR=
T policies, as well as, state and federal regulations including, but not li=
mited, to FERPA, GLBA, and HIPAA.
- Administrative IT Resources
- IRT functional leaders meet with the requesting office to review the re=
quest based upon the following criteria:
- Does this IT Resource provide functionality that currently exists in ot=
her administrative IT Resources the University already licenses?
- Does the proposed IT Resource need to interface to existing administrat=
ive IT Resources that the University already supports?
- Will the proposed IT Resource contain data that the University will nee=
d to report upon via the Office of IERP?
- Area all offices that may be impacted as a result of implementing such =
IT Resource fully informed of the IT Resource 's potential impact on their =
operations?
- Assess all cost associated with IRT continuous support of the IT Resour=
ce(s).
- Assess percentage of improvement to current processes in cases where Ro=
wan does not have full capability requested.
- If the CIO determines that it is in the best interest of the University=
(based upon the recommendations by the IRT leadership team), to purchase t=
he IT Resource requested, the requesting office will be so informed. Prior =
to actual acquisition, the appropriate staff will work with the requesting =
office to fully develop an IT Resource implementation and support plan. IRT=
staff will meet with the requesting office, other impacted offices, and ve=
ndor representatives, to develop a proposed implementation and support plan=
. As part of this IT Resource implementation planning process the IRT staff=
will assess the maturity of the IT Resource for inclusion within the Unive=
rsity's production IT environment. The final plan will take into considerat=
ion the vendor's roadmap for updated releases to ensure the IT Resource ver=
sion purchased is indeed production ready. Only when the Office of IRT has =
approved the proposed plans will approval be granted for the IT acquisition=
. These plans will include the proposed project team, which will include th=
e Assistant Director of Enterprise Information Services who will represent =
IRT on the project team and serve as the technical project lead.
- All Administrative IT Acquisitions, including those exempt from this po=
licy, must be authorized by and managed by IRT, and comply with all applica=
ble IRT policies, as well as, state and federal regulations including, but =
not limited, to FERPA, GLBA, and HIPAA.
- Clinical IT Resources
- IRT functional leaders and Clinical System staff will:
- Review the IT acquisition request and discuss with the requesting offic=
e.
- Complete a Feasibility Analysis to identify current and future operatio=
nal processes and problems, requirements (business, application, hardware, =
network, resources, etc.), training, funding, and on-going support needs.=
li>
- Present Feasibility Analysis to RowanSOM Clinical Governance Committee =
for review. Governance Committee will determine if project should be funded=
and when the IT Resource will be implemented based on project prioritize c=
riteria.
- Notify the requesting department of the outcome.
- All Clinical IT Acquisitions, including those exempt from this policy, =
must be authorized by and managed by IRT, and comply with all applicable IR=
T policies, as well as, state and federal regulations including, but not li=
mited, to FERPA, GLBA, and HIPAA.
------=_Part_6519_1693275996.1710856647114--