870 Software Regulations

RATIONALE:  Oakland University (University) licenses numerous Software programs for its own use. The University enters into a license agreement with the owner of each Software program pursuant to which the University assumes certain legally binding obligations that must be followed by its employees. This policy seeks to reduce University exposure in critical areas, improve vendor accountability, and assure Software use in compliance with license restrictions and copyright.

POLICY:  University Software must be procured and acquired using standard University purchasing procedures, purchased with University funds and must be licensed to the University and not to individual employees.

All University employees and users of University-licensed Software shall use the Software only in accordance with the license agreement. The University does not allow the installation of any Software on University Information Technology Resources without a valid license.

SCOPE AND APPLICABILITY:  This policy is applicable to all persons utilizing Software installed on any University Information Technology Resources. This policy also applies to all situations where University funds are used for Software purchase, either centrally or departmentally.

DEFINITIONS:  
  

Information Technology Resources:  Information Technology Resources includes without limitation, desktops, laptops, workstations, servers, tablets, smart-phones, appliances, application or hosting service provider services (ASPs), network devices, and any other hardware that makes possible the transmission, storage or use of Software.

Software:  Software means, in its broadest definition, electronically stored computer instructions, operating systems, utilities, applications, application or hosting service provider services (ASPs), Software as a service, and related documentation.

PROCEDURES:     

1.  Software Acquisition

Software license acquisitions will be initiated using processes documented by Purchasing and University Technology Services (UTS); Software purchased using personal funds will not be reimbursed. The Academic Computing Committee of the University Senate may provide input to Purchasing and UTS on the process as it applies to academic Software. Please review UTS Campus Software Procedures for specific instructions.

The University will make every effort to centrally fund Software that will:

1. be adopted as a University-wide standard;
   
   
2. be integral to the University’s technology infrastructure;
   
   
3. be implemented as part of a University initiative; or
   
   
4. allow the University to realize economies of scale.

Every effort will be made to avoid duplicative Software purchases.

The standard University purchasing procedures include evaluations of the following conditions, which may result in detailed review by UTS, the Office of Risk Management, the Office of Legal Affairs, and other departments as needed:

• Processing, storage, or transmittal of Confidential data as defined in OU AP&P #860 Information Security, including contracting with a third party to accept payment card processing on behalf of the University.
  
  
• Data collection or integration is expected for systems that process, store or transmit data classified as Operation Critical in OU AP&P #860 Information Security.
  
  
• Transferral of data currently residing on a University-owned computer or server or other device to a device not owned by the University.
  
  
• Login integration with the University’s identity management login structure is expected.
  
  
• Intended installation on a server managed by UTS.
  
  
• Specific or unusual network, storage or security requirements.
  
  
• Requirements for remote systems access or virtual private network (VPN) access.
  
  
• Intended for shared use in the University enterprise.
  
  
• Intended to be widely accessed over the University network.
  
  
• Requires regulatory or legal compliance or falls within the scope of a compliance program already managed by UTS.
  
  
• Intended installation in a virtual or imaged environment.
  
  
• Vendor acceptance of University standard terms and conditions.

2.  Software License Use

University use of Software shall be in compliance with the license agreement. No University employee shall violate the terms of a license agreement. Transferring possession of any copy, modification or merged portion of any licensed Software, whether gratuitously or for gain, shall be a violation of this policy and is prohibited by the University, unless transfer is explicitly allowed in the license. Such conduct may also violate state and federal law and subject an employee to civil and/or criminal penalties.

University employees who make, acquire, or use unauthorized copies of computer Software, or otherwise violate Software license agreements, or otherwise violate this policy shall be subject to discipline in accordance with OU AP&P #890 Use of Information Technology Resources and may also be subject to personal liability, including civil and/or criminal penalties as provided by state and federal law.

Personally licensed Software or Software that is free or purchased personally by an individual may be installed on University Information Technology Resources if the individual owner maintains a valid copy of the license with the device (i.e., a valid copy of the license must be kept with the computer). If an individual cannot produce a valid license upon request, the Software must be removed. Departments allow the installation of such Software at their own risk; Software must be removed if the employee who licensed the Software leaves the University.

Software may not be installed on any University server without a valid license that allows for server installation and shared use of the Software.

Software licensed by the University may not be installed on any device other than the device specified on the license.

3.  Software Management

Software is intended for the use specifically authorized in the applicable Software license agreements and remains the intellectual property of the owner and is protected by copyright or patent.

Each Software license will have documented rules for appropriate installation and use, and metrics for payment for such use. Metrics may include seat count, named user list, installation count, processor count, University enrollment data, fixed monthly fee, site license or a variety of other metrics depending on the Software, the category of Software and the vendor. The University department or unit acquiring Software is responsible for verifying appropriate installation and use of the Software, for maintaining documented records in support of the required metrics, and for covering additional costs related to expanded or changed metrics. 

4.  Operations

Software installations cannot impair the operation of University network and servers. Software installations may also have risks for desktops, causing slow or unreliable performance. If found to be in conflict with University policies, or in conflict with educational, business, network or server operations, Software will be removed, or the hardware running the Software will be disconnected from or otherwise blocked from network connectivity, in compliance with OU AP&P #850 Network Policy and #890 Use of Information Technology Resources. 

5.  Responsibility

The responsibility for complying with this policy rests with each employee. Employees shall report any violations to their unit supervisors. Unit supervisors shall report violators for appropriate investigation and discipline. The individual with signing authority for purchase of Software, or that individual’s designee, is responsible for understanding the license installation, license use metrics, vendor management, and the ongoing verification of license compliance. Violations will be sanctioned according to University policy, including without limitation, OU AP&P #890 Use of University Information Technology Resources.

RELATED POLICIES AND FORMS: 

OU AP&P #850 Network Policy

OU AP&P #860 Information Security
   
OU AP&P #880 System Administration Responsibilities
 
OU AP&P #890 Use of Information Technology Resources

OU AP&P #1000 Procurement Policy

OU AP&P #1020 Purchasing Card Procedures

UTS Campus Software Procedures

APPENDIX: