University Technology Purchasing and Onboarding Procedure

Step 1

Upon identifying a software/technology solution for purchase or a pilot program, you will need to complete the Information Solutions Vendor and Product/Service Risk Assessment. Upon completion of the form, please advise the vendor that they should be receiving a form to complete as well.

Step 2

Contact the University Education Infrastructure Committee (UEIC) to schedule a consultation. Upon Information Solutions and UEIC confirming there are no security issues, you may proceed further.

Step 3

Email Information Security with the following information, if you elect to (1) conduct a pilot program or (2) purchase the product.

  • Identify any potential for sharing or exposing HIPPA- or FERPA-protected information. If protected information is shared or potentially exposed, Information Security (Info Sec) may recommend or require a Business Associates Agreement (BAA) be signed by the company to mitigate impact of a cyber incident.
  • Indicate if the pilot requires connection to the MUSC environment on one of MUSC’s protected cloud tenants (e.g., Office 365). 

Step 4

Complete the UEIC Software Decision Analysis Request form and submit it to UEIC. Your responses to the questionnaire are reviewed during the approval process. It is critical that you thoroughly answer all questions.

  • Who supports the system operation? (This is the person responsible for serving as the system administrator.)
  • Who is paying for the system? (This is the system owner.) The system owner will be asked to address initial cost and future maintenance and costs.
  • Will this technology share patient or student information? If so, did Info Sec approve it or was a BAA signed (see Step 3)?
  • Will this technology require connection to the MUSC environment or a protected cloud tenant? If so, did Info Sec approve it or was a BAA signed (See Step 3)?
  • Are you aware of any similar or redundant technology on campus? If so, what does this technology do that the existing technology does not achieve? If you are unsure if an existing technology is redundant, please identify the existing technology, and UEIC will help determine if the existing technology achieves the same goal.
  • Does the system support Single Sign On (SSO) authentication?
  • Does the system integrate with another technology on campus (example: BrightSpace)? If so, how does this change the way the proposed technology is used, accessed, and operates. (In many cases when a technology or application is a stand-alone system it works differently than it would when integrated with another application.)

Step 5

Schedule a time to present your technology/software solution to the committee by contacting UEIC. Once your technology/software solution is approved, UEIC can streamline the process of onboarding the technology/software. Major decision-makers in procurement, information systems, legal, and other key areas are members of UEIC, thus lending their expertise to a more efficient approval and onboarding process.