University Technology Purchasing and Onboarding Procedure

Step 1: If you have identified a software/technology for purchase or for a pilot program, contact the vendor and ask the vendor to complete the Risk Assessment Questionnaire

Once the Risk Assessment Questionnaire has been completed and returned, proceed to Step 2.

Step 2:Contact the UEIC to schedule a consultation.

If the assessment and UEIC consultation do not identify any security issues, proceed to Step 3.

Step 3: Email Information Security with the following information, if you elect to (1) conduct a pilot program or (2) purchase the product.

  • Identify any potential for sharing or exposing HIPPA- or FERPA-protected information. If protected information is shared or potentially exposed, Information Security (Info Sec) may recommend or require a Business Associates Agreement (BAA) be signed by the company to mitigate impact of a cyber incident.
  • Indicate if the pilot requires connection to the MUSC environment on one of MUSC’s protected cloud tenants (e.g., Office 365).

After emailing Information Security, proceed to Step 4.

Step 4: Complete the UEIC Software Decision Analysis Request form and submit it to UEIC.

Your responses to the UEIC Questionnaire are reviewed during the approval process. It is critical that you thoroughly answer all questions.

  • Who supports the system operation? (This is the person responsible for serving as the system administrator.)
  • Who is paying for the system? (This is the system owner.) The system owner will be asked to address initial cost and future maintenance and costs.
  • Will this technology share patient or student information? If so, did Info Sec approve it or was a BAA signed (see Step 3)?
  • Will this technology require connection to the MUSC environment or a protected cloud tenant? If so, did Info Sec approve it or was a BAA signed (See Step 3)?
  • Are you aware of any similar or redundant technology on campus? If so, what does this technology do that the existing technology does not achieve? If you are unsure if an existing technology is redundant, please identify the existing technology, and the UEIC will help determine if the existing technology achieves the same goal.
  • Does the system support Single Sign On (SSO) authentication?
  • Does the system integrate with another technology on campus (example: BrightSpace)? If so, how does this change the way the proposed technology is used, accessed, and operates. (In many cases when a technology or application is a stand-alone system it works differently than it would when integrated with another application.)

After completing the UEIC Software Decision Analysis Request form and submitting it to UEIC, proceed to Step 5.

Step 5: Contact the UEIC and schedule a time to present your technology/software to the UEIC.

If your technology/software is approved, the UEIC can streamline the process of onboarding the technology/software. Major decision-makers in procurement, information systems, legal, and other key areas are members of the UEIC, thus lending their expertise to a more efficient approval and onboarding process.