Please allow a minimum of several weeks for the review process.
Provide the following when you submit the form:
- Vendor contact name and email
- VPAT (accessible)
- SOC 2 Type II Report or similar security control documentation
It is best if your technology staff submits the form. This implies consent from the department to purchase this tool.
- Introduction of tool on campus
- Notification of new agreement/terms
- Change in use (e.g., you noted and licensed academic use and now you want to add research use)
- Change in features (e.g., the tool has added cloud features to an installed software)
We may be able to bypass the review process if at least one of these are true:
- Trial use/versions of tools, submit after trial if you are moving forward
- Under $250.00 cost
- Free or Open Source
And if none of these risk factors are present:
- Cloud based
- Confidential information
- Vendor will be on campus
- Signature is required
- Over 500 users or open to the public
- Required tool (class or departmental work)
Some tools note free use, but when you get to the agreement, terms or web descriptions it is disclosed that it is free for personal (vs. enterprise) use, for one install/one user only, or other restrictions. If in doubt, submit the review form.
- Departmental IT Persons
- ITS Enterprise Services (email@example.com)
- ITS Accessibility Office (Lead: Todd Weissenberger)
- ITS Security and Policy Office (Lead: Warren Staal)
- Office of the General Counsel (Lead: James Jorgensen)
- UI Treasury Office (In app/cloud purchasing)
- Purchasing (firstname.lastname@example.org)
- Vendor (quote, agreement/terms, security and accessibility feedback, revisions, addendums)
- There may be others based on the risks and use
If you are submitting a PO, Purchasing will take care of that. Otherwise, the department is expected to obtain counter-signature or confirmation that they accept our revisions.
All software – including shrink-wrapped goods, shareware and free downloads – have a license agreement.
Agreements can come in the following forms:
- Document signed by both parties
- Click-through (clicking “I agree”)
- Document in the box
- Document in a manual
- Text “read me” file on the disk
- Terms on the website
These are all legally binding agreements.
The only person who has delegated authority to sign or authorize these type of agreements is the UI Director of Purchasing. The Director of Purchasing consults with the Office of the General Counsel before signing these agreements to ensure the interests of the University of Iowa are covered. Generally, individuals, including managers, department heads or deans, do not have proper signature authority to sign and execute these type of agreements on behalf of the University.
To avoid institutional and/or personal liability, license agreements should be evaluated and reviewed from a legal perspective before acceptance. If you sign an agreement, click “I agree,” or agree to terms in any fashion, regardless of cost (including free web downloads), without this evaluation and proper signature process, you may be assuming personal and institutional liability. The potential ramifications include personal financial exposure, disciplinary action, and/or criminal liability.
- Export To ensure the University does not violate any export regulations or expose the University to undue risk.
- Usage Most vendors have different types of licenses for different use. We review licenses to make sure we are licensing technology for the correct population, where they need access and how they need to use the software.
- Signature Authority The only person who has delegated authority to sign or authorize these type of agreements is the UI Director of Purchasing. Generally, individuals, including managers, department heads or deans, do not have proper signature authority to sign and execute these type of agreements on behalf of the University. If you agree to terms outside of this process, you are accepting personal liability.
- IP Rights/Risks As a higher education institution which has many patented and/or copyrighted products we need to respect the intellectual property (IP) rights of others.
- Accessibility The University of Iowa is committed to providing equal opportunities to all.
- Cloud Tool Review of cloud services for storage, collaboration, office automation and general computing tasks. The most important part to understand is that University data must be properly protected.
- Risk of Safety or Property Damage In reference for medical and facility type tools.
- Confidential Information Institutional data is information that supports the mission and operation of the University of Iowa. It is a vital asset and is owned by the University. It is likely that some institutional data will be distributed across multiple units of the University, as well as entities outside. Institutional data is considered essential, and its quality must be ensured to comply with legal, regulatory, and administrative requirements.
- Vendor on campus Review agreement to cover the University of Iowa in the case of misconduct.
Licensing Reviews (Usage)
- Who is using the software?
- Where are they using the software?
- How are they using the software?
- Make sure the terms match the use
- Export language
- Confidential information if vendor has access
- Other items deferred to them by other reviewers
- Cloud based tools
- Tool is required for class or departmental work
- Over 500 users or open to public
- Financial transactions within tool
- They take recommended revisions and apply them to the terms/agreement
- Obtain authorized UI signature if necessary
Most Open Source agreements have been evaluated and approved. Please insure sure your use...
- Will comply with all the notice requirements and any other technical requirements included in the license.
- You intend to use the software will not involve a risk to human life or property damage.
If you cannot comply with above then the agreement should be reviewed, please submit a Technology Review Form.
Things to consider when purchasing Fonts:
- Clarify if you need per user or per system license. Per system licenses are typically required.
- Go through the font foundries/order direct from developer if possible, avoid third party sources.
Vendors known on campus:
- Adobe Font Folio (has many fonts included, you may want to check this option first). Available via the UI Bookstore $191.95/install
- Hoefler & Company Fonts
- House Industries
- International Typeface Corporation (agreement not reviewed, submit a review form)
- James T Edmondson via Lost Type Co-op
- Lost Type Co-op
- Monotype GmbH
- Monotype Imaging Inc.
As a higher education institution, the University of Iowa has a diverse population of students, faculty, and staff who are engaged in a myriad of academic and scientific endeavors. Due to this wide array of activities, the University of Iowa must address the potential risk of any technology or software when it is purchased. Therefore the following general categories have been developed to help departments and the ITS Campus Software Program understand the University’s legal risk when purchasing tools. These categories are general and for reference purposes only.
Low Risk – Agreements may be determined to be low risk if:
- the tool is low cost or free.
- there is no foreseeable risk of litigation based on your usage of the tool.
- there is no risk to human life or safety by using the tool.
- there is no risk of property damage by using the tool.
- the use of the tool does not involve processing, storing or compiling confidential information. (Information that may be proprietary to the University or a third party or information that is required to be held confidential for one of many reasons including contract provisions or federal regulations such as HIPAA or FERPA or Social Security Numbers or research data.)
- the tool is not export controlled. (“Export Controlled” means U.S. Export Control regulations are mentioned in the Agreement. The ITS Campus Software Program will review this issue for the department/purchaser.)
- the vendor will not have representatives physically present on campus at any time.
Some Risk – The concerns that are not in agreement in the Low Risk definition or any additional risks as determined by the department. These licenses will need to be negotiated to reduce the risk to the institution, the department and the individual.
Not Recommended – These will need to be discussed directly between the Office of General Counsel and Department Head.