Technology Review Process

Overview

The Technology Review Process is designed to review all software and technology that will be used at the University of Iowa. The goal is to reduce software duplication, make sure software is licensed correctly, and assess and limit risk from software purchased by the university.

All technology and software purchases must go through the local IT Director (individual faculty/staff cannot submit them). The IT Director knows what is going on in the colleges/department and should be in a better position to facilitate the review. If you are an end-user, please contact your IT support person to get the process started. List of Technical Support contacts (most areas).

All technology and software purchases should be reviewed.

High-Level Process

  • Security Review
    • All software and technology purchases are required to go through a Security Review.
  • Technology Review
    • All technology purchases should receive a technology review, many will be completed by the IT Director (without involving Purchasing)
    • Any questions on licensing (e.g., do I have the correct license, who can use it, how/where they can use it, etc.) can be sent to the Software Licensing team. Some questions may be answered at the bottom of this page.
    • Determine if a Technology Review must go to Purchasing (based on bypass rules)
    • If Technology Review must go to Purchasing, additional information/documents need to be collected and sent to UI Purchasing

Note: This process should not bypass the OneIT Governance Process. Technology purchases that are a significant dollar amount or could have a considerable impact on campus should go through the OneIT Governance Process.

Steps to complete the technology review

Step 1: Find an existing tool (completed by IT Director)

Please review the software and tools we already have on campus to see if the tool is available or if there is a suitable replacement to fulfill user needs. Tools on the following lists do not require a review:

Step 2: Submit a security review (completed by IT Director)

Submit the security review workflow form. All software and technology purchases are required to go through a Security Review, which also includes an accessibility review. If you purchase prior to the security review being completed the department is responsible for any risks identified in the completed security review. 

ISPO will then review the technology and provide any feedback or comments that they have. Security assessed software list. 

Step 3: Determine if a full review is needed (completed by IT Director)

A full technology review does not need to be completed if the vendor will not have unsupervised access to students, patients, or data AND if at least one of these is true:

  • Trial use/versions of tools, submit after trial if you are moving forward
  • Under $10,000.00 cost
  • Free, Open Source or included with hardware at no additional costs

If the above conditions are true then no additional review is required. The IT Director can proceed with acquisition and move to Step 6.

Send licensing questions to the Software Licensing team (e.g., do I have the correct license, who can use it, how/where they can use it, etc.). Some questions may be answered at the bottom of this page.

Step 4: Full review workflow form (completed by IT Director)

If the IT Director determines they cannot bypass the full review process, then the IT Director shall complete the new technology licensing review form, save it as a PDF, collect the required information and documentation, and submit everything as indicated on the workflow. This form is important because it includes information needed by Purchasing, instructions on how to proceed and a list of required documentation are included as part of the workflow.

  • Preq $10,000 or above - If the purchase is $10,000 or above please submit the documents as attachments on the Preq.
  • Pcard or Preq below $10,000 - If below $10,000 please submit the documents for review directly to purchasing-contracts@uiowa.edu as attachments.

Also, please include a note in the email (Pcard or Preq below $10,000) or in the internal notes of the Preq ($10,000 or above) with your name and title, confirming that the Security Review has been submitted and note if this tool required a "full review" or not. 

Step 5: Full technology review (completed by Purchasing):

Purchasing will utilize the information/documentation provided by IT Director and take the following actions:

  • Check for pre-existing vendor relationship or contract
  • Review if a signature is required
  • Load the information into Collaborate as necessary
  • Request a review or assistance from Legal, Treasury, or Risk Management as deemed necessary
    • Have the contract executed
    • Return the contract to the vendor and the IT Director
    • If a Preq is in Purchasing Workflow, the contract will be attached to the Preq and sent with the Purchase Order to the vendor
    • Purchasing will not approve the requisition until IT Director has confirmed the Security Review form has been submitted

Step 6: Finalize review (completed by IT Director):

The IT Director will then be responsible for confirming that the Security Review process is completed and will implement the technology in accordance with the license.

Resources

Security and accessibility information:

Tools on campus:

Reviewing for Technology or Software Tools

The IT Director will be responsible to review both the terms and the quote to make sure the right tool is being purchased for the desired use. Feel free to contact the Software Licensing Team for assistance if needed. 

The quote and the terms should match the number of users or installs and how the technology tool or software is intended to be used and distributed.

License Types

  • Could be listed as site/enterprise vs. network vs. subscription (typically per named user) vs. named user vs. stand-alone licenses.
  • If site/enterprise, get this defined (who/where/how, see below).
  • Is it a “personal” license? Many times, that is not for University of Iowa use.
  • Are these per user, per concurrent user or per install and make sure it matches your needs.
  • Is the license per version (single version, no expiration date) or termed (expires after a defined period of time, could include several versions, usually annual).

Who can use the tool?

  • Could be listed as faculty, staff, students, contractors, and/or the public.
  • Look for language restricting to licensee “persons” or “employees” and make sure it matches your needs and is defined clearly. Example: Do “persons” include faculty, staff, and students.
  • Do you need persons other than what is listed?

Where can we use the tool?

  • Could be used as on and/or off campus?
  • Can it be used on UI or personally owned systems?
  • Can this be used and made available in a virtual environment?
  • Look for language restricting to a “licensee owned” or “licensee managed systems” and make sure it matches our needs.

How can we use the tool?

  • Could be listed as educational/academic vs research vs administrative.
  • Make sure an education/academic is not restricting your use.
  • Get a definition what how the vendor defines educational/academic. Is it educational/academic use or educational/academic pricing with any use for a campus?
  • Define your research (UI funded vs. federally funded vs. outside funded)
  • Get a definition for the research use if not specified.
  • At times federally funded or outside funded require commercial licenses.

If the quote and contract are not specific, request clarification from the vendor in writing and keep that documentation with the final contract.