Administering Office: Information Technology
Revised: September, 2007
Approved by Executive Council: September 22, 2008
The objective of this policy is to bring a systematic approach to the acquisition, security, utilization, maintenance, and disposition of desktop/laptop computer and server equipment and software used by the administration, faculty, and students at Western Carolina University.
Computers and related software and peripherals purchased by the University, will be managed and maintained by the University. Individual users may not install software or physical devices that prevent appropriate University personnel from accessing the equipment or software to conduct management or maintenance functions. The University may install software on university-purchased PCs or personal PCs connected to the campus network to do remote management and maintenance of computers and to protect the computers from viruses, malicious software (“malware” and spyware), etc. The Information Technology Division has overall responsibility for the acquisition, maintenance and inventory control of the University standard-compliant information technology.
Offices wanting to purchase and implement local server-based systems must develop a Service Level of Agreement (SLA) with the Information Technology Division that specifies the responsibilities of both parties in the implementation and maintenance of the system. The SLA must be signed by both the appropriate Dean or Vice Chancellor and the Chief Information Officer.
To accommodate varying needs in instruction and research computing, while avoiding excessive variability in equipment and software, academic computing purchases shall be standardized on the Windows and Macintosh operating systems. Determination of which system to choose shall be dependent upon the defined use. Information Technology will establish a limited list of standard hardware configurations that must be used by University faculty and staff, unless a departmental request for deviation from the standard has been approved by the Office of the CIO.
University desktop/laptop computer programs shall be standardized on selected vendor software packages (i.e., spreadsheet, word processing, antivirus, and antimalware, etc). When required to submit a document as a computer file to another University department or person, the department or person who submits the file is responsible for providing it in the standardized format. A Windows-based application should be used for administrative purposes if a compatible cross-platform version does not exist.
Information Technology shall develop or revise the list of approved vendor hardware and software packages in the spring of each year with the advice of the appropriate Information Technology advisory committees. This list will be submitted to the Information Technology Policy Council for approval. The list will be published on the University’s Information Technology web page.
Purchases of desktop/laptop computers, servers, disk drives, printers, and other external computer peripheral devices by Western Carolina University departments and offices must be accompanied by purchase and installation of security devices and software that effectively prevent theft of the equipment. Information Technology and Purchasing Office personnel will assist departments in identifying and procuring appropriate security methods for the equipment being acquired. Budgetary responsibility for purchase and installation of these security methods will reside with the University department acquiring the equipment.
Exceptions to this policy may be made for equipment whose value does not exceed $250, if the equipment is meant to be portable, or if the user department and the Director of University Police judge that the equipment's location will be sufficiently protected to minimize the risk of theft.
SOFTWARE LICENSE MANAGEMENT
All software products purchased with university-controlled funds shall have proof of license on file with the department ordering it. Information shall include product identification, license number, date of purchase, and user. Departments must maintain such records for software installed locally on computers under their control. Information Technology must maintain such records for software installed to run on the central computer system or from network servers managed by Information Technology or for site licensed software. This step will provide information to the University on its software assets and license obligations. Information Technology, with assistance from Legal Counsel, shall disseminate information concerning copyright and license responsibilities to desktop/laptop computer software users.
Information Technology is responsible for maintaining standards-compliant software and hardware. Departments purchasing non-standard hardware or software are responsible for its maintenance. Users shall be responsible for maintaining a backup copy of their software products (license permitting), applications, and data files. Desktop/laptop computer and server-based applications developed by a department rather than by the Information Technology shall be the responsibility of the department.
Desktop/laptop computer and server-based operations critical to the mission of the University shall have a Disaster Recovery Plan. The responsibility for identifying desktop/laptop computer operations critical to the mission of the University and insuring that a Disaster Recovery Plan for that operation exists rests with the responsible Vice Chancellor. The responsible Vice Chancellor will also report the Disaster Recovery Plan to the University Internal Auditor for inclusion in the University Disaster Recovery Plan.
REPLACEMENT AND DISPOSITION
Information Technology will annually publish an obsolescence schedule, giving at least a one year’s notice as to what software or hardware will no longer be supported by Information Technology. Once software or hardware reaches that cutoff date, it will be replaced by Information Technology if the software or hardware is their responsibility. If it is not, Information Technology will not be obligated to provide support for it. Software or hardware replaced by Information Technology may not be retained by the department, but must be turned over to Information Technology for disposal. The user is responsible for removing any data from a desktop/laptop computer before it is replaced. Disk drives from replaced desktop/laptop computers will be physically destroyed by Information Technology before they are surplused.