Aims:
By implementing this strategy, the University of Aberdeen aims, where possible, to:
- Meet the software requirements of academics, professional services staff, and students.
- In doing so, ensure that this does not impact detrimentally on the security and efficiency of the University IT environment.
- Ensure compliance with budgetary constraints.
- Ensure compliance with security requirements.
Scope:
- This policy covers the acquisition, procurement and implementation of software to meet individual, group, and campus-wide needs.
- It includes acquisition/procurement of software by any UoA account holder.
- It excludes corporate systems.
-
Needs Assessment:
- We will conduct regular surveys and consultations with academic departments to identify software needs and ensure appropriate software is available for academic purposes.
- We will establish a centralised process to review and prioritise software requests based on academic and administrative requirements.
-
Procurement Process:
- We will implement standardised request processes for all software requests. See Service Catalog : IT Service Desk (freshservice.com)
- Where possible, we will encourage use of free at point of use, pre-approved/costed software, and open-source alternatives.
- We will guide users to better understand options and responsibilities when requiring and acquiring new software.
- We will assign designated teams to review requests based on academic need/available alternatives, security considerations, and budget constraints.
- Where there is no viable alternative we will support the acquisition/procurement of funded software (e.g. funded by research grants).
- We will ensure transparency in our processes and provide feedback to requestors.
-
Supplier Management
- We will establish relationships with reputable software vendors and negotiate agreements for volume licensing.
- We will develop a centralised procurement system with defined approval levels to ensure compliance with any constraints and reducing costs where possible.
-
Software Deployment and Integration:
- We will create and maintain centralised access points for users to understand available options (See Software Catalogue)
- We will create and maintain a centralised repository for approved software.
- We will regularly update the repository to include the latest approved versions and security patches.
- We will make available software versions (e.g. n, n-1) that meet our maintenance and security requirements, where possible, ensuring consistency across the organisation.
- We will consult with academic staff re classroom software prior to each academic year and agree software versions to be implemented for start of academic year. This version will be maintained for the full academic year, barring security issues arising and forcing an upgrade. Staff should consider this and ensure, where necessary, that they align with version offered to students as this can cause issues for students (as per NSS feedback).
- We will implement a user-friendly interface for easy access and installation by academics
-
Security Checks and Compliance:
- We will conduct thorough security assessments for all software before approval.
- Requesters will be asked to review requirements for SCDA process and progress with supplier where required.
- We will collaborate with the university's IT security and information governance teams to identify potential vulnerabilities and risks.
- We will establish a clear set of security criteria that must be met by any software to be used on university-managed devices or infrastructure.
- We will implement automated tools and manual checks to identify and address any security vulnerabilities promptly.
- We will develop and distribute guidelines for safe software usage and the reporting of security concerns.
-
Continuous Improvement:
- We will stablish a feedback mechanism to gather input from academics regarding the usability and security of deployed software.
- We will use user feedback to make continuous improvements to the software management and security strategy.
- We will stay informed about emerging technologies and trends in software management and security.
- We will update the strategy periodically to incorporate new best practices and technologies.