Software Installation and Vetting Procedure

Steward

Vice President of Institutional Effectiveness and Technology Solutions

Purpose

To ensure that all software agreements and “Software as a Service” contracts entered into by an employee on behalf of Minnesota State Community and Technical College comply with the guidelines set forth by Minnesota State system and Minnesota state law.

Procedure

1. Any employee who requests a piece of software to be installed, to use a Software as Service, or renew an existing software application or service, must check to see if the software they are requesting has been vetted with the Minnesota State system.

To do that:

Check the Minnesota State system software contract website (scroll to the bottom and click on Internal System-wide Contracts and Software Agreements); or
Reach out to your local Computer Help Center

2. If the software or service has not been vetted, fill out the online Software Vetting and Installation Request. Note: this information may also be found in the Employee Portal > Information Technology > Files and Forms.

3. Once the Software Vetting and Installation Request form has been completed, a ticket will be created. If additional information is needed or when status updates are available, they will be communicated via the ticket. A timeline will also be provided.

4. The standard information collected is sent to the System Office General Counsel for review by the System Office Security Team to determine if there are any data risks. If there are any data risks and they cannot be resolved between the vendor and security office, the process cannot continue and the College will deny purchase.

5. If no data security risks are identified, the vendor will be contacted to see if they are willing to negotiate their End User License Agreement (EULA).

If yes, the process can continue. The EULA will be submitted to the System Office General Counsel for review/redlines
If no, and negotiations fail with the vendor, proceed to step 7

6. After review, the System Office Legal Counsel will report their findings and the information will be sent back via the ticket system.

Based on the report, the supervisor and requestor discuss three options:

Work with the Vendor to modify the agreement (if needed) and purchase the software; or
If no agreement can be reached, an alternative software/service solution may be needed (repeat the process); or
Complete an Indemnity Clause Acknowledgement Declaration in the College's Employee Portal > Files and Forms. Submit the completed form to the President’s Cabinet for consideration.

References

Software Vetting and Installation Request

Indemnity Clause Acknowledgement Declaration

System-wide Academic and Technology Software Agreements/Contracts

Associated Policies and Procedures

Minnesota State Community and Technical College Software Installation and Vetting Policy

Board Policy 5.13 Information Technology Administration

Board Policy 5.22 Acceptable Use of Computers and Information Technology Resources

Next scheduled review

July 1, 2024

Policy author(s)

Dan Knudson