Products are reviewed prior to acquiring to ensure that information systems at WMU are effectively integrated, that those systems are effectively used across organizational boundaries, and to support evidence-based decision-making at the University. The IT acquisition policy defines the different levels of review and control, depending on the type of information system contemplated for acquisition. The Office of Information Technology ensures that the products will work within the University's computing and network architecture.
The product review process will be followed when the acquisition of information software or hardware:
- Uses University resources and/or University funds (i.e. general fund, designated funds, grant and/or donor funds, etc), or
- That manages data for core business functions of the University that require integration (enterprise system), or
- That manages data and/or performs specific functions and is integrated with an enterprise system (enterprise support system), or
- Principally supports one department, unit, or function and requires minimal integration, or
- That is an infrastructure system and largely managed by IT.
If the product being considered is an emerging technology for general purpose classrooms, follow the emerging technology adoption process.
- Review the IT acquisition policy to determine product category.
- Submit the product review initiation form.
This form alerts IT that an acquisition is being considered and provides basic information about the considered product.
- Review the contract review procedures guide and submit the contract review procedures checklist.
The guide explains the importance of completing a thorough contract review for any binding obligations for WMU individuals or departments. It includes the individual's responsibilities, a routing table for the various type of contracts, and proper contract management. The completion of the checklist is required for any contracts requiring authorized University personnel signature.
Unit IT support:
- Submit the product review checklist to email@example.com
The checklist provides more details regarding technical aspects of the product, vendor, data specifications, data security and administration support, testing, and accessibility of the product.
Unit IT support/vendor:
- Submit the Software as a service security assessment questionnaire to firstname.lastname@example.org
This form is required for products that utilize software as a service and/or cloud computing. Departments that are considering use of such products must be aware of the University's cloud computing policy regarding that use and the importance of maintaining the security of University data.
- IT reviews the forms and documents submitted by the requestor, unit IT support and vendor to determine the review type required.
- Business services reviews the contract review checklist and provides feedback directly to the requestor.
- If clarification of submitted information is required, IT will request a meeting.
- IT will contact the appropriate data steward(s) for consideration of the data integration potential, if appropriate.
- If the system is an enterprise system or enterprise support system, a pre-proposal is prepared jointly by IT and the requestor (see step 3).
- If the products are not defined as an enterprise or enterprise support system, proceed to step 3a.
Step 3 (Enterprise system or enterprise support system)
- A pre-proposal is prepared jointly by IT and the requestor. See pre-proposal checklist.
- Pre-proposal is submitted to the IT Executive Advisory Board, one week in advance of their next meeting in time to contact the requestor with any questions.
Step 3A (Enterprise support system/unit support systems/infrastructure systems)
- IT prepares a decision summary including pertinent information received, recommendations and next steps.
- In the case of a conditional approval, the requestor is responsible for following up with IT to determine acceptable solutions and outcomes.
- For an enterprise support system, IT may be required to contact the appropriate data steward and communicate status with the IT Executive Advisory Board.
- The process is complete after this step.
Step 4 (Enterprise system or enterprise support system)
- IT Executive Advisory Board discusses the pre-proposal information and provides feedback regarding the strategic value and data integration potential.
- If necessary, the board will also make the final determination if the acquisition constitutes an enterprise system, thus requiring it to proceed with final advisory board approval.
- If the acquisition has been determined to be an enterprise support system, proceed to step 3A.
Step 5 (Enterprise system)
For acquisitions determined to be enterprise systems, information regarding the proposed acquisition will be made available on the data and systems governance site and other venues described in the proposed communication plan in order to obtain University community (e.g. Educational Technology Committee, the Faculty Senate Academic and Information Technology Council and other constituent groups) feedback and endorsement.
Step 6 (Enterprise system)
- In preparation for the final approval by the IT Executive Advisory Board, the pre-proposal is expanded to include the additional items required for the final product proposal.
- IT will work with the requestor to establish which board meeting date will be the most appropriate for final approval.
- Final product proposal (no more than 10 pages) is sent to the advisory board, one week in advance of the meeting, for review and opportunity to contact the requestor with any questions prior to the meeting.
- IT will prepare a decision summary including the pertinent information received, recommendations, and next steps. This will be sent with the final product proposal to the advisory board, prior to the meeting.
Step 7 (Enterprise system)
The IT Executive Advisory Board reviews the final product proposal and votes on the proposed acquisition at the scheduled meeting.
Additional forms and information