Purchasing Software

All software requests require advance IT clearance, and must now be made through ShopBlue.  This is a change from previous procedures.

Key Changes:

• Obtain IT clearance from your Distributed IT Support Staff prior to submitting a software purchase requisition.
• Log in to ShopBlue and submit a non-catalog item requisition with the IT clearance attached.
• All software purchases, including PCard purchases, must be submitted in ShopBlue. Purchasing will determine if PCard is an appropriate purchasing method or if a purchase order is required.
• ShopBlue is now the only approved method for software procurement.

This new process ensures that all software purchases receive proper review and approval before implementation, protecting the university and ensuring compliance with all applicable regulations.

Ensuring the security of UB data is a vital part of our business operations. UB has different security requirements depending on the nature of the data or IT resources the supplier will handle. The most significant risk is associated with purchases that require the use of Category 1 or Category 2 data, as per the Data Risk Classification Policy.

Not sure what category of data you intend to use? Your Distributed IT Support Staff can assist you in determining the type of data you intend to use. 

• Purchasing will be unable to process your software order without the pre-purchase approval.
• Students and the public with disabilities may not be able to access the required tool.
• Violation of UB Electronic and Information Technology (EIT) Accessibility Policy, Americans with Disabilities Act (ADA), Section 504 of the Rehabilitation Act of 1973 and the New York State Human Rights Law.
• Possible breach of personally identifiable, FERPA and/or HIPAA information.
• Inability of central services to integrate products or provide adequate support.
• Possible violation of UB's rules for conducting financial transactions.

This review process applies to:

• Web-based services - hosted software applications that are installed, hosted and accessed entirely over the internet.
• Cloud computing - offered via a cloud service or cloud provider.
• Server-based software - requiring installation on UB servers.
• Public-facing services - any service or software accessed by students or the public via UB or third party webpages.
• Payment processing systems - any software or service that collects payments or requires PCI compliance (credit card use).
• Data-sensitive applications - any software or service that contains or exchanges Personal Identifiers (PID) or HIPAA data.
• Cloud migrations - any upgrade from current on-premise software to cloud-based services or software.
• Enterprise software - all enterprise-based software or campus-wide software.
• Multi-year renewals - not previously vetted through this process.
• No-cost software - open source, freeware, shareware and no-charge products.

This process incorporates review and approval by the Office of Equity, Diversity and Inclusion (EDI), Financial Management and the Vice President Chief Information Office (VPCIO) prior to purchase. The end result is to provide a recommendation or approval regarding the purchase of the software, service or application.

• For new software needs, contact Distributed IT Staff first.
• For new requests and renewals, contact UBO (Unit Business Officer).

• Submit a formal purchasing request through ShopBlue.
• Attach IT clearance if you've already obtained it.
• For freeware or pilot software, attach vendor terms and conditions and required policies from the vendor's website.

The request goes through multiple review stages:

• Purchasing initial review - determines bid vs. no-bid based on cost thresholds.
• Financial Management review - checks credit card processing and student fee requirements.
• Software Review Team - evaluates accessibility, cybersecurity, infrastructure alignment and redundancy.
• Purchasing procurement decision - reviews dollar thresholds, funding sources and procurement methods.
• Legal review - additional terms and conditions review and contract negotiations as needed.

• Execute the chosen procurement method to complete the purchase.

• The process varies depending on software cost, complexity, and whether it involves student fees.
• Legal review timing depends on vendor terms and conditions complexity.
• Multiple departments collaborate to ensure compliance with accessibility, security and financial requirements.