Category: Information Technology
Responsible Office: Information Security Office
Responsible Executive: Vice President and Chief Information Officer (VPCIO)
Date Established: July 27, 2023
The University at Buffalo (UB, university) acknowledges the importance of software and web-based services in enhancing productivity and collaboration among faculty, staff, and students. The use of software applications comes with potential security and privacy risks that can compromise university data and systems. This policy outlines the approval requirements for software applications used by university personnel and students.
The University at Buffalo (UB, university) is committed to protecting the confidentiality, integrity, and availability of data important to the university’s mission. Software applications may have the ability to transmit, process, or store university data on a software platform or service. Software applications must have formal university approval to prevent the unintended disclosure of protected or restricted university data. Many free and low-cost software applications do not have the appropriate security protections in place that are required when accessing university data. This policy applies to all software used by faculty, staff, and students at the University at Buffalo, regardless of the source of the software.
The UB permits the use of software applications which meet the following conditions:
Third Party / Plug-In Software Applications:
Some software providers offer third-party software applications (3rd party app) and plug-in software which are not governed by the university’s software agreement. Each 3rd party app / plug-in is subject to its own terms, conditions, and privacy statements, and may pose a security risk if not properly vetted. All 3rd party apps / plug-ins are subject to the same requirements as traditional software applications and will be evaluated using the same standards, regardless of the application’s host platform.
All software must comply with all applicable State and Federal laws and regulations as well as all university policies and standards and may be subject to a legal review.
The VPCIO reserves the right to remove any software application that poses a risk to university data and systems without notice.
The university community collects, possesses, and uses a large amount of data to conduct university business. Some of this data is sensitive in nature and requires protection to comply with laws and regulations.
This policy applies to all software used by faculty, staff or students when conducting university business. Including but not limited to:
Software: The programs and related information used by a computer. These include but are not limited to:
Software Application Review Committee