TTUHSC IT Policies
6. I.T. PROCUREMENT REVIEW
With the increased deployment of I.T. resources at TTUHSC, the Institution must strategically
review procurements to ensure they are consistent with the Institutional direction
to achieve an integrated environment. This policy’s intent is to provide guidelines
for I.T. procurements and to establish an I.T. procurement procedure that allows the
individual departments and schools flexibility in making their technology purchases.Refer
to TAC 216 and HSC O.P. 56.03, Project Management, for additional information about I.T. resources and procurement review.
The CIO is the delegated authority for establishing I.T. purchasing procedures that
comply with the Institutional purchasing requirements and meet the needs of the Institution.
Prior to making I.T. purchases, schools and departments must ensure:
In order to standardize the hardware configuration and software packages used in this
Institution, schools and departments are strongly encouraged to review the following
I.T. recommendations before making any purchases:
The technology needs of the various schools and departments within TTUHSC are admittedly
diverse. While units of the Institution have the flexibility to address their departmental
I.T. needs, this policy requires strict adherence to the I.T. procurement guidelines
First and foremost, TTUHSC Department of Purchasing rules and regulations govern all
Institutional purchases, regardless of the nature of the purchase or the items purchased.
Detailed purchasing guidelines can be found in the Department of Purchasing’s online
In order to ensure the consistency and efficiency of the TTUHSC I.T. environment:
- The CIO or their designee must approve all I.T. purchases in the area of hardware,
software, and I.T.-related contracts amounting to $25,000 or greater.
- Any I.T. purchases that, when utilized, could affect the normal operation and functionality
of the I.T. environment must also be approved by the CIO, regardless of the cost.
(Network devices such as routers, hubs, and firewalls could affect the security and
integrity of the TTUHSC network infrastructure. For example, an unapproved router
could cause IP address conflicts when installed on the network, a remote desktop program
could inadvertently advertise the availability of an open port on the network, and
a non-standard firewall could prevent access to the network even to legitimate users,
and unapproved videoconferencing equipment or systems could create compatibility issues
that could adversely affect the quality of distance learning and similar videoconferencing
sessions on the TTUHSC network.)
Before implementing new preventative measures TTUHSC Information Technology will perform
a risk assessment to weight the cost of implementation versus the risk of loss related
to non-implementation (e.g. financial, repetitional, business impact). Additionally,
the TTUHSC Managing Director of Network, Security, and Systems must approve certain
network-related hardware and/or software purchases beforehand. These include, but
are not limited to:
- Network IDS
- Host-based IDS
- Virus protection
- Vulnerability assessment
- Video bridges
- Video codecs
- Video content capture and streaming devices
For detailed guidelines, refer to the Security Policy.
Procurements that require prior approval must be submitted to the CIO and/or the Information
Security Officer prior to submitting the procurement documents to Purchasing or obligating