TTUHSC IT Policies
6. I.T. PROCUREMENT REVIEW
With the increased deployment of I.T. resources at TTUHSC, the Institution must strategically review procurements to ensure they are consistent with the Institutional direction to achieve an integrated environment. This policy’s intent is to provide guidelines for I.T. procurements and to establish an I.T. procurement procedure that allows the individual departments and schools flexibility in making their technology purchases.Refer to TAC 216 and HSC O.P. 56.03, Project Management, for additional information about I.T. resources and procurement review.
The CIO is the delegated authority for establishing I.T. purchasing procedures that comply with the Institutional purchasing requirements and meet the needs of the Institution.
Prior to making I.T. purchases, schools and departments must ensure:
In order to standardize the hardware configuration and software packages used in this Institution, schools and departments are strongly encouraged to review the following I.T. recommendations before making any purchases:
The technology needs of the various schools and departments within TTUHSC are admittedly diverse. While units of the Institution have the flexibility to address their departmental I.T. needs, this policy requires strict adherence to the I.T. procurement guidelines contained herein.
First and foremost, TTUHSC Department of Purchasing rules and regulations govern all Institutional purchases, regardless of the nature of the purchase or the items purchased. Detailed purchasing guidelines can be found in the Department of Purchasing’s online Procurement Manual.
In order to ensure the consistency and efficiency of the TTUHSC I.T. environment:
- The CIO or their designee must approve all I.T. purchases in the area of hardware, software, and I.T.-related contracts amounting to $25,000 or greater.
- Any I.T. purchases that, when utilized, could affect the normal operation and functionality of the I.T. environment must also be approved by the CIO, regardless of the cost. (Network devices such as routers, hubs, and firewalls could affect the security and integrity of the TTUHSC network infrastructure. For example, an unapproved router could cause IP address conflicts when installed on the network, a remote desktop program could inadvertently advertise the availability of an open port on the network, and a non-standard firewall could prevent access to the network even to legitimate users, and unapproved videoconferencing equipment or systems could create compatibility issues that could adversely affect the quality of distance learning and similar videoconferencing sessions on the TTUHSC network.)
Before implementing new preventative measures TTUHSC Information Technology will perform a risk assessment to weight the cost of implementation versus the risk of loss related to non-implementation (e.g. financial, repetitional, business impact). Additionally, the TTUHSC Managing Director of Network, Security, and Systems must approve certain network-related hardware and/or software purchases beforehand. These include, but are not limited to:
- Network IDS
- Host-based IDS
- Virus protection
- Vulnerability assessment
- Video bridges
- Video codecs
- Video content capture and streaming devices
For detailed guidelines, refer to the Security Policy.
Procurements that require prior approval must be submitted to the CIO and/or the Information Security Officer prior to submitting the procurement documents to Purchasing or obligating the Institution.