Expand | ||
---|---|---|
| ||
The UMBC software review process is a comprehensive assessment of software purchase and renewal requests for compliance with security, technical, procurement, and legal policies. |
Expand | ||
---|---|---|
| ||
The review process is designed to reduce risks associated with data integrity, shared network services, and contract requirements between third party vendors and the University. |
Expand | ||
---|---|---|
| ||
|
Expand | ||
---|---|---|
| ||
Yes. However, software installed on a local machine is usually reviewed more quickly and is of lower risk. |
Expand | ||
---|---|---|
| ||
DoIT Business Analyst, DoIT Security, UMBC Legal, and UMBC Procurement |
Expand | ||
---|---|---|
| ||
DoIT Business Systems Group: The primary point of contact throughout the review process. Manages and supports the review when needed. Conducts initial inventory and information gathering. DoIT Security: Reviews the product for any security vulnerabilities, data management, and other technical risks of product use. Creates recommendations for the requestor, legal, and/or DoIT Business Analyst. DoIT Technical: Oversees the review of products requiring SSO and/or an interface. Provides DoIT Business Analyst with feasibility and timeline estimates. Legal & Procurement: Oversees the legal/procurement review. Modifies terms and Contracts. Ensures UMBC legal risk is mitigated and procurement requirements are met. |
Expand | ||
---|---|---|
| ||
New: 1-4 weeks Renewal: 1-2 weeks |
Expand | ||
---|---|---|
| ||
Software for research may often fall under different guidelines and policies which may expedite or reduce the need for a review. Products should still be submitted so that they may be inventoried by DoIT, but the review process may be shorter in comparison to non-research reviews. |
Expand | ||
---|---|---|
| ||
You can expedite this process by providing the Business Analyst with any of the following information when submitting your ticket:
|
Expand | ||
---|---|---|
| ||
The software could be denied for a number of reasons which commonly include:
|
Expand | ||
---|---|---|
| ||
If the product has been purchased or renewed but has not been vetted by DoIT security, a review will be conducted within the next year to avoid interruptions and maintain business continuity. Be aware that you may receive outreach from a member of the DoIT security office during this time period. |
Info | ||
---|---|---|
| ||
|