Rule 4-050A- University Enterprise Software

1. Purpose and Scope

   1. Purpose: The purposes of this Rule include establishing a framework for identifying the scope, purpose, and total cost of ownership (TCO) associated with University Enterprise Software (herein defined), for University of Utah Hospitals and Clinics and the University of Utah.

      1. It is important to understand the scope of University Enterprise Software so as to calculate accurately TCO, including costs associated with integration of the software to other IT systems. Scope is determined by the number of University units that will utilize the software and the number of students, faculty, staff, and guests who will utilize the software.

      2. Understanding the purpose of the software will help to avoid duplication (by determining whether the University currently has the same or similar software), and to make sure that the intrinsic “delivered functionality” of currently-owned software is investigated before purchasing new software. This will help ensure that University resources are not wasted through repurchasing or developing already-existing functionality

      3. The University is best served by fully understanding the TCO of Enterprise Software so that institutional strategy and decisions are informed by accurate financial impact information.

      4. The purpose of this Rule includes promoting appropriate collaboration between University administrative and academic units, Purchasing, University Information Technology, Risk Management, Information Security, General Counsel, Health Sciences, University of Utah Hospitals and Clinics, and University senior administration on 1) the purchase, lease, development, or other form of acquisition of University Enterprise Software; 2) data and services associated with such Enterprise Software, and 3) costs for the proposed software.

         To accomplish this collaboration, in accordance with this Rule the University establishes an approval process for the acquisition (including acquisition by development) of all University Enterprise Software applications. This process provides 1) a transparent environment for Enterprise Software proposals across the entire institution; and 2) a proposal feedback mechanism for any interested University party.

   2. Scope: This Rule applies to all units of the University of Utah Hospitals and Clinics and the University of Utah.

2. Definitions

   These definitions apply for the limited purposes of this Rule and any associated University Regulations.

   1. The definitions provided in Policy 4-050 apply for purposes of this Rule, including the definitions of software, system software, programming software, application software, and University Software.

   2. University Enterprise Software — is hereby defined as University Software that:

      1. Will have broad institutional impact, affecting the operations of more than one University unit, and/or

      2. Will require integration with PeopleSoft or other enterprise software applications currently in use at the University.

         Exceptions to the above definition (which may result in exempting a particular version of software from certain requirements otherwise applicable under this Rule) will be determined and approved by the administrative or academic unit’s appropriate Dean or Administrative Director after consultation with and approval of the University of Utah Hospitals and Clinics Chief Information Officer (CIO) for University of Utah Hospitals and Clinics software or the University CIO for campus and health sciences software.

3. Rule

   1. Before University Enterprise Software is purchased, leased, developed, or otherwise acquired by a University administrative or academic unit, the unit is required to complete the current version of the University’s technical Request for Proposal (RFP) document, which must then be evaluated by University of Utah Hospitals and Clinics Information Technology Services (ITS) for Hospitals and Clinics software or University Information Technology (UIT) for campus and health sciences software.

   2. Each acquisition of a University Enterprise Software application, however acquired, must be approved by the appropriate University IT governance committee.

   3. When any University Enterprise Software is proposed to be purchased or leased from, or developed (written) by, an external party or vendor, there must be a three-year TCO form completed and approved by the appropriate Dean or Administrative Director, and the University of Utah Hospitals and Clinics CIO for University of Utah Hospitals and Clinics software or the University CIO for campus and health sciences software, before the purchase or lease is finalized.

   4. When any University enterprise software is proposed to be developed (written) for the University by an internal University unit, there must be a three-year TCO form completed and approved by both the appropriate Dean or Administrative Director and the University of Utah Hospitals and Clinics CIO for University of Utah Hospitals and Clinics software or the University CIO for campus and health sciences software, before substantial development work begins.

      [Note: Parts IV-VII of this Regulation (and all other University Regulations) are Regulations Resource Information – the contents of which are not approved by the Academic Senate or Board of Trustees, and are to be updated from time to time as determined appropriate by the cognizant Policy Officer and the Institutional Policy Committee, as per Policy 1-001 and Rule 1-001.]

4. Rules, Procedures, Guidelines, Forms and other related resources

   1. Technical Vendor Questionnaire

   2. Three-year TCO form

5. References

   1. Refer to Policy 4-004 University of Utah Information Security policy regarding the safeguarding of all data and applications purchased, leased, or developed (written).

   2. Refer to guideline G4-004D regarding the use and approval of all cloud-based services

6. Contacts

   The designated contact officials for this Rule are:

   1. Primary contact person for questions and advice: University Deputy Chief Information Officer (DCIO)

   2. Policy Officers: University CIO

These officials are designated by the University President or delegee, with assistance of the        Institutional Policy Committee, to have the following roles and authority, as provided in University      Rule 1-001: “The ‘Policy Officer’ will be assigned by the President for each University Policy, and will typically be someone at the executive level of the University (i.e., the President and his/her Cabinet Officers). The assigned Policy Officer is authorized to allow exceptions to the Policy in appropriate cases…”

“The Policy Officer will identify an ‘Owner’ for each policy. The policy owner is an expert on the policy topic who may respond to questions about, and provide interpretation of the policy; and will typically be someone reporting to an executive level position (as defined above), but may be any other person to who the President or a Vice President has delegated such authority for a specified area of University operations. The owner has primary responsibility for maintaining the relevant portions of the regulations library… [and] bears the responsibility for determining which reference material are helpful in understanding the meaning and requirements of particular policies.

            University Rule 1-001-III-B & E

1. History

2. 1. Current version-- Revision 1.0.

      1. Approved by Academic Senate April 29, 2019

      2. Approved by Board of Trustees June 11, 2019

      3. Effective date July 1, 2019