Improving the IT Procurement Policy
Colleagues,
KU implemented a new Procurement policy earlier this year requiring a joint Procurement and KU IT review of all software purchases regardless of cost, funding source or payment method. This review prevents duplicate purchases and is essential to ensure software meets campus standards for security and accessibility. This policy also complies with a KBOR requirement that university CIO offices review and approve all technology purchases.
To initiate the purchase of software, submit a Technology Procurement Request.
We recognize the new process and requirements have created challenges for our campus community, including delays in processing requests, and we are working to address those challenges. We also will continue working to provide clearer communication on the purpose for the policy. We appreciate your patience as we continue to refine our approach.
Key Reasons for the New Policy
Cybersecurity
Third-party software solutions are the #1 cyber-risk on campus, and universities and other organizations across the country are seeing an increase in cyberattacks. Just last year, two state entities in Kansas experienced significant incidents that severely impacted their operations and constituents. Our review process is designed to assess security vulnerabilities, protect institutional and personal data, and prevent potentially costly cyberattacks.
Accessibility
By reviewing software for accessibility, we prevent barriers that could exclude individuals. This approach supports our values of access, success, respect and belonging, and creates a more inclusive technology environment.
Cost and Efficiency
Identifying and avoiding duplicative software purchases helps reduce unnecessary expenses and optimize our technology resources. This allows us to focus on essential tools, avoid redundant purchases and improve overall efficiency across campus.
We Have Improved the Review Process
- Our initial IT review process included too many steps and reviewers. We have simplified the process and will implement the newly refined process in the coming weeks.
- Each request is unique. To evaluate potential risk, KU IT needs to understand details about how the software is being used and what data is being processed or shared. When a request is not fully completed with the relevant information, KU IT must follow-up to collect the needed information. Be sure to thoroughly complete the form to avoid delays.
- Cyber Security review requires input from the software supplier. The review process timeline depends on how responsive the supplier is in providing the necessary information. If a supplier responds quickly with the required information, the review process may be completed in as little as five days. If the software supplier doesn’t respond in a timely manner, the review process may take 30 days or more.
Can I Purchase Software Already Used by Another Unit?
The IT security assessment depends on how software is being used, how the software is configured and what features are implemented. Because of this, other units must still submit a Technology Procurement Request for that software.
Is There a List Available for Approved Software?
The IT Software and Services Catalog lists some of the approved software available for campuswide use, and we plan to build a more comprehensive list.
We continue to evaluate opportunities to improve this process, and we invite you to provide feedback at infotechnology@ku.edu. Thank you for your patience during this early implementation period.
Respectfully,
Heather L. Blanck
Chief Procurement Officer & Director of Strategic Sourcing
Ed Hudson
Vice Chancellor for Information Technology
Chief Information Officer