Software Procurement Guidance
Quick Summary
- Use this guide to navigate the process for purchasing and renewing software and related services
Software Renewal
- Confirm license renewal and licensee details with purchasing team (client services or department’s software manager)
- How many licenses to be renewed?
- How many are not in use/can be reallocated?
- Once confirmed, proceed to the Software Purchase Process below
Software Purchase Process
- Submit the Software Purchase Request Form
- Contact information
- “Requested on behalf of” can be the person the software is meant for (If only one person) or another contact to be clued in for the purchase
- Software Information
- “Software name” - As it appears on the vendor’s website and include the version detail, if applicable
- “Software company” - vendor of the specified software as it appears on the vendor’s website
- “Software description” - business use case (similar to the use case on the VRA Request form)
- Include why this software is critical to business for the purchase to be fulfilled
- “Total cost” - attach invoices or quotes supporting this cost
- Identify Software Recipient(s)
- List all who will receive the software so that Client Services can properly carry out installation of software
- Verify the email address when adding to ensure you have chosen the proper person. In some cases, staff have a middle initial you may need to add when searching for them
- List all who will receive the software so that Client Services can properly carry out installation of software
- Provide Vendor Information
- Include relevant contact information in any case when reaching out to the vendor is necessary
- Vendor Risk Assessment (VRA)
- If there is no previous Software Agreement and/or VRA in place, a VRA must be completed before the purchase can proceed (see Appendix A for more details)
- Would you like Admin IT/Client Services to facilitate the purchase/requisition?
- Billing Information
- Make sure to use the correct Chart of Account string(s)
- Authorization
- Department Approver – designate an approver for this purchase (AdminIT cannot process the request until approval has been granted)
- Verify the email address when adding to ensure you have chosen the proper person. In some cases, staff have a middle initial you may need to add when searching for them
- Department Approver – designate an approver for this purchase (AdminIT cannot process the request until approval has been granted)
- Contact information
- Attachments - attach quote/invoice for Total Cost & supporting documents if necessary
- Supporting documents may include SCM Approval form, Appendix DS, Business Associates Agreement (see Appendix A for more)
- Once submitted, the request is sent for approval to the approver designated on form
- If necessary, confirm quote/cost with purchasing team
- Receive software, if required
- Installation/Deployment is done by Client Services
Appendix A: Data Governance for Information Security
| Data Protection Level | Department Response Approval by Unit Head | VRA Renewal | SCM Approval Form Validity | Appendix Data Security (DS) Terms | Business Associates Agreement (BAA) Terms |
| P2 or lower | Not Required | Not Required | 2 years | Not Required | N/A |
| P3 | Required | Every 2 years | 2 years | Strongly Recommended | If medical, HIPAA/PHI are in scope |
| P4 | Required | Annually | 1 year | Required | If medical, HIPAA/PHI are in scope |