Process for Purchasing and Integrating University Technology | MUSK
Step 1: If you have identified software/technology for purchase or for a pilot program, contact the vendor and ask them to complete the Risk Assessment Questionnaire
Once the risk assessment questionnaire has been completed and returned, proceed to step 2.
2nd step:Contact UEIC to schedule a consultation.
If the UEIC assessment and consultation does not identify any security issues, proceed to Step 3.
Step 3: Email Information Security with the following information, if you choose to (1) conduct a pilot program or (2) purchase the product.
- Identify any potential for sharing or exposing information protected by HIPPA or FERPA. If protected information is shared or potentially exposed, Information Security (Info Sec) may recommend or require that a Business Association Agreement (BAA) be signed by the company to mitigate the impact of a cyber incident.
- Indicate whether the driver requires a connection to the MUSC environment on one of MUSC’s protected cloud tenants (for example, Office 365).
After sending an email to Information Security, proceed to step 4.
Step 4: Complete it UEIC Software Decision Analysis Request Form and submit it to the UEIC.
Your responses to the UEIC questionnaire are reviewed during the approval process. It is essential that you answer all questions carefully.
- Who supports the operation of the system? (This is the person responsible for acting as the system administrator.)
- Who pays for the system? (This is the system owner.) The system owner will be prompted for the initial cost as well as maintenance and future costs.
- Will this technology share patient or student information? If yes, has Info Sec approved it or has a BAA been signed (see step 3)?
- Will this technology require a connection to the MUSC environment or a protected cloud tenant? If yes, has Info Sec approved it or has a BAA been signed (see step 3)?
- Do you know of similar or redundant technology on campus? If so, what does this technology do that the existing technology does not? If you are unsure whether an existing technology is redundant, please identify the existing technology, and the UEIC will help you determine if the existing technology achieves the same purpose.
- Does the system support single sign-on (SSO)?
- Does the system integrate with other technology on campus (example: BrightSpace)? If so, how does this change the way the proposed technology is used, accessed and operates? (In many cases, when a technology or application is a stand-alone system, it functions differently than it would when integrated into another application.)
After completing the UEIC Software Decision Analysis Request Form and submitting it to the UEIC, go to step 5.
Step 5: Contact UEIC and schedule a time to present your technology/software to UEIC.
If your technology/software is approved, the UEIC can streamline the technology/software integration process. Senior decision makers in procurement, information systems, legal, and other key areas are UEIC members, contributing their expertise to a more efficient approval and onboarding process.