UMKC Policy and Procedures for the purchase of Information Technology (IT) products and services
ALL IT and telecommunication products, software and services must be purchased through Information Services and/or require CIO approval. These items include, but are not limited to computers, tablets, servers, monitors, routers and switches, audio visual equipment, multi-function printers/copiers, software, etc. In accordance with UM policies, additional approvals may be required depending on the cost.
The goal of the approval process is to ensure that all IT hardware, software and services are compatible with the University's technology environment and that they meet UM IT security policies prior to purchase. Information Services works closely with UM Procurement and Legal Counsel to ensure technology purchases are compliant with applicable policies, regulations, contracts and vendor licenses. IT requests are also reviewed to ensure they align with IT best practices and standards which improve reliability and reduce the total cost of ownership. Additionally, IT expenditures must abide by the UM President’s directives regarding budget challenges to make certain that we are getting the most value from our technology investments.
Steps for purchasing IT products and services
Prospective purchasers are expected to work with Information Services early in the review and purchase process. The procedures for UMKC CIO approval are outlined below:
- Prior to purchasing any IT product or service, the designated office/person for IT approvals in the academic unit or department should review and approve the request.
- Either an IS or a departmental representative should then submit an email request to the CIO via the firstname.lastname@example.org account with the following information:
- Name of the person/department the item or service is for
- A short justification (A few sentences are generally fine) for the purchase
- The IT product or service (make, model, version, vendor, etc. as applicable) that is being requested
- How will it be used
- The price – both initial and ongoing fees
- Funding source/MoCode – includes research/grants
- The CIO or their designee will review the request and either approve, reject or request additional information. Normally, a communication will be provided to the department within a day or two.
- Please note that third party services require completion of an information security audit. Departments are advised to submit their requests well in advance of the desired use date to accommodate the time needed to complete an audit.
- Upon approval, IS will work with the department and UM Procurement to purchase the product or service in the most cost-effective manner possible.
- IS will work with the department to communicate delivery/install dates as appropriate. University-owned tablets or mobile devices will be installed with a security application to help manage them in case they are lost or stolen.
Exceptions and Notes
The following items do not require CIO approval and can be purchased by departments. For items in bold below, it is recommended that you work with IS to purchase to ensure that it will function properly. In many cases, IS may be able to source the technology at a lower cost. Please send email to email@example.com for assistance in purchasing these items.
- Consumables (paper, toner, etc.) for printers and multifunction devices may be purchased by departments.
- Surge Protectors
- Mice/Keyboards – please check with IS first as these may be covered under warranty
- Electronic cases
- Computer cables
- Ethernet – available for purchase from Net/Telecom. If purchased elsewhere, be sure it is a certified CAT6 cable.
- Port Adapters
- Flash drives – must use encrypted drives for DCL3 and DCL4 data
- Exams that are used for required completion of in-training or clinical curriculum
- WordPress Plugins
- Any plugin using eCommerce must be approved by Information Services Security and Administration and Finance department. Once approved the unit can make the initial purchase and subsequent renewals.
- Any plugin storing DCL3 (Restricted) or DCL4 (Highly Restricted) data must be approved by Information Services Security. For example: Birth date, employee id, drivers license number, more info at: https://www.umsystem.edu/ums/is/infosec/classification-definitions
- Department must update all plugins at least monthly or have them set to auto-update
- Department must remove all plugins which are no longer being supported and/or updated by the author
- Department must remove all paid plugins which they have stopped paying for them
- Department must conduct an annual review of all plugins and remove plugins and themes not in use
- The use of plugins and themes which significantly affect the style/brand must have approval of UMKC’s marketing and communications department
- Note: Software purchased under existing site-licenses or contracts does not require CIO approval however, it does need to be purchased through Information Services. You can do so by sending email to firstname.lastname@example.org
If you are unsure as to whether your purchase requires CIO approval, please ask.
- Policy Number 110.005 – Acceptable Use Policy
- Policy Number 26101 - Procurement Authority
- Policy Number 26402 – Special Purchases
- Policy Number 12003 – Information Security
- Policy Number 12004 – Information Technology and Telecommunications Purchases
- Policy Number 12005 – Telephones and Communication Devices
- Policy Number 12001 - Management, Access and Use of IT Resources
updated: March, 2020