Procurement of software (including licensing arrangements) may require additional risk mitigation and inclusion of key campus stakeholders. Procurement Services recommends building extra time into your project plan for all software-related procurements.
Before starting, contact the Information Technology Services (ITS) Service Desk to determine if a comparable software or cloud application is already available to the campus community.
You are always required to follow the Procurement Policy when procuring software or software licenses. Where the anticipated Total Procurement Value of a purchase is above the Open Competitive procurement threshold, Procurement Services will facilitate this process as part of your Open Competitive Procurement; otherwise, compliance with the relevant requirements is the purchaser’s responsibility. Completion of the relevant processes will be confirmed by Procurement Services when a Purchase Requisition is submitted.
Questions? Email ProcurementServices@carleton.ca.
Evaluating Risk
Not all software represents the same level of risk. Your purchase may represent a medium to high risk if you answer “yes” to any of the following questions. Medium- and high-risk procurements may require you to engage with key campus stakeholders or complete additional processes before committing to your Vendor. Questions about evaluating risk? Contact Risk@carleton.ca.
Integration and ITS Support Requirements
Does this software require integration with any Carleton systems (ex: Banner, MyCarletonOne Single Sign On (SSO)), or any implementation support from ITS?
Contact the ITS Project Management Office.
Data Privacy
Will this software be used to store or transfer University data, including research data, student information, or data of a confidential sensitive nature? Will the Vendor or other third party require access to the University’s technological infrastructure or network?
Understand the requirements outlined in the following resources:
- Policies: Acceptable Use of Information Technology and Email, Data Protection and Risk Management, Information Technology Procurement, University IT Security, and more!
- ITS Standards, Guidelines, and Procedures
- ITS Security Services’ Data Protection Risk Assessment (DPRA) process, including the Privacy Office’s (university_privacy_office@carleton.ca) Privacy Impact Assessment (PIA)
Accepting Credit Card Payments
Will this software be used to facilitate acceptance of credit card payments?
Contact PCICompliance@cunet.carleton.ca.
Software Licensing Terms or Agreements
Are there any Terms and Conditions (a.k.a. End-user License Agreement, Service-Level Agreement, Customer Agreement), whether a signature is required or not, that do not align with the University’s standard terms in key risk areas as outlined in the Contract Checklist included in the Signing Authorities Policy?
Contact Legal Counsel through Christine.Page@carleton.ca.
Accessibility
Carleton University is committed to helping create environments that remove barriers to individuals living with visible and invisible disabilities by ensuring accessibility is considered for purchases of all sizes. Procurement Services encourages departments to review our Accessible Procurement resources when considering all purchases, including software.