Dornsife IT Procurement Policy
Overview
In order to maintain compliance with USC’s evolving network infrastructure and mandatory University information security policies set by the Office of the Chief Information Security Officer (OCISO), it has become necessary to standardize the procurement process for all Dornsife-funded technology resources and services. Following this process ensures Dornsife Technology Services (DTS) can provide quality support for all Dornsife faculty and staff, as well as fulfill Dornsife’s obligations to the University.
Last updated 06/2024:
Software (which includes web-based applications such as online scheduling and graphics creation apps) is now classified under one of three categories:
- Pre-approved for purchase
- Must be reviewed before purchasing
- Must be purchased through DTS.
You can expand each category below to see lists of specific software. Approved data storage types are also clarified for each piece of software.
Purpose
This local policy helps Dornsife departments understand the correct procurement process for the purchase of IT equipment, software, and services in compliance with USC and Dornsife standards. It also helps departments understand the reasoning and methodology behind policy requirements.
Scope
This local policy applies to all departments, faculty members, staff, and other employees within Dornsife, and covers all technology resources—such as IT equipment and software—and services procured with Dornsife funds, including research and grant funds administered by Dornsife.
Requirements
Asset purchasing requirements follow: please email us at ts@dornsife.usc.edu for questions about specific assets or about any assets you do not see listed below. We will periodically update these lists based on the requests we receive.
Assets pre-approved for purchasing
At USC Dornsife, an asset is pre-approved for purchasing after a careful assessment of whether the asset’s properties require it to be governed by the OCISO’s policies, which set forth standards and requirements for equipment inventory, asset management, network security, and data protection.
-
- Computer peripherals: Monitors, keyboards, mice, webcams, microphones, headphones and earphones, cables and adapters
- Other hardware: Local wired printers (not connecting to the USC network), scanners, projectors, cameras and video cameras (non-surveillance), memory cards for cameras, video cameras, and audio recorders, security keys/tokens
- Ergonomic standing desk converter or adjustable lift system sitting/standing desk (we recommend checking the size and weight rating of the equipment against your desk and computer equipment)
We strongly encourage that all hardware be purchased through DTS whenever possible. Purchasing an asset outside the DTS service catalog may result in the purchase of technology incompatible with existing DTS-managed equipment and University systems, and may hinder or prohibit DTS’s ability to provide setup, installation, maintenance, and support through the asset’s lifecycle.
-
Software Storage type Approved purchasing methods Data approved for storage Affinity Local Any USC-approved method Public, internal, and confidential data as long as being used on an encrypted device ArcGIS Desktop Local Purchase through https://spatial.usc.edu/software/proprietary-software-faculty/ Public, internal, and confidential data as long as being used on an encrypted device Canvas X Draw Local Any USC-approved method Public, internal, and confidential data as long as being used on an encrypted device CorelDRAW Local Any USC-approved method Public, internal, and confidential data as long as being used on an encrypted device Endnote Local Any USC-approved method Public, internal, and confidential data as long as being used on an encrypted device Filemaker Pro Local Any USC-approved method Public, internal, and confidential data as long as being used on an encrypted device GraphPad Local If purchased through DTS, volume discounts may be available Public, internal, and confidential data as long as being used on an encrypted device MathType Local Any USC-approved method (p-card recommended) Public, internal, and confidential data as long as being used on an encrypted device Mplus Local Any USC-approved method Public, internal, and confidential data as long as being used on an encrypted device Nota Bene Local Any USC-approved method Public, internal, and confidential data as long as being used on an encrypted device PyMOL Local Any USC-approved method Public, internal, and confidential data as long as being used on an encrypted device Scrivener Local Any USC-approved method Public, internal, and confidential data as long as being used on an encrypted device Snagit Local Any USC-approved method Public, internal, and confidential data as long as being used on an encrypted device SnapGene Local Any USC-approved method Public, internal, and confidential data as long as being used on an encrypted device Stat/Transfer Local Any USC-approved method Public, internal, and confidential data as long as being used on an encrypted device UltraEdit Local Any USC-approved method Public, internal, and confidential data as long as being used on an encrypted device
How to purchase pre-approved assets
Pre-approved assets can be purchased through one of the following USC-approved methods:
- DTS service catalog
- Dornsife Business Office: Submit your request through your department’s assigned procurement specialist
- Your department: Utilize your departmental p-card
- Workday Finance: Initiate your requisitions in Workday; catalog suppliers will connect to Marketplace (formerly eMarket) for shopping
While we strongly encourage using one of the methods listed above, reimbursements are permitted if necessary and reasonable to complete the work as per University policy.
Travel card retail purchases are not permitted.
Assets which must be reviewed by DTS before purchase
Cloud-based software must be reviewed by DTS before purchase, as DTS is required by the OCISO to confirm that no confidential data will be stored on the software. You can email ts@dornsife.usc.edu or directly submit a cloud service request.
Cloud-based software are services that run on and store data on the web (require an Internet connection). For instance, these are some common types of cloud services:
- Online storage and hosting services
- Online calendar scheduling applications
- Online newsletter and graphics creation services
- Online AI-based services
-
Software Storage type Approved purchasing methods Data approved for storage Asana Cloud After DTS review and approval, can be purchased through Workday or by p-card Public and internal data only; not approved for confidential data Basecamp Cloud After DTS review and approval, can be purchased through Workday Public and internal data only; not approved for confidential data Canva Cloud After DTS review and approval, can be purchased by p-card Public and internal data only; not approved for confidential data Grammarly Cloud After DTS review and approval, can be purchased through Workday Public and internal data only; not approved for confidential data Trello Cloud After DTS review and approval, can be purchased through Workday Public and internal data only; not approved for confidential data Zotero Cloud After DTS review and approval, can be purchased by p-card or through reimbursement Public and internal data only; not approved for confidential data
Assets which must be purchased through DTS
-
USC Dornsife is required to comply with mandatory University information security policies set by the OCISO. The following assets fall under the OCISO’s governance and consequently must be purchased through the DTS service catalog:
- Desktop computers, workstations, laptops, tablets, and servers
- Storage devices such as flash drives and hard drives, and memory cards used for devices other than cameras or recorders
- Network devices such as routers and firewalls
- Mobile phones and hotspot devices
- Network/wireless printers
- Streaming devices
- Smartwatches
Email ts@dornsife.usc.edu for any other hardware assets not specifically named in the pre-approved list.
The following information security policies apply:
- Asset Management Policy § 5.1 requires that any hardware assets used for information and information processing be inventoried
- Endpoint Security Policy § 5.1 requires the configuration of information systems for protection against unauthorized or malicious use in accordance with industry-accepted system hardening standards
- Endpoint Security Policy § 5.8 requires the installation of encryption on all USC-owned technology resources prior to usage of the resource to store or access USC data
- Third-Party Security Risk Management Policy § 5.1–5.6 set forth the conditions by which third-party services and products must abide
-
The following software must be purchased through DTS:
Software Storage type Approved purchasing methods Data approved for storage Adobe Acrobat Pro Local Purchase through DTS catalog Email trojansecure@usc.edu for more information Adobe Creative Cloud Local Purchase through DTS catalog Email trojansecure@usc.edu for more information Camtasia Local Purchase through DTS catalog Public, internal, and confidential data as long as being used on an encrypted device DocuSign Cloud Request through DTS catalog Email trojansecure@usc.edu for more information Emma Cloud Request through DTS catalog Public Laserfiche Private cloud Request through DTS catalog Specific use cases only, per departmental approval Notability (for iOS) Cloud-enabled Install using Company Portal Should only be synced with USC-approved storage solutions such as Google Drive (public and internal data only) and Microsoft OneDrive (public, internal, and confidential data) Overleaf Cloud Purchase through DTS catalog Public and internal data only; not approved for confidential data SPSS Local Request through DTS catalog Public, internal, and confidential data as long as being used on an encrypted device Stata Local Request through DTS catalog Public, internal, and confidential data as long as being used on an encrypted device
How to purchase assets through DTS
Standard assets
- Computer and tablet purchasing
- Other hardware purchasing
- Application access (software purchasing)
Custom assets not listed in the DTS service catalog
In some cases (for instance, scientific computing and laboratory instrumentation assets), it may be necessary to request custom assets through the following links:
Our criteria for approval of custom assets includes, but is not limited to, the following characteristics:
- Security capability: Does the request comply with USC’s information security policies? For example, if a device, does it contain the required hardware (e.g., Trusted Platform Module) in order to be encrypted, per USC’s endpoint security policy?
- Alignment with DTS recommendations: Does the request meet current DTS recommendations and best practices for the particular purpose?
- Compatibility: Is the request compatible with existing USC and Dornsife systems, processes, networks, and applications?
- Manufacturer/vendor: If a device, is it made by, and sold by, a reputable manufacturer or vendor? Does the manufacturer offer a supportable warranty for the service life of the device? Does the vendor have an existing relationship with USC?
- Server support: Has budgeting been allocated for the support, maintenance, and administration of any servers throughout their projected lifetime?
It is important to note that even if the requested asset meets the criteria above, it may still be prohibited for other reasons. DTS will always provide guidance and work with departments to procure IT equipment and software which comply with policy and meet department technology needs.
Assets which are not approved for purchase
When DTS receives a reimbursement request for an asset that stores sensitive data and isn’t on the pre-approved list, DTS must reach out to the OCISO to request a policy exception.
-
The following software has been denied a policy exception by OCISO and cannot be reimbursed:
- Any password manager that is not 1Password
Asset return process
Requests to return new IT equipment should be initiated as soon as possible. Please submit your request as a ticket to the DTS Help Desk. Return policies vary by vendor, but DTS will assist Dornsife departments and staff in assessing the options available if the return window has closed.
At the end of the asset’s useful life, or upon the separation of the asset user from the University, all IT equipment must be returned to DTS, per USC’s asset management policy. Please review our guide, “Returning DTS-managed IT equipment.”
Exceptions
IT equipment, software, and services purchased outside the procurement processes detailed above cannot be supported, financially or otherwise, by Dornsife. Purchasers are advised to return such assets to the place of purchase for a refund and to submit a new purchase request through the DTS service catalog.
Contact
Dornsife Technology Services
Email: ts@dornsife.usc.edu
Phone: 213-740-2775
Hours: M–F, 9am–5pm
Contact Us
Dornsife Technology Services
835 Bloom Walk, SHS 260
Los Angeles, CA 90089
Hours of Operation
Weekdays, 9am–5pm