USC.edu
Dornsife Technology Services

Dornsife IT Procurement Policy

Overview

In order to maintain compliance with USC’s evolving network infrastructure and mandatory University information security policies set by the Office of the Chief Information Security Officer (OCISO), it has become necessary to standardize the procurement process for all Dornsife-funded technology resources and services. Following this process ensures Dornsife Technology Services (DTS) can provide quality support for all Dornsife faculty and staff, as well as fulfill Dornsife’s obligations to the University.

Last updated 06/2024:

Software (which includes web-based applications such as online scheduling and graphics creation apps) is now classified under one of three categories:

  • Pre-approved for purchase
  • Must be reviewed before purchasing
  • Must be purchased through DTS.

You can expand each category below to see lists of specific software. Approved data storage types are also clarified for each piece of software.

Purpose

This local policy helps Dornsife departments understand the correct procurement process for the purchase of IT equipment, software, and services in compliance with USC and Dornsife standards. It also helps departments understand the reasoning and methodology behind policy requirements.

Scope

This local policy applies to all departments, faculty members, staff, and other employees within Dornsife, and covers all technology resources—such as IT equipment and software—and services procured with Dornsife funds, including research and grant funds administered by Dornsife.

Requirements

Asset purchasing requirements follow: please email us at ts@dornsife.usc.edu for questions about specific assets or about any assets you do not see listed below. We will periodically update these lists based on the requests we receive.

Assets pre-approved for purchasing

At USC Dornsife, an asset is pre-approved for purchasing after a careful assessment of whether the asset’s properties require it to be governed by the OCISO’s policies, which set forth standards and requirements for equipment inventory, asset management, network security, and data protection.

    • Computer peripherals: Monitors, keyboards, mice, webcams, microphones, headphones and earphones, cables and adapters
    • Other hardware: Local wired printers (not connecting to the USC network), scanners, projectors, cameras and video cameras (non-surveillance), memory cards for cameras, video cameras, and audio recorders, security keys/tokens
    • Ergonomic standing desk converter or adjustable lift system sitting/standing desk (we recommend checking the size and weight rating of the equipment against your desk and computer equipment)

    We strongly encourage that all hardware be purchased through DTS whenever possible. Purchasing an asset outside the DTS service catalog may result in the purchase of technology incompatible with existing DTS-managed equipment and University systems, and may hinder or prohibit DTS’s ability to provide setup, installation, maintenance, and support through the asset’s lifecycle.

  • Software Storage type Approved purchasing methods Data approved for storage
    Affinity Local Any USC-approved method Public, internal, and confidential data as long as being used on an encrypted device
    ArcGIS Desktop Local Purchase through https://spatial.usc.edu/software/proprietary-software-faculty/ Public, internal, and confidential data as long as being used on an encrypted device
    Canvas X Draw Local Any USC-approved method Public, internal, and confidential data as long as being used on an encrypted device
    CorelDRAW Local Any USC-approved method Public, internal, and confidential data as long as being used on an encrypted device
    Endnote Local Any USC-approved method Public, internal, and confidential data as long as being used on an encrypted device
    Filemaker Pro Local Any USC-approved method Public, internal, and confidential data as long as being used on an encrypted device
    GraphPad Local If purchased through DTS, volume discounts may be available Public, internal, and confidential data as long as being used on an encrypted device
    MathType Local Any USC-approved method (p-card recommended) Public, internal, and confidential data as long as being used on an encrypted device
    Mplus Local Any USC-approved method Public, internal, and confidential data as long as being used on an encrypted device
    Nota Bene Local Any USC-approved method Public, internal, and confidential data as long as being used on an encrypted device
    PyMOL Local Any USC-approved method Public, internal, and confidential data as long as being used on an encrypted device
    Scrivener Local Any USC-approved method Public, internal, and confidential data as long as being used on an encrypted device
    Snagit Local Any USC-approved method Public, internal, and confidential data as long as being used on an encrypted device
    SnapGene Local Any USC-approved method Public, internal, and confidential data as long as being used on an encrypted device
    Stat/Transfer Local Any USC-approved method Public, internal, and confidential data as long as being used on an encrypted device
    UltraEdit Local Any USC-approved method Public, internal, and confidential data as long as being used on an encrypted device

    See also: Understanding data classifications at USC

How to purchase pre-approved assets

Pre-approved assets can be purchased through one of the following USC-approved methods:

  • DTS service catalog
  • Dornsife Business Office: Submit your request through your department’s assigned procurement specialist
  • Your department: Utilize your departmental p-card
  • Workday Finance: Initiate your requisitions in Workday; catalog suppliers will connect to Marketplace (formerly eMarket) for shopping

While we strongly encourage using one of the methods listed above, reimbursements are permitted if necessary and reasonable to complete the work as per University policy.

Travel card retail purchases are not permitted.

Assets which must be reviewed by DTS before purchase

Cloud-based software must be reviewed by DTS before purchase, as DTS is required by the OCISO to confirm that no confidential data will be stored on the software. You can email ts@dornsife.usc.edu or directly submit a cloud service request.

Cloud-based software are services that run on and store data on the web (require an Internet connection). For instance, these are some common types of cloud services:

  • Online storage and hosting services
  • Online calendar scheduling applications
  • Online newsletter and graphics creation services
  • Online AI-based services
  • Software Storage type Approved purchasing methods Data approved for storage
    Asana Cloud After DTS review and approval, can be purchased through Workday or by p-card Public and internal data only; not approved for confidential data
    Basecamp Cloud After DTS review and approval, can be purchased through Workday Public and internal data only; not approved for confidential data
    Canva Cloud After DTS review and approval, can be purchased by p-card Public and internal data only; not approved for confidential data
    Grammarly Cloud After DTS review and approval, can be purchased through Workday Public and internal data only; not approved for confidential data
    Trello Cloud After DTS review and approval, can be purchased through Workday Public and internal data only; not approved for confidential data
    Zotero Cloud After DTS review and approval, can be purchased by p-card or through reimbursement Public and internal data only; not approved for confidential data

    See also: Understanding data classifications at USC

Assets which must be purchased through DTS

  • USC Dornsife is required to comply with mandatory University information security policies set by the OCISO. The following assets fall under the OCISO’s governance and consequently must be purchased through the DTS service catalog:

    • Desktop computers, workstations, laptops, tablets, and servers
    • Storage devices such as flash drives and hard drives, and memory cards used for devices other than cameras or recorders
    • Network devices such as routers and firewalls
    • Mobile phones and hotspot devices
    • Network/wireless printers
    • Streaming devices
    • Smartwatches

    Email ts@dornsife.usc.edu for any other hardware assets not specifically named in the pre-approved list. 

    The following information security policies apply:

    • Asset Management Policy § 5.1 requires that any hardware assets used for information and information processing be inventoried
    • Endpoint Security Policy § 5.1 requires the configuration of information systems for protection against unauthorized or malicious use in accordance with industry-accepted system hardening standards
    • Endpoint Security Policy § 5.8 requires the installation of encryption on all USC-owned technology resources prior to usage of the resource to store or access USC data
    • Third-Party Security Risk Management Policy § 5.1–5.6 set forth the conditions by which third-party services and products must abide

  • The following software must be purchased through DTS:

    Software Storage type Approved purchasing methods Data approved for storage
    Adobe Acrobat Pro Local Purchase through DTS catalog Email trojansecure@usc.edu for more information
    Adobe Creative Cloud Local Purchase through DTS catalog Email trojansecure@usc.edu for more information
    Camtasia Local Purchase through DTS catalog Public, internal, and confidential data as long as being used on an encrypted device
    DocuSign Cloud Request through DTS catalog Email trojansecure@usc.edu for more information
    Emma Cloud Request through DTS catalog Public
    Laserfiche Private cloud Request through DTS catalog Specific use cases only, per departmental approval
    Notability (for iOS) Cloud-enabled Install using Company Portal Should only be synced with USC-approved storage solutions such as Google Drive (public and internal data only) and Microsoft OneDrive (public, internal, and confidential data)
    Overleaf Cloud Purchase through DTS catalog Public and internal data only; not approved for confidential data
    SPSS Local Request through DTS catalog Public, internal, and confidential data as long as being used on an encrypted device
    Stata Local Request through DTS catalog Public, internal, and confidential data as long as being used on an encrypted device

    See also: Understanding data classifications at USC

How to purchase assets through DTS

Standard assets

Custom assets not listed in the DTS service catalog

In some cases (for instance, scientific computing and laboratory instrumentation assets), it may be necessary to request custom assets through the following links:

Our criteria for approval of custom assets includes, but is not limited to, the following characteristics:

  • Security capability: Does the request comply with USC’s information security policies? For example, if a device, does it contain the required hardware (e.g., Trusted Platform Module) in order to be encrypted, per USC’s endpoint security policy?
  • Alignment with DTS recommendations: Does the request meet current DTS recommendations and best practices for the particular purpose?
  • Compatibility: Is the request compatible with existing USC and Dornsife systems, processes, networks, and applications?
  • Manufacturer/vendor: If a device, is it made by, and sold by, a reputable manufacturer or vendor? Does the manufacturer offer a supportable warranty for the service life of the device? Does the vendor have an existing relationship with USC?
  • Server support: Has budgeting been allocated for the support, maintenance, and administration of any servers throughout their projected lifetime?

It is important to note that even if the requested asset meets the criteria above, it may still be prohibited for other reasons. DTS will always provide guidance and work with departments to procure IT equipment and software which comply with policy and meet department technology needs.

Assets which are not approved for purchase

When DTS receives a reimbursement request for an asset that stores sensitive data and isn’t on the pre-approved list, DTS must reach out to the OCISO to request a policy exception.

  • The following software has been denied a policy exception by OCISO and cannot be reimbursed:

    • Any password manager that is not 1Password

Asset return process

Requests to return new IT equipment should be initiated as soon as possible. Please submit your request as a ticket to the DTS Help Desk. Return policies vary by vendor, but DTS will assist Dornsife departments and staff in assessing the options available if the return window has closed.

At the end of the asset’s useful life, or upon the separation of the asset user from the University, all IT equipment must be returned to DTS, per USC’s asset management policy. Please review our guide, “Returning DTS-managed IT equipment.”

Exceptions

IT equipment, software, and services purchased outside the procurement processes detailed above cannot be supported, financially or otherwise, by Dornsife. Purchasers are advised to return such assets to the place of purchase for a refund and to submit a new purchase request through the DTS service catalog.

Contact

Dornsife Technology Services
Email: ts@dornsife.usc.edu
Phone: 213-740-2775
Hours: M–F, 9am–5pm

Contact Us

Dornsife Technology Services

835 Bloom Walk, SHS 260
Los Angeles, CA 90089

213-740-2775

Hours of Operation

Weekdays, 9am–5pm

Quick Links

Submit a Help Desk ticket
Browse the IT service catalog
View IT help guides