Date
of Last Review 6/6/08
SME: Director of Management Information Systems
Computer Hardware & Software Purchasing & Inventory
Policy
This policy and procedure is to assist UT-HCPC and affiliated sites standardization on the hardware, software and purchase request process being utilized within the center. This also ensures what inventory code will be accountable for the hardware, software and the process of returning hardware and software back to UT-HCPC.
Procedure
1. Software
a. All Software orders require approval from MIS and must meet UT security standards prior to purchase…..any software order, whether purchased with BuyCard, Buyer PO, etc. must have a confirming email or other authorization from the Director of the department.
b. Software purchasing options:
• Software can be purchased with BuyCard, Buyer PO, or Purchase Req.
• Software SHOULD NOT be purchased with Check Request…..when Faculty want to purchase software with their PRS funds, they should have their Departments order via one of the approved options, listed above.
c. If there is no approval from MIS, MIS will not support the software.
2. Hardware and Software (Computers will be replaced on a three year cycle.)
a. Purchase Requests will be generated by the MIS Department and must meet UT security standards and will contain the following supporting documentation & authorization prior to purchase:
• Departments fill out the DPSR form
• Location of New Employee or equipment
• Place any special setup notes at the bottom of the DPSR form
• Hardware quote generated by MIS
• Purchase Req initialed by both…..
-Dept supervisory/administrative designee
-MIS Director, Richard Montanye (when getting initials….be sure to leave a copy of the Req for the requesting department)
b. All laptop devices are required to have encryption built in or installed in accordance with UT Information Security Standards for encryption.
c. Location of delivery of hardware will be at the discretion of the Dept Adm.
d. Any justifications or verification information will be the responsibility of the Depts
• MIS will be responsible to get the equipment tagged before delivery.
e. If there is no approval from MIS, MIS will not support the hardware.
3. Peripherals (PDAs, Scanners, Zip drives, CD-Burners and etc…)
a. Purchase Reqs will be generated by the MIS Department and will contain the following supporting documentation & authorization prior to purchase:
• Departments fill out the DPSR form
• Location of New Employee or equipment
• Place any special setup notes at the bottom of the DPSR form
• Hardware quote generated by MIS
• Purchase Req initialed by both…..
- Dept supervisory/administrative designee
-MIS Director, Richard Montanye (when getting initials….be sure to leave a copy of the Req for the requesting department)
b. All portable devices are required to have encryption built in or installed in accordance with UT Information Security Standards for encryption.
c. Location of delivery of hardware will be at the discretion of the Dept Adm.
d. Any justifications or verification information will be the responsibility of the Depts
• MIS will be responsible to get the equipment tagged before delivery.
e. If there is no approval from MIS, MIS will not support the hardware.
All personnel who are assigned a University provided laptop or portable device must sign a Portable Device Agreement.
4. Inventory
a. Department inventory control code:
• All computer hardware (CPUs, Monitors, Printers and Laptops) will be kept on Departmental Inventory Code.
• Other peripherals (PDAs, Scanners, Zip drives and CD-Burners) are maintained in Dept Level inventory control code.
• To ensure accuracy of this data, any relocations or modifications should be managed by the MIS Group.
5. Property of UT-HCPC
a. All software and hardware purchased with the methods above are sole property of UT-HCPC.
b. All employees or faculty that leave UT-HCPC must return all hardware and software that was purchased through UT-HCPC.
c. It’s the Department’s responsibility to ensure all hardware and software is returned. MIS will assist in providing what the employee or faculty may have.
d. If sensitive data must be stored on a university device, the following precautions should be taken:
• Contact Health Information Management (HIM) for approval first.
• A flash drive that supports encryption such as IronKey, Corsair Padlock, or Kingston DataTravelerSecure will be purchased.
• The device should not be left unattended
• If the device must be left unattended:
-All doors leading to the device should be locked
-The device should be left in a locked drawer if possible, with the key in the owner's possession at all times.
6. Non UT Hardware/Portable Devices (PDAs, Flash Drives, Smart Phones and portable hard drives).
a. Sensitive data is not permitted on non-UT laptops or portable devices.
b. Non-University provided or personal laptops must adhere to all UTHSC- Information Security Standards
Director of MIS
UT-HCPC
Related standards
Texas Administrative Code Chapter 202
The Joint Commission : Management of Information
HIPAA
