University Software Purchases

Listed below are some general guidelines and useful information if you would like to purchase/use software for University purposes.  

Software @ Penn State

Software @ Penn State offers numerous software at pre-negotiated rates and with enterprise licensing terms.  You can order software directly through their eBuy (https://purchasing.psu.edu/ebuy) punchout catalog or browse their offerings here:  https://software.psu.edu/

Acceptable Ways to Pay for Software

Object Code

Good or Service

Purchasing Card

Purchase Order (eBuy+)

SRFC

452, 716

Software

Yes, up to limits, but eBuy suppliers, especially Software @ Penn State is preferred.  Must still route license terms for review (see instructions below on how to route). 

YES

NO

Purchase Orders

An eBuy+ Requisition, is used to request that a Purchase Order be issued to the supplier.  This form serves ONLY as a purchase requisition, until such time as approved by Purchasing.  The requisition serves Accounting Operations as a notice of intent to use funds from a certain departmental budget or fund. Also, the purchasing agent in Purchasing will be alerted to secure bids, etc and make sure appropriate purchasing processes are followed prior to issuance of the PO.   See https://policy.psu.edu/policies/bs09 for general policies on initiating purchases with outside suppliers.  

Any questions on how to execute the eBuy+ Requisition, or the Purchase Order Requisition form, or any problem which arises in handling procurement problems, should be discussed with Purchasing Services for advice and direction.  Purchasing Commodity Directory:  https://purchasing.psu.edu/commodity-directory  

How to Route a Software Agreement for Review

Complete the Software Request Form to determine how the associated Software Agreement (electronic or hard signature) must be processed. If you have not completed this form before, please review the Software Request Form Checklist for a general overview of the information that will be requested. 

Signature Authority

There are a very limited number of individuals at the University who have the authority to sign contracts/agreements.  If you have not been granted signing authority, you may not sign a contract/agreement.  For further information, please reference Policy FN 11 Contracts and Leases https://policy.psu.edu/policies/fn11

Courseware

A broad definition of Courseware includes any digital application or software used by students or educators for a class.  Courseware provides online learning tools such as lessons, homework sessions, and quizzes or tests. For Courseware to be used in a class, it must be reviewed and authorized by the University to ensure it meets the Family Educational Rights and Privacy Act (FERPA) and accessibility requirements – for further information on how to determine if a software has been reviewed, to submit a new request, or what action steps are required for authorization, please visit courseware.psu.edu.  If the University will be paying a fee for the Courseware, the requestor must still follow standard purchasing procedures prior to use. 

Canvas Integration

Canvas is Penn State’s online system for teaching and learning.  Integration is defined as configuration changes to the Canvas Learning Management System and/or the exchange of data as a prerequisite for the Courseware to deliver the expected functionality.  Please visit the Integrations and Enhancements section at http://canvas.psu.edu/ for more information or to submit a request.

Protecting Institutional Data and Information Classification

The University uses Information Classification to determine appropriate review of requested software.  Policy AD 95 Information Assurance and IT Security https://policy.psu.edu/policies/ad95 is the guideline for different classification types, along with the security measures that must be taken with each type.  The four categories of information classification are: Restricted (Level 4), High (Level 3), Moderate (Level 2), and Low (Level 1).  For further information and assistance in determining the data classification level, please refer to https://security.psu.edu/info-classification-decision-tool/

 

Hosted Sensitive Data Addendum (HSDA)

This PSU data protection addendum broadly defines IT security and compliance service provider roles, responsibilities, and requirements related to the management and disclosure of Penn State data (definition can be found on the Penn State OIS Website https://psu.app.box.com/v/ois-policy-glossary).

Business Associate Agreement (BAA)

The PSU business associate agreement documents assurances from the service provider that it will not use or disclose protected health information (PHI) except as permitted by law; to the extent that the service provider maintains PHI in the Designated Record Set as defined by HIPAA, it will cooperate to honor patient rights as mandated by the Privacy Rule (definition can be found on the Penn State OIS Website https://psu.app.box.com/v/ois-policy-glossary).
 

Accessibility

It is important that web pages and online documents are accessible for users with different disabilities.  The purchase/use of software may require an internal review by the Accessibility Team prior to final approval by the Purchasing Office – please be aware this can add time to the overall review process.  For further information surrounding Accessibility, reference Policy AD 69 Accessibility of Electronic and Information Technology https://policy.psu.edu/policies/AD69

Export Compliance

The purchase of software may require an internal review by the Export Control Office prior to final approval by the Purchasing Office.  Export Compliance is the process of evaluating the impact of various U.S. Export Control Laws and Regulations ("U.S. Export Controls") on the operations of any business or individual activity to facilitate compliance with any legal obligations arising under such laws or regulations. In general, U.S. Export Controls apply to the transfer of controlled items, information and/or services to foreign recipients (foreign countries, companies, or persons) (definition can be found in the Export Compliance FAQ section on The Office of Ethics and & Compliance website https://universityethics.psu.edu/export-compliance-faqs .  For further information surrounding export compliance, reference https://universityethics.psu.edu/export-compliance