University Software Purchases
Listed below are some general guidelines and useful information if you would like to purchase/use software for University purposes.
Software At Penn State
As a Penn State student, faculty, or staff member, a variety of software is available to you. Browse the categories at https://www.software.psu.edu/ to see all current offerings, including subject-specific software.
Software Store
Software Store offers numerous software at pre-negotiated rates and with enterprise licensing terms. You can order software directly through the Lion Marketplace punchout catalog or browse their offerings here: http://www.softwarestore.psu.edu/
Acceptable Ways to Pay for Software
| Good or Service | Purchasing Card | Purchase Order (Lion Marketplace) | Non-PO Invoice |
|---|---|---|---|
| Software | Yes, up to limits, but Lion Marketplace, [email protected] preferred. End Users paying via P-Card should still start with the Software Request Form. The SRF will provide instructions (such as send SRF and any pertaining documents to [email protected] for review) for software being purchased via P-Card. | YES | NO |
Software Product Category Codes and Descriptions:
|
Product Category Code |
Product Category Description |
|---|---|
| 43211511 | IT-WEARABLE DEVICE |
| 43231500 | SW-BUSINESS, OPER |
| 43231600 | SW-FINANCE, ACCTG |
| 43232000 | SW-GAMES, ENTERTAIN |
| 43232200 | SW-CONTENT MANAGEMNT |
| 43232300 | SW-DATA MANAGEMENT |
| 43232400 | SW-SOFTWARE DEVELOP |
| 43232500 | SW-REFERENCE, EDUC |
| 43232900 | SW-NETWORKING |
| 43233000 | SW-OPERATING SYS |
| 43233006 | SW-VIRTUAL MACHINE |
| 43233200 | SW-NETWORK SECURITY |
| 43233400 | SW-DEVICE DRIVER |
| 43233500 | SW-INFO EXCHANGE |
| 81112200 | IT-SOFTWARE MAINT |
| 81162000 | SW-CLOUD BASED, SAAS |
| 81162100 | IT-CLOUD PLAT, PAAS |
| 81162200 | IT-CLOUD INFRAS, IAAS |
| 55110000 | SUP-REF MATL, ELEC |
Software Request Form
Software utilization at the University should start with the Software Request Form (SRF). The form is a Qualtrics survey that uses logic to take requestor through several data gathering questions. Office of General Counsel, Risk Management, and Procurement worked together to build this form to review all Software use cases. The form is the most up to date way to have software and the software use-case most accurately/appropriately vetted by the University. Once the Software Request Form is filled out, the form will provide directions on the path forward for submittal regardless of type of payment for the software, if any at all ($0, gift, requisition, p-card). The form includes questions regarding Courseware use cases and can initiate review process for Courseware. The types of questions asked on the SRF cover the intended use of the software, export compliance information, data categorization, data access/security, integrations, wearable technology, etc. If software is purchased/acquired via “Shop Software” link or “Available Software” link from https://www.software.psu.edu/ then a Software Request Form is not required.
You do not need to complete the Software Request Form for RENEWALS if the following are true:
- You completed the Software Request Form previously and a copy of the old form is included with your renewal or Purchasing is able to locate a copy of it.
- All answers on the old form are still accurate.
Purchasing may have addition questions for you related to the renewal. We reserve the right to request a new SRF for a renewal if your original SRF is too outdated. If you have a copy of the old SRF and/or a previous PO number, please include it with your renewal request and indicate whether the information is still accurate. If you cannot locate a copy of the old form, make note of that in your request and we will attempt to recover.
Delegation for Electronic Terms/Electronic Agreements
End users are not permitted to accept electronic terms/an electronic agreement without delegation to do so (either from the SRF or from Purchasing obtained on the end-user’s behalf). Delegation to accept electronic terms/electronic agreements is a one-time approval and the approval must be maintained in the contract file as evidence of the University’s acceptance of the agreement. In rare instances the SRF can provide delegation for an end-user to accept electronic terms without submitting the SRF for review. In either case, the SRF or the 1x approval must be maintained in the contract file. **A Delegation does not give an individual signing authority; it is approval for the individual to accept electronic terms/agreement via click-through. Additional Information available via FNG02.
Purchase Orders
A Lion Marketplace Requisition, is used to request that a Purchase Order be issued to the supplier. This form serves ONLY as a purchase requisition, until such time as approved by Purchasing. The requisition serves Accounting Operations as a notice of intent to use funds from a certain departmental budget or fund. Also, the purchasing agent in Purchasing will be alerted to secure bids, etc and make sure appropriate purchasing processes are followed prior to issuance of the PO. See https://policy.psu.edu/policies/bs09 for general policies on initiating purchases with outside suppliers.
Any questions on how to execute the Lion Marketplace Requisition, or the Purchase Order Requisition form, or any problem which arises in handling procurement problems, should be discussed with Purchasing for advice and direction. Purchasing Commodity Directory: https://purchasing.psu.edu/commodity-directory
How to Route a Software Agreement for Review
Complete the Software Request Form to determine how the associated Software Agreement (electronic or hard signature) must be processed. If you have not completed this form before, please review the Software Request Form Checklist for a general overview of the information that will be requested.
Signature Authority
There are a very limited number of individuals at the University who have the authority to sign contracts/agreements. If you have not been granted signing authority, you may not sign a contract/agreement. For further information, please reference Policy FN 11 Contracts and Leases https://policy.psu.edu/policies/fn11
Courseware
A broad definition of Courseware includes any digital application or software used by students or educators for a class. Courseware provides online learning tools such as lessons, homework sessions, and quizzes or tests. For Courseware to be used in a class, it must be reviewed and authorized by the University to ensure it meets the Family Educational Rights and Privacy Act (FERPA) and accessibility requirements – for further information on how to determine if a software has been reviewed, to submit a new request, or what action steps are required for authorization, please visit courseware.psu.edu. If the University will be paying a fee for the Courseware, the requestor must still follow standard purchasing procedures prior to use.
Courseware that is approved for “University Wide Use” is only approved for University Wide Use in regards to Courseware. The use case for the software may need to be reviewed if you are using the software for something other than courseware. Courseware is a technical review only, if there is a purchase to be made the user(s) must follow BS09 for proper methods of purchasing/payment.
Canvas Integration
Canvas is Penn State’s online system for teaching and learning. Integration is defined as configuration changes to the Canvas Learning Management System and/or the exchange of data as a prerequisite for the Courseware to deliver the expected functionality. Please visit the Integrations and Enhancements section at http://canvas.psu.edu/ for more information or to submit a request.
Protecting Institutional Data and Information Classification
The University uses Information Classification to determine appropriate review of requested software. Policy AD 95 Information Assurance and IT Security https://policy.psu.edu/policies/ad95 is the guideline for different classification types, along with the security measures that must be taken with each type. The four categories of information classification are: Restricted (Level 4), High (Level 3), Moderate (Level 2), and Low (Level 1). For further information and assistance in determining the data classification level, please refer to https://security.psu.edu/awareness/icdt/.
Hosted Sensitive Data Addendum (HSDA)
This PSU data protection addendum broadly defines IT security and compliance service provider roles, responsibilities, and requirements related to the management and disclosure of Penn State data (definition can be found on the Penn State OIS Website https://psu.app.box.com/v/ois-policy-glossary).
Business Associate Agreement (BAA)
The PSU business associate agreement documents assurances from the service provider that it will not use or disclose protected health information (PHI) except as permitted by law; to the extent that the service provider maintains PHI in the Designated Record Set as defined by HIPAA, it will cooperate to honor patient rights as mandated by the Privacy Rule (definition can be found on the Penn State OIS Website https://psu.app.box.com/v/ois-policy-glossary).
Accessibility
It is important that web pages and online documents are accessible for users with different disabilities. The purchase/use of software may require an internal review by the Accessibility Team prior to final approval by the Purchasing Office – please be aware this can add time to the overall review process. For further information surrounding Accessibility, reference Policy AD 69 Accessibility of Electronic and Information Technology https://policy.psu.edu/policies/AD69
Export Compliance
The purchase of software may require an internal review by the Export Control Office prior to final approval by the Purchasing Office. Export Compliance is the process of evaluating the impact of various U.S. Export Control Laws and Regulations ("U.S. Export Controls") on the operations of any business or individual activity to facilitate compliance with any legal obligations arising under such laws or regulations. In general, U.S. Export Controls apply to the transfer of controlled items, information and/or services to foreign recipients (foreign countries, companies, or persons) (definition can be found in the Export Compliance FAQ section on The Office of Ethics and & Compliance website https://universityethics.psu.edu/export-compliance-faqs . For further information surrounding export compliance, reference https://universityethics.psu.edu/export-compliance