Software Internal Control Policy
Purpose:
This control is established to ensure Eastern Connecticut State University meets the standards for governing the use of approved and/or licensed software by State agencies, to maintain inventory control of software and to establish a uniform policy for the prevention of software copyright infringement.
Policy:
Critical Data Element:
The software inventory will contain the following property control items.
Media Storage:
All media and keys will be stored in a central ITS location and tied to the Critical Data Element inventory. Combining the policy and Critical Data Element will ensure a closed process for software inventory. ITS will maintain the Critical Data Element using QueTel's TraQ Software. The media from the purchases will be stored in a lockable cabinet, inventoried in TraQ and a backup copy stored in a remote location. Under no circumstances will access keys or media be removed from storage without an authorized Helpdesk work order. Coordination will be required between CIT and the Critical Data Element administrator, the ITS Administrative Assistant.
Administrative Procedures:
The Chief Information Officer, working with Associate Vice President for Administration and Finance will be the responsible party for monitoring and establishing the software inventory. The ITS Administrative Assistant working with CIT will establish and be responsible for the administration of the Critical Data Elements, physical security of software media and manuals. Annually, a software inventory report will be produced and act as a basis for comparison with a physical inventory of the software library.
All software purchased by the University will be registered to Eastern Connecticut State University, or the Connecticut State University System. Under no circumstances will an individual be named as licensee holder of any software bought, leased or owned by the State of Connecticut, or purchased with non-State funds for use by the State. Personal software is software that is not licensed to the State of Connecticut or its subdivisions. Personal software may not be installed on any computer owned or leased by the State or the Federal Government or purchased with Federal Funds for use by the State, except in those specific instances covered in "License Agreements" found in Chapter 7 of the State of Connecticut Property Control Manual. Any installation of personal software may compromise the integrity of the State's compliance with copyright laws and may expose the stand-alone computer or network file server to the introduction of computer viruses. Faculty may purchase software for use on computers at the University through the ECSU Foundation. Freeware, shareware, and software used at no cost to the University in the pursuit of the academic mission is covered under the Academic Freedom rules of the collective bargaining agreement. If an individual faculty member wishes to download such software for use on a University-owned computer, they must determine the level of security risk associated with the product. If assistance is required on the security classification of non-purchased software, individuals should contact the CIO via email. For additional restrictions on software contact the University CIO.
This policy shall be incorporated into the University's technology plans and employee orientation program.
JRT:
12/12/08