Overview

In order to ensure compliance with university-wide and departmental information security policies, and to ensure that devices are adequately and properly tracked for audit and warranty purposes, Provost IT requires that users and departments we support comply with certain technology purchasing and procurement guidelines. Compliance with these guidelines helps ensure Provost IT can provide quality support that meets the needs of each user in every department that we provide technology services to.

Purpose

These guidelines help departments understand the correct procedures for ordering new technology hardware in compliance with USC and Provost IT standards. They also help departments understand the reasoning and methodology behind such procedures.

Guidelines

All purchases of technology hardware, software, and labor (i.e. contractor, consultant, professional services, or volunteer resources) must be approved, in advance, by Provost IT. Departments covered under the scope of this policy may not procure their own IT-related hardware or software without either a) the purchase being made directly through Provost IT, or b) the quote or purchase being approved, in the form of a documented helpdesk ticket or email, via a staff member from Provost IT before being made.

Types of technology, devices, and services covered in this policy include, but are not limited to, the following:

• Desktop computers
• Laptop computers
• Tablets
• Cell phones or smartphones
• Purchases of downloadable software, such as Adobe Creative Cloud, AutoCAD, or others
• Subscriptions to cloud applications, platforms, software, and services of any kind or type, whether free or paid, including but not limited to productivity and project management applications, todo/task tracking applications, graphic design applications, ticketing systems, storage platforms, project management applications, and online services designed to accomplish a business function or purpose.

Our criteria for approval includes, but is not limited to, the following characteristics:

• Encryption capability: does the device have a trusted platform module chip which allows for hardware-based data encryption? Per USC policy, devices purchased with university funds must have this capability.
• Security standards: does the company or person providing the service meet Provost IT and university standards for protecting university information? Have they undergone a risk assessment and supplemental evaluation by Provost IT?
• Alignment with department recommendations: does the device meet the characteristics recommended by Provost IT for laptops, desktops, or other technology?
• Compatibility with central and department information systems: is the device compatible with existing USC systems, networks and applications? If the item is a service or cloud platform, does it integrate with existing platforms and data structures at USC and within the Office of the Provost? This will ensure that, for example, if the device is reassigned to another user in the future, or if the platform is repurposed, it will continue working as a suitable computing platform.
• Manufacturer reputation and purchasing policies: does the device come from a reputable manufacturer? Does that manufacturer (or an appropriate channel partner) have an existing relationship with USC or another USC department?

Compliance, Violations, and Remediation

It is important to note that even if an item still meets the characteristics above, it may still be prohibited for other reasons. Provost IT will always provide guidance and work with departments to make purchases which comply with these standards and meet departmental technology needs.

Compliance with these guidelines is not optional. Devices, platforms, or any other types of technology purchased in violation of these guidelines will not be supported by Provost IT and may be restricted from being used on or with Provost IT-supported devices. Additionally, such technology will not be allowed to connect or transfer data to and from Provost IT and USC systems. Additional restrictions and/or actions may also be taken towards individuals and/or departments which violate this policy as determined by Provost IT and the Office of the Provost.

Scope

This policy applies to all users and departments supported by Provost IT, and to departments, divisions, offices, or teams which receive any level of technology support from Provost IT. More specifically, it applies to any technology hardware or software purchases within these departments made with university funds, including research funds, grants, or funds spent on personal cards with the intent of seeking reimbursement. It also applies to the gifting of information technology hardware, software, or labor of any value to the same group previously described.