Policy for Information Technology Acquisition, Development and Deployment

Audience:

All members of the Northwestern Community and users of the University network.

Definition:

The Northwestern community benefits from both stability and purposeful evolution and innovation in networking, research computing, and information management. Both central IT functions and local IT functions contribute. Collaboration between all University IT workers supporting these functions and end-users is vital to designing and implementing enterprise services. NUIT is the major consultative resource for division and school IT workers and end-users for all information technology systems including communication systems, information storage and processing systems, software systems, physical facilities related to such systems, and contractual relationships with vendors of such systems and services. In addition, NUIT has oversight and coordinating responsibility for all these systems and services.

Technological innovations and initiatives within the divisions and schools should be brought to NUIT early in their life for rapid consideration and assessment within University-wide plans. Because any new idea or approach may benefit or hamper others, NUIT, in collaboration with school or division IT workers, will expeditiously work with the end-users to review their initiatives to insure that all acquisitions, development, and deployments of information technology within the University conform to existing guidelines to maximize functionality while minimizing effort.

Policy Statement:

The University is a highly interconnected instructional, research, and business entity, and is dependent upon secure and reliable operations within this environment. This policy recognizes that information technology is critical to the University's success, and affirms our community's commitment to ensure ongoing effective, efficient and economical support and development of its information technology environment in support of Northwestern's mission.

Background Issues:

Processes for Information Technology Acquisition, Development, and Deployment

In keeping with the Policy for Information Technology Acquisition and Deployment, all members of the University community must consult with the Information Technology division (NUIT) before developing, purchasing or contracting for information technology products, services, support or consulting. This set of guidelines and processes defines when consultations are appropriate.

All acquisitions and deployments of information technology within the University must conform to these guidelines to maximize functionality while minimizing effort and be reviewed with NUIT as indicated.

Examples:

The following are specific instances where the University requires NUIT review and approval of information technology.

  1. Case 1: Situations requiring advance review and approval during planning.
    1. Changes to networks. NUIT must review and approve, in advance of investigation, purchase, or deployment, any information technology that changes the University's network structure or could compromise the physical or logical security of the network. This includes:
      1. Technology that potentially interferes with existing University transmission infrastructures or equipment or third party services contracted for or approved by NUIT. For example, this is a mandatory requirement for any radio communication system, including wireless data network equipment.
      2. Technology that duplicates or extends existing University transmission infrastructures. This review requirement applies even if the University transmission infrastructure is not currently present in the vicinity of the planned deployment. For example, installation of a private telephone switching system, a data port replication device (e.g., a "hublet"), or a wireless data system.
      3. Technology that requires allocation of or modifications to space housing NUIT network equipment, facilities, or computing systems. For example, a specialized video transmission system that requires dedicated fiber strands between buildings, or a server computer to be housed in an NUIT facility.
      4. Leasing or purchasing NUIT-managed services from another provider in leased space off-campus.
    2. Information Technology acquisitions as part of capital projects. Any transmission facilities, or network-attached computing technologies, that are to be acquired with capital project funds, must be reviewed and approved by NUIT during planning.
  2. Case 2: Situations requiring review and approval of vendor selections, consultant engagements, development plans and/or contract documents. In certain cases, where such services are being considered for purchase or new systems are being considered for in-house development, NUIT must review and approve vendor selections, consultant engagements, development plans, and contract language to ensure that work rules, vendor or consultant competencies, system interface requirements, and legal protections are appropriate to protect University information and assets.
    1. Changes to central systems.

      Examples include:

      1. Agreements or engagements to modify or extend the function of central systems.
      2. Agreements or engagements to replace or duplicate the services of central systems.
    2. Implied dependence upon NUIT support or the continuity of services.

      Examples include:

      1. Agreements or engagements to adapt, repackage, or reformat data contained in any central system through unsupported data extraction methods.
      2. Agreements or engagements that require the use of any NUIT software system services, or that interface with central applications. An example would be creating or contracting for a service that should be authenticated against University NetID databases or that must interface with the Student Enterprise System.
    3. Provision of temporary or leased space to outside technology providers.

      Examples include:

      1. Leasing building spaces, rooftops, tunnel or conduit space, etc.
      2. Renting a satellite dish, microwave system, etc.
      3. Leasing an outside data line terminating in a University building.

Review Processes

Policy Demarcations

The information technology environment at Northwestern can be described as layers of function around a core of central systems and University data warehouses. Figure 1 and Table 1 illustrate this model.

  • At the center are a body of systems, software, data warehouses, and networking infrastructure that form the core. The core must function efficiently and reliably to support the academic, research and administrative missions and tasks of the University. NUIT is responsible for these core functions either directly (e.g., the voice and data networks, NetID services, etc.) or in a partnership with a major administrative unit (e.g., HRIS-Human Resources, NUFinancials-Finance, SES-Registrar, etc.).
  • Immediately outside the core is a layer of dependent or satellite functions that are coupled to core systems. Acquisitions and deployments in this layer must be approved by and coordinated with NUIT in consideration of government regulations, privacy concerns, system interoperability, and contractual protections.
  • Still further outside the core is a layer of local information technologies operating independently from core administrative systems and databases. These could include servers, computer labs, and computer-equipped classrooms, groupware software or other facilities managed as academic or local administrative resources. These systems may be attached to the University networks for access and may use central services if coordinated in advance with NUIT (e.g. NetID authentication).
  • The outermost layer of the information technology model is the individual's interest. This could range from a desktop computer and software to a research laboratory of specialized equipment. This layer does not need NUIT coordination.
Process of Local Approval Supported by Central Review

In general, individual technology acquisitions should be coordinated within the school or division by the designated technology leader. That person will have knowledge of how particular proposals will fit within the school or division strategy. The school or division may also establish its own guidelines for review in concert with the central policy and guidelines. The technology leader is regularly briefed by NUIT and can determine if a proposal will require NUIT review or approvals.

How to Contact NUIT for Review of a Proposed Technology Acquisition

Where review by NUIT is required, the technology leader should contact the Associate Vice President in the Office of the Vice President for Information Technology and submit a brief description of the project, product, or service, complete financial information including anticipated or approved funding sources, vendor product specification documentation and, if applicable, any relevant contracts or agreements. 

Last Review Date:

December 2013

Original Issue Date:

July 2002

Revision Dates:

May 2004
December 2008

Support Contact:
Please send any questions about the policy or this procedure to the Office of the Vice President for Information Technology.