Software Usage and Control policy

This policy is for IT staff who are responsible for the purchase, installation and de-installation of software, and the maintenance of software records, and anyone who does similar activities.

The numbers in brackets refer to the section in the full policy, which is available as a PDF

Applicability

  • IT staff and faculty/departmental computer support staff who are responsible for the purchase, installation and de-installation of software, and the maintenance of software records. (1.2)
  • Anyone else who undertakes activities governed by the Policy, especially those members of staff with administrative rights on machines. (1.2)

Policy Requirements

  • Those placing an order with a software supplier are contractually obliged to complete the transaction. (2.5)
  • Where centralised purchasing arrangements are not in place, central registration controls are to be implemented. (2.5)
  • Those who purchase or obtain software are required to register the acquisition where this is a supplier’s condition. (2.6.1)
  • Those who are responsible for the installation and de-installation of software are to maintain their own software register and library. (2.6.1)
  • Staff in areas served by an FMA (Facilities Management Agreement) are to maintain their own register of software. (2.6.1)
  • Mandatory information is required in all software registers. (2.6.1)
  • Software must only be installed once the right to install it has been fully obtained. (2.6.2)
  • Staff in areas served by an FMA are to maintain their own licenses and provide software for installation by IT support staff where appropriate. (2.6.2)
  • All licence documentation and at least one copy of each version of each software title must be securely available. (2.7)
  • Duplicate copies of software are to be securely disposed of once business continuity arrangements have been met. (2.7)
  • Business continuity terms associated with down-loaded software should be examined, and where permission is granted for users to create backup copies, these should be produced and stored securely. (2.7)
  • Software registers are to be kept fully up to date. (2.8)
  • Dependency on a single individual for the maintenance of software registers is to be avoided. (2.8)
  • Periodic checks are to be carried out for unauthorised software on systems, which must be deleted. (2.9)
  • Controls are to be implemented to prevent unauthorised amendments to or tampering with software. (2.9)
  • It is the responsibility of the person who owns (or installs) privately owned on University equipment to produce a valid licence on request. (2.11)
  • Anyone wishing to install University owned software on a privately owned computer should check that this is allowed. (2.12)
  • The onus for registering University owned software on privately owned computers rests with the respective individual. (2.12)
  • If licence conditions do not permit the use of University software on private equipment, it should be bought by the University and an entry should be made in the software register to reflect this. (2.12)
  • Users who have installed University licensed software on privately owned machines are responsible telling the University when they uninstall it. (2.12)
  • University owned software must be deleted from privately owned computer as soon as the owner ceases to be a member of the University. (2.12)
  • Where licenses have phased conditions they must be complied with in their entirety. (2.13)
  • An audit of University computers may be carried out to ensure that all software has been legally purchased or installed in compliance with respective software licenses. (2.14)
  • The full cooperation of all faculty/departmental IT staff (including central IT staff) and users is required during audits. (2.14)