Checklist for Purchasing IT Applications, Software, and Services
Before any IT applications, software, or services can be purchased, an approval process needs to be followed.
Exceptions: Please see the Scenarios for When an IT Statement of Need Is or Isn't Required.
Two common exceptions: If research sponsored funds are being used for the purchase, OR if the purchase is for faculty and will not be used with regulated data, an IT Statement of Need is not needed. When you submit your purchasing request to Cornell Procurement, be sure to specify the exception.
Approval Process Checklist
- Submit an IT Statement of Need.
- Take action on any items identified in the "next steps" email you'll receive from the IT Project Management Office. You don't have to wait for that email -- you may already know that your request will require some or all of the most common actions, and you can save time by starting right away:
- Whether you are using the "I Want Doc" system or working with a purchasing agent in Procurement, you will need to attach copies of the IT Statement of Need and the "next steps" email, and proof that you completed any "next steps" that were required. Per university policy, your Business Service Center representative or purchasing agent cannot process requests for purchase without this documentation.
Implementation-Related Tasks and Considerations
While the approval process is underway, you can begin making arrangements for work that may be needed to implement the software or service. This work might include:
- Negotiating contract terms with consultants (see Procurement's Information Technology Professional Services Agreement)
- Enabling “single sign-on” through the university’s NetID and password system (and Weill’s if needed)
- Complying with university policies for regulated data (HIPAA, FERPA, GLBA, etc.), if applicable
- Making requests for data use from the university’s data stewards, if applicable
- Planning to register the software or service with the university’s Administrative Data Store Registry, if applicable
- Integrating with university databases or systems
- Arranging for branding and user interface design work (CIT's Custom Development team can be hired)
- Complying with Cornell standards for email to be sent via the software or service, so messages are unlikely to be flagged as junk or rejected
- Arranging access for external consultants and vendors to implement the software or service, if applicable
- Requesting an SSL certificate, if applicable
- Requesting or registering a university domain name, if applicable
- Determining who will hold various roles within the software or service (administrator, user, etc.) and (if needed) increasing the security levels of the computers or devices they use
- Planning a strategy for maintaining who has access to the software or service, and deprovisioning when someone leaves their job
- For systems of record or systems of engagement, working with an existing steering committee or creating a new one