2023-2024 Administrative Policy Manual Published August 22, 2023 
    
    Nov 21, 2024  
2023-2024 Administrative Policy Manual Published August 22, 2023 [ARCHIVED COPY]

Information Technology Acquisition and Integration Policy


Policy Number: 11.7
Effective Date: March 18, 2024
Revision History: None
Policy Contact: Vice President for Information Technology/Chief Information Officer

I. Purpose and Policy Statement

Georgia Gwinnett College (“GGC”) benefits from being intentional about information technology acquisitions and integrations. This policy helps ensure accessibility, compatibility and compliance with University System of Georgia (“USG”) and GGC technology standards as well as effective stewardship of resources. This policy documents the expectation that Information Technology (“IT”) will be consulted at the early planning stage of any proposed technology acquisition or project that involves technology integrations or action items for IT.

II. Scope

This policy applies to all members of the GGC community.

Scope includes all technology acquisitions, integrations, and development: hardware, software including free and open-source software, and services that are on premise, virtual, or cloud-based. The policy applies regardless of funding source.

The defined exceptions are keyboards, mice, computer speakers, webcams, USB drives, power strips, and cables. The helpdesk would be pleased to provide recommendations upon request.

III. Definitions

508 Standards: These standards require all federal agencies, including those who receive federal funding, to make their electronic and information technology (“EIT”) accessible to people with disabilities.

Higher Education Community Vendor Assessment Tool (“HECVAT”): A security questionnaire designed for the higher education community to measure vendor risk.

Information Technology Acquisition: Buying, obtaining, or developing an information technology resource.

Information Technology Resource: Any information technology hardware, software, service, system, or database used in support of college activities. This includes systems and applications hosted on premise or in the cloud.

Learning Tools Interoperability (“LTI”) Advantage: A set of standards governed by IMS Global for third-party tools that integrate with learning management systems. LTI Advantage enhances security for data exchanges between the third-party tool and the learning management system while enhancing the experience for all users.

LTI Advantage Product Certification: IMS Global maintains a product directory for all third-party tools that are certified to comply with LTI Advantage specifications.

Technology Integration: A request to develop an integration between two or more technology resources through data feeds, application programming interface (“API”), or other means.

Voluntary Product Accessibility Template (“VPAT”): A template that explains how information and communication technology (“ICT”) products such as software, hardware, electronic content, and support documentation meet the Revised 508 Standards for IT accessibility.

Web Content Accessibility Guidelines (“WCAG”): A set of guidelines established by the World Wide Web Consortium intended to make web content more accessible. Web content includes text, images, and sounds as well as the code or markup that defines structure or presentation.  The recommended version that should be used for assessing the accessibility of web content is WCAG 2.1 Level AA.

IV. Roles and Responsibilities
  1. Vice President for Information Technology (“VPIT”): The VPIT will follow USG and GGC guidelines for technology procurement including approval by the USG Chief Information Officer when required. The VPIT will review all technology acquisitions, and the approval of the VPIT or designee must be obtained prior to making technology acquisitions. Approvals will be communicated to Business and Finance by IT. Exceptions to this policy must be documented by the VPIT in writing. Technology procurement will follow established procurement processes overseen by the Vice President for Business and Finance.
  2. IT division: The IT division will oversee the consultation and review process for proposed technology acquisitions and services, and as necessary, Information Technology will collaborate and coordinate with subject-matter experts such as Facilities, Operations, Legal Affairs, Disability Services, Communications, etc. IT will maintain an inventory of enterprise software, integrations, and hardware.
  3. Information Security Officer or designee: The Information Security Officer or designee will conduct HECVAT reviews for proposed cloud-based acquisitions.
  4. Executive Director of Academic Technology & Campus Engagement or designee: The Executive Director of Academic Technology & Campus Engagement or designee will: assess the VPAT when proposed acquisitions will be used by 10 or more students; assess LTI 1.3/ LTI Advantage compliance of third-party tool integrations with MyCourses, the academic learning management system; and, facilitate the USG’s required security review of third-party tool integrations with MyCourses, the academic learning management system.
V. Process/Procedures

The IT division must be consulted regarding proposed information technology acquisitions and integrations at the stage when the business need is identified and ideally prior to the selection of a preferred option. Consultations may be requested by contacting the helpdesk. Additionally, IT must be consulted at the early planning stage of any project that includes information technology action items. The IT division must be consulted at the early planning stage if any services provided by a contractor include technology-related action items. Omitting consultation will delay procurement and implementation.

Requests to acquire existing hardware or software standards will be fast tracked when possible including some requests for single-user software licenses.

Requests for technology acquisitions or integrations must be submitted to the helpdesk. As needed, IT will collaborate with the requester/sponsor to document functional and technical requirements for the proposed acquisition/integration and verify that the proposed acquisition/integration will be compatible with all USG and GGC policies and standards. The funding source for initial and recurring costs, if applicable, must be identified and documented. Requesters/sponsors must be willing to serve as partners in all aspects of acquisition, implementation, and maintenance. IT will provide timely updates on the status of requests; statuses include under review, approved, or denied. If a request is denied, an explanation will be provided. Typically, approvals will be documented in a helpdesk ticket or web form and the status of the request will be shared with Budget and Finance.

An evaluation of alternatives may be conducted as part of the review process. Evaluations may be facilitated by IT or another campus unit and will include appropriate campus stakeholders.

Proposed software/service acquisitions must offer significant unique features and functionality. In other words, they may not duplicate features and functionality of currently licensed enterprise software/services. Proposed requisitions that overlap with currently licensed software or services will not be approved. When a software standard to address a specific function has been defined, it should be used.  

Procurement of cloud-based software or services will require submission and approval of a completed HECVAT. The review of the HECVAT will be conducted by the Information Security Officer or designee. The review will be completed within ten business days after receiving the completed HECVAT from the vendor. If a vendor will not provide a HECVAT, another vendor should be identified.

Procurement of services with the intention of integrating with MyCourses, the academic Learning Management System (“LMS”), must include the completion of the USG Security Questionnaire. The Executive Director of Academic Technology & Campus Engagement or designee will provide the completed questionnaire to appropriate USG personnel for approval. USG may deny a request for integration with MyCourses based on their assessment of the USG Security Questionnaire. The review will be completed within twenty-one business days if feasible for USG. Implementation is a separate process with a different timeframe. Complete a MyCourses Integration Request to initiate the approval process.

Procurement of services with the intention of integrating with MyCourses must include vendor provided information on their conformance with LTI Advantage specifically their certification with LTI 1.3. If the vendor is not yet LTI 1.3 or LTI Advantage certified they must provide a statement or product roadmap indicating their timeline for certification to the Executive Director of Academic Technology & Campus Engagement or designate. The Executive Director of Academic Technology & Campus Engagement or designate may request that specific language be written into contracts or other agreements to encourage certification of the LTI 1.3 or LTI Advantage standards.

Procurement of software that will be used by 10 or more students requires completion of a VPAT. The VPAT will be requested and reviewed by the Executive Director of Academic Technology & Campus Engagement or designee. The review will be completed within twenty-one business days.

VI. Compliance

Failure to follow this policy and any associated procedures may subject GGC employees to disciplinary action, up to and including dismissal from employment.

VII. Related Regulations, Statutes, Policies, and Procedures

USG Information Technology Handbook
Higher Ed Community Vendor Assessment Tool (HECVAT)
Voluntary Product Accessibility Template (VPAT)
MyCourses Integration Request
IMS Global LTI Advantage
LTI Advantage Certified Product Directory
Suggested LTI Advantage Requirements for Institutional RFP & Procurement Agreements
USG Business Procedures Manual, Section 3.4.4
Supplier Management: A USG IT Handbook Companion Guide
Data Risk and IT Assessment Form