Last updated 06/2024
Software (which includes web-based applications such as online scheduling and graphics creation apps) is now classified under one of three categories:
- Pre-approved for purchase
- Must be reviewed before purchasing
- Must be purchased through DTS
You can expand each category below to see lists of specific software. Approved data storage types are also clarified for each piece of software.
Overview
In order to maintain compliance with USC’s evolving network infrastructure and mandatory University information security policies set by the Office of the Chief Information Security Officer (OCISO), it has become necessary to standardize the procurement process for all Dornsife-funded technology resources and services. Following this process ensures Dornsife Technology Services (DTS) can provide quality support for all Dornsife faculty and staff, as well as fulfill Dornsife’s obligations to the University.
Purpose
This local policy helps Dornsife departments understand the correct procurement process for the purchase of IT equipment, software, and services in compliance with USC and Dornsife standards. It also helps departments understand the reasoning and methodology behind policy requirements.
Scope
This local policy applies to all departments, faculty members, staff, and other employees within Dornsife, and covers all technology resources—such as IT equipment and software—and services procured with Dornsife funds, including research and grant funds administered by Dornsife.
Requirements
Asset purchasing requirements follow: please email us at ts@dornsife.usc.edu for questions about specific assets or about any assets you do not see listed below. We will periodically update these lists based on the requests we receive.
Assets pre-approved for purchasing
At USC Dornsife, an asset is pre-approved for purchasing after a careful assessment of whether the asset's properties require it to be governed by the OCISO's policies, which set forth standards and requirements for equipment inventory, asset management, network security, and data protection.
Pre-approved hardware
- Computer peripherals: Monitors, keyboards, mice, webcams, microphones, headphones and earphones, cables and adapters
- Other hardware: Local wired printers (not connecting to the USC network), scanners, projectors, cameras and video cameras (non-surveillance), memory cards for cameras, video cameras, and audio recorders, security keys/tokens
- Ergonomic standing desk converter or adjustable lift system sitting/standing desk (we recommend checking the size and weight rating of the equipment against your desk and computer equipment)
We strongly encourage that all hardware be purchased through DTS whenever possible. Purchasing an asset outside the DTS service catalog may result in the purchase of technology incompatible with existing DTS-managed equipment and University systems, and may hinder or prohibit DTS's ability to provide setup, installation, maintenance, and support through the asset's lifecycle.
Pre-approved software
Software
Storage type
Approved purchasing methods
Data approved for storage
Affinity
Local
Any USC-approved method
Public, internal, and confidential data as long as being used on an encrypted device
ArcGIS Desktop
Local
Purchase through
https://spatial.usc.edu/software/proprietary-software-faculty/
Public, internal, and confidential data as long as being used on an encrypted device
Canvas X Draw
Local
Any USC-approved method
Public, internal, and confidential data as long as being used on an encrypted device
CorelDRAW
Local
Any USC-approved method
Public, internal, and confidential data as long as being used on an encrypted device
Endnote
Local
Any USC-approved method
Public, internal, and confidential data as long as being used on an encrypted device
Filemaker Pro
Local
Any USC-approved method
Public, internal, and confidential data as long as being used on an encrypted device
GraphPad
Local
If
purchased through DTS, volume discounts may be available
Public, internal, and confidential data as long as being used on an encrypted device
MathType
Local
Any USC-approved method (p-card recommended)
Public, internal, and confidential data as long as being used on an encrypted device
Mplus
Local
Any USC-approved method
Public, internal, and confidential data as long as being used on an encrypted device
Nota Bene
Local
Any USC-approved method
Public, internal, and confidential data as long as being used on an encrypted device
PyMOL
Local
Any USC-approved method
Public, internal, and confidential data as long as being used on an encrypted device
Scrivener
Local
Any USC-approved method
Public, internal, and confidential data as long as being used on an encrypted device
Snagit
Local
Any USC-approved method
Public, internal, and confidential data as long as being used on an encrypted device
SnapGene
Local
Any USC-approved method
Public, internal, and confidential data as long as being used on an encrypted device
Stat/Transfer
Local
Any USC-approved method
Public, internal, and confidential data as long as being used on an encrypted device
UltraEdit
Local
Any USC-approved method
Public, internal, and confidential data as long as being used on an encrypted device
See also: Understanding data classifications at USC
How to purchase pre-approved assets
Pre-approved assets can be purchased through one of the following USC-approved methods:
- DTS service catalog
- Dornsife Business Office: Submit your request through your department's assigned procurement specialist
- Your department: Utilize your departmental p-card
- Workday Finance: Initiate your requisitions in Workday; catalog suppliers will connect to Marketplace (formerly eMarket) for shopping
While we strongly encourage using one of the methods listed above, reimbursements are permitted if necessary and reasonable to complete the work as per University policy.
Travel card retail purchases are not permitted.
Assets which must be reviewed by DTS before purchase
Cloud-based software must be reviewed by DTS before purchase, as DTS is required by the OCISO to confirm that no confidential data will be stored on the software. You can email ts@dornsife.usc.edu or directly submit a cloud service request.
Cloud-based software are services that run on and store data on the web (require an Internet connection). For instance, these are some common types of cloud services:
- Online storage and hosting services
- Online calendar scheduling applications
- Online newsletter and graphics creation services
- Online AI-based services
Examples of software which must be reviewed by DTS before purchase
Software
Storage type
Approved purchasing methods
Data approved for storage
Asana
Cloud
After DTS review and approval, can be purchased through Workday or by p-card
Public and internal data only; not approved for confidential data
Basecamp
Cloud
After DTS review and approval, can be purchased through Workday
Public and internal data only; not approved for confidential data
Canva
Cloud
After DTS review and approval, can be purchased by p-card
Public and internal data only; not approved for confidential data
Grammarly
Cloud
After DTS review and approval, can be purchased through Workday
Public and internal data only; not approved for confidential data
Trello
Cloud
After DTS review and approval, can be purchased through Workday
Public and internal data only; not approved for confidential data
Zotero
Cloud
After DTS review and approval, can be purchased by p-card or through reimbursement
Public and internal data only; not approved for confidential data
See also: Understanding data classifications at USC
Assets which must be purchased through DTS
Hardware which must be purchased through DTS
USC Dornsife is required to comply with mandatory University information security policies set by the OCISO. The following assets fall under the OCISO's governance and consequently must be purchased through the DTS service catalog:
- Desktop computers, workstations, laptops, tablets, and servers
- Storage devices such as flash drives and hard drives, and memory cards used for devices other than cameras or recorders
- Network devices such as routers and firewalls
- Mobile phones and hotspot devices
- Network/wireless printers
- Streaming devices
- Smartwatches
Email ts@dornsife.usc.edu for any other hardware assets not specifically named in the pre-approved list.
The following information security policies apply:
-
Asset Management Policy § 5.1 requires that any hardware assets used for information and information processing be inventoried
-
Endpoint Security Policy § 5.1 requires the configuration of information systems for protection against unauthorized or malicious use in accordance with industry-accepted system hardening standards
-
Endpoint Security Policy § 5.8 requires the installation of encryption on all USC-owned technology resources prior to usage of the resource to store or access USC data
-
Third-Party Security Risk Management Policy § 5.1–5.6 set forth the conditions by which third-party services and products must abide
How to purchase assets through DTS
Standard assets
Custom assets not listed in the DTS service catalog
In some cases (for instance, scientific computing and laboratory instrumentation assets), it may be necessary to request custom assets through the following links:
Our criteria for approval of custom assets includes, but is not limited to, the following characteristics:
-
Security capability: Does the request comply with USC's information security policies? For example, if a device, does it contain the required hardware (e.g., Trusted Platform Module) in order to be encrypted, per USC’s endpoint security policy?
-
Alignment with DTS recommendations: Does the request meet current DTS recommendations and best practices for the particular purpose?
-
Compatibility: Is the request compatible with existing USC and Dornsife systems, processes, networks, and applications?
-
Manufacturer/vendor: If a device, is it made by, and sold by, a reputable manufacturer or vendor? Does the manufacturer offer a supportable warranty for the service life of the device? Does the vendor have an existing relationship with USC?
-
Server support: Has budgeting been allocated for the support, maintenance, and administration of any servers throughout their projected lifetime?
It is important to note that even if the requested asset meets the criteria above, it may still be prohibited for other reasons. DTS will always provide guidance and work with departments to procure IT equipment and software which comply with policy and meet department technology needs.
Assets which are not approved for purchase
When DTS receives a reimbursement request for an asset that stores sensitive data and isn’t on the pre-approved list, DTS must reach out to the OCISO to request a policy exception.
Software not approved for purchase
The following software has been denied a policy exception by OCISO and cannot be reimbursed:
- Any password manager that is not 1Password
Asset return process
Requests to return new IT equipment should be initiated as soon as possible. Please submit your request as a ticket to the DTS Help Desk. Return policies vary by vendor, but DTS will assist Dornsife departments and staff in assessing the options available if the return window has closed.
At the end of the asset's useful life, or upon the separation of the asset user from the University, all IT equipment must be returned to DTS, per USC’s asset management policy. Please review our guide, "Returning DTS-managed IT equipment."
Exceptions
IT equipment, software, and services purchased outside the procurement processes detailed above cannot be supported, financially or otherwise, by Dornsife. Purchasers are advised to return such assets to the place of purchase for a refund and to submit a new purchase request through the DTS service catalog.
Contact
Dornsife Technology Services
Email: ts@dornsife.usc.edu
Phone: 213-740-2775
Hours: M–F, 9am–5pm