Non-Standard Form: Software Install

Non-Standard Form: Software Install

Due to recent North Dakota Law changes, software install requests must now go through the Non-Standard IT Request form in Jaggaer. This article is dedicated to just software install requests and how to fill out the form for those requests.

1. Supplier: First look up the company you're getting the software from. If they aren't listed then look up "University Of North Dakota" and select the "PRIMARY-ACH-ACH: (preferred).

2. Not required, but you can add any attachments that you believe could be beneficial like a quote from the company if you have one.

3. Anticipated Cost: For software installs you can input $0.

4. Procurement Method: The most common procurement method will be for non-catalog purchases under $10,000. If you're unsure, just select "<10K Non-catalog purchase," unless you receive different instructions.

5. New purchase, renewal and/or additional module: Select 'New Purchase' for new software downloads. For software upgrades, click 'Additional Modules'. Use 'Renewals' if the software wasn't processed through this form and needs updating in our system.

6. What is it: For desktop application installs you can select "Software", if it is a website click SaaS.

7. What type: Select the most appropriate option for what the software is.

8. Business Need: Write a brief description of what the issue is.

9. Proposed Solution: Write a brief description of how this software solves that problem.

10. How is this consistent with UND LEADS Strategic Plan: UND LEADS focuses on improving educational opportunities for the UND Community. Describe how this initiative will help you or the UND community in enhancing their education.

11. Who will use this application: Select who will be using this software between students, employees and public.

12. End Users: Select the most accurate option of who the end-users are.

13. Does the request meet any of the following criteria: If your software meets any of the options listed then stop filling out the form and fill out the IT Governance form.

14. Data Classification: Click the ? and review what individual data classifies as and select the correct one.

*NOTE - If the data is public and you haven't coordinated with our Legal Team to review that companies EULA you can request an exemption.

To do so click 'Yes, requesting an exemption' and attach a file of their terms and conditions for that software. You can find their EULA online if you look up "[COMPANY NAME/SOFTWARE] Eula agreement".*

15. Integration: If the software needs to connect to another software click yes and list what software it needs to connect to.

16. Payment Info: If the software processes payment methods you must click yes. If it is a software that allows you to put in just your credit card information to buy products the company offers, you can click No.

17. VPAT: A VPAT (Voluntary Product Accessibility Template) is a document that outlines how a product meets accessibility standards. Many companies provide this document, but some do not. If you can't find it online, please email the company to request it. If they refuse to provide it, you can still submit the form.

18. HECVAT: A HECVAT (Higher Education Community Vendor Assessment Toolkit) is a document that outlines a company's data privacy practices. If you can't find it online, please email the company to request a copy. If they refuse to provide it, you can still submit the form.

19. Notes: You do not have to input anything for this section, if everything else is filled out you can click next.

20. You will be prompted to list the unit price, quantity, description and Catalog Number. If no number is listed you can type N/A.

21. Check all the details to make sure they are correct, then click "Add to Cart". You will need to enter a commodity code; type "Software" and choose the first option, then "Proceed to Checkout".

22. When you reach the checkout page, you'll see some information to fill out on the summary tile to the right. Complete that information and click 'Assign Cart'.

23. Assign the cart to whoever is the designated purchaser, which is either in your department OR someone in the business service center.

FAQ

Why do I have to do this?

According to North Dakota law and UND policy changes, any software downloaded on a UND device must now be submitted using the non-standard form. If there is already unapproved software on a device, we will eventually contact you to submit a non-standard form.

We are working to simplify this process for everyone and appreciate your patience as we make these improvements.

My software needs an update, but this software isn't approved by non-standard, what do I do?

If you have software on your device that hasn't been approved by non-standard, we will update it for you. However, we won't install this software on any new devices since that requires a non-standard form. This policy may change as more software gets approved, but for now, you don't need to submit a non-standard form for software updates.

How do I know if my software needs a non-standard form?

You can currently call, chat, or email UIT to inquire about your specific software. We can inform you if it has a non-standard agreement. Please note that this process may change as we strive to make this process easier for everyone involved.

How long does this process take?

We don’t have an exact timeframe for this process, but it typically takes about 2–3 weeks. The form goes through multiple departmental approvals, which you can view in Jaggaer > My Orders > My Requisitions.

If it seems like your form has been pending for a while and appears to be waiting on a specific approver, you’re welcome to reach out to them directly to see if they can help expedite your request.

A sample image of this process is shown below with arrows identifying each step of the process. For privacy, the names have been blurred at each step. In this example, the software request has already been approved by the requesting department, PMO team, IT, Security, and the CIO. The PCI step was bypassed, and the request is currently pending Regulatory Review (Legal).

This stage is marked as “Pending” under Regulatory Review. Although the name is blurred, Jaggaer displays the assigned reviewer, indicated by the “Assigned” icon on the right. The flowchart also shows the remaining approval steps (in this case Capital Expense Approval and Procurement Review) that will occur once the request clears the Regulatory Review stage.

Is my data public, private or restricted?

Please follow this link as it will show you what classifies as public, private or restricted.

If my data usage has already been reviewed by the IRB, why do I still need to complete an NSIT for data security review?

The Institutional Review Board (IRB) and the Nonstandard IT (NSIT) process serve different but complementary purposes.

• IRB Review ensures that research involving human subjects meets ethical and regulatory standards, focusing on participant privacy, consent, and the responsible use of data within the research context.

• NSIT Review ensures that the software, storage, and data-sharing tools used meet UND’s technical, security, accessibility, and procurement requirements.

While IRB approval addresses how data is ethically collected and used, NSIT ensures that the systems handling that data comply with NDUS, North Dakota, and UND policies and laws related to data protection and accessibility.

The NSIT process looks beyond research ethics to include:

• Vendor security standards and data protection measures

• Data storage location and access controls

• Compliance with accessibility requirements under UND and federal policy

• Procurement and contractual compliance for technology solutions

In short, IRB review protects research participants and data ethics, while NSIT review protects the university and its data environment from technical, legal, and security risks.

If you have any further questions regarding the form please reach out to procurement @701-777-2771