Ä¢¹½ÊÓƵ

Once you and your OIT partners have narrowed down your possible vendors, it is important to consider these items when vetting your selections:

Recommended Actions

• Experience the software: Get detailed demonstrations of the platform in real-world scenarios, even if only for a short time. Get hands-on with the software, especially if the vendor can provide you with a live test or "sandbox" environment. If possible, a pilot program or "User Assurance Testing" utilizing individuals that will be using the platform in their everyday work can be extremely helpful.
• Request references to obtain feedback from actual customers.
• Confirm Service Level Agreements (SLAs) with the vendor to assure that their services will closely meet your needs.
• Inquire about educational/institutional discounts and leverage any university memberships.
• Include Legal Affairs when dealing with click-through terms and conditions agreements.
• OIT will also work with you to complete a security assessment of the vendor and product. This is critical to ensure SMU data is protected!

Pitfalls to Avoid

• Be cautious of free or open-source software, where SMU data is not protected in the same way as software secured through a contract.
• Free trials of software, while helpful, can also expose SMU data inappropriately. Ensure that you are aware of any trial terms and conditions.
• Avoid automatic subscription renewals, as they can be easy to forget about and renew even if you aren't using the service anymore.
• Verbal assurances from vendors should be treated with skepticism, as they cannot be enforced like a written contract.
• Smaller vendors, while possibly providing a cutting-edge service, may not have mature business and security practices. Do your due diligence.

Working alongside your partners in OIT, identify multiple vendors with platforms that can meet the requirements you have found during the investigation phase. You may want to consider obtaining input from peer institutions to help narrow down your selections and find what has worked well in the past with others. You will also want to screen your selections for these important aspects:

Risk, Security, and Privacy
All software must comply with SMU policies and legal requirements when accessing university data. This includes sensitive information such as Personally Identifiable Information (PII), FERPA/HIPAA data, and credit card details. The Office of Information Technology (OIT) will partner with you to complete a security assessment.

Accessibility
Your platform must meet standard digital accessibility guidelines to ensure an inclusive experience for all users.

Single Sign-On
OIT will help verify that your system supports SMU’s standard single sign-on (SSO) methods for seamless authentication.

Data Requirements
We will work with you to evaluate your software’s data needs and secure the necessary approvals. This includes integrating with existing SMU systems such as my.SMU, STABLE, and other university platforms.

Once you have identified and tested the solution, you will need to secure funding and purchase the software. 

• All software contracts should be processed in Cobblestone. 
• Click through agreements should be downloaded initially upon subscription and then downloaded regularly when a subscription is renewed.

For software that is funded under the University Hardware and Software fund, OIT will also ensure the item is added to our CMDB with the appropriate data fields assigned for business continuity and license compliance. 

For more detailed purchasing information, visit the Purchasing website.