STANDARDIZED SOFTWARE STANDARD BUILD STANDARD PROCEDURES

Transcription

1 Approved: Shobna Varma Deputy Director Standard Procedure No.: (SP) Responsible Office: Division of Information Technology STANDARDIZED SOFTWARE STANDARD BUILD STANDARD PROCEDURES PURPOSE: The purpose of this Standard Procedure is to ensure uniform standards are followed for the management of all personal computers and workstations software distribution as well as adhered to all laws, regulations, policies and statewide standards for the installation of software used by the Ohio Department of Transportation. The procedures of this policy will ensure standards for properly licensed software to be loaded on all information systems. These standards will reduce the complexity of tracking software on individual hard drives, consistent applications and versions, along with providing manageable supporting needs. It is ODOT s policy to complete timely physical inventories for all assets on an annual basis to ensure accuracy, reliability and compliance to the ODOT Inventory Policy. Quality Assurance Reviews will be conducted by the Division of Information Technology to ensure compliance of these software standards. AUTHORITY: United States Code Title 17: United States Copyright Law ORC , ORC (J)(I) ORC (A), ORC (B)(2), ORC (A), ORC REFERENCES: Ohio DAS Policies ITP A.5 and ITP A.26 ODOT Policy (P), Software Copyright Compliance Policy ODOT Policy (P) Quality Assurance Review Policy ODOT Policy (P) Inventory Policy Software Publishers Association State of Ohio Agreement:

2 Page 2 of 9 SCOPE: All ODOT Divisions, Offices and Districts and all technical and end user personnel, all ODOT consultants, vendors, and contractors who use ODOT computer equipment and software. GENERAL: Maintaining control over software licenses and standards for ease of support by uniformity, ODOT has developed policies and procedures to assist in the task of identifying and inventorying the software resident on personal computers and information systems. The Federal Copyright Act makes no distinction between duplicating software for sale or for free distribution. The law protects the exclusive rights of the copyright holders and does not give users the right to copy proprietary software unless a backup copy is not provided by the manufacturer. It is illegal to make copies of proprietary software for any other purpose unless the license agreement stipulates otherwise. The State of Ohio entered into an agreement with the Software Publishers Association (SPA) with the express intent that all Executive Branch State Agencies will adhere to software license agreements. The Division of Information Technology has set forth a plan to identify standard software builds while maintaining an inventory of software licenses. This plan will assist in reconciling software licenses against software proof of purchase and be able to analyze risk assessments regarding user access beyond controlled servers. Periodic reviews will be conducted to ensure compliance with licensing agreements and risk assessments. This procedure replaces all previously released memoranda regarding this topic. DEFINITIONS: Base Build: A set foundation of the fundamental build containing the underlying software that the organization operates. Standard Build: The agreed upon software load placed on the Standard Office Automation or CADD workstation, using a standardized distribution method. Variance: A deviation from the standard build supplied to the Department, Office or District.

3 Page 3 of 9 PROCEDURE: I. STANDARD BUILD A. All employees, consultants, and contractors must use the base build on ODOT owned computers. Any additions to the base build must be legally licensed, and approved by the Deputy Director of the Division of Information Technology or authorized designee. B. All base builds will follow the Departmental standards and platforms set forth by the Division of Information Technology. II. VARIANCES A. In order to facilitate the Standard Office Automation or CADD workstation standard build the following apply to Departments, Offices, and/or Districts whom must have a variance from the base build (Attachment 3): 1. List reason why there would be a different build. 2. Submit to the appropriate level, Office Manager (or District I.T. Manager) for review and completion. 3. The Office Administrator (or District Business & Human Resource Administrator) will review, comment, approve or disapprove the variance and forward to DD or DDD. 4. The DD or DDD will review, comment, approve or disapprove the variance. 5. The approved variance form from DD or DDD shall be sent to the Division of Information Technology for final approval. 6. The approved form shall be kept by the Office of Resource Management. 7. The authorized designee shall also file and maintain the variance form for the Department, Office or District in which the variance applies. 8. If the variance list is changed this process will repeat for approval. 9. Upon approval, a copy of the software license should be filed with the Division of Information Technology, the original shall be maintained onsite at the appropriate District office. III. SOFTWARE ACQUISITION PROCEDURES A. Procurement of software must follow the Software Purchase Authorization Plan (Attachment 1). B. The Office of Resource Management will monitor the number of users and the number of legal licenses and determine purchasing requirements.

4 Page 4 of 9 IV. SOFTWARE INSTALLATION, MANAGEMENT and REMOVAL A. All technical or user personnel who install software must be authorized to do so. This will minimize the unauthorized installation of software and ensure that software is being used in accordance with license agreements. This process is included in the Software Purchase Authorization Plan (Attachment 1). B. All software license agreements with specific software serial numbers noted will be retained and filed at an ODOT facility (Division of Information Technology or District.) C. All base build software versions throughout the Department will be maintained by the Division of Information Technology. D. A Code of Ethics script will be provided on the base standard build. The script will prompt an identification and reference of the DAS and ODOT policies to assure user awareness. E. All removal of software from specific computer systems will need to follow the Software Removal Plan (Attachment 2) for proper inventory purposes and recording of license distribution. V. COMPLIANCE A. Annual reviews will be performed by the Division of Information Technology in accordance to the Office of Quality, Quality Assurance Review Policy (QAR), to assure license agreements are honored and standards are followed. B. The variance list supplied to the Division of Information Technology will be used in the QAR review. C. Non-compliant software will be noted on the QAR and will be removed. If the software is determined to be necessary for performing a business function, the request for variance should be submitted as per Section II, Part A of the standard procedure. D. The QAR action plan will identify the impact and recommendations associated for non-compliance issues. E. Review findings will be saved to provide a computer history for future reviews and risk assessments.

5 Page 5 of 9 TRAINING: A Code of Ethics script will be supplied on all base standard builds. This script along with the distribution of the Standard Procedures associated with this policy and the Software Compliance Policy to inform all end users of DAS and ODOT policies. Individuals found to be in violation will be identified by conducting annual reviews in the form of a QAR assessment.

6 Page 6 of 9 Attachment 1 Software Purchase Authorization Plan I. All software purchases must be approved by the Deputy Director of the Division of Information Technology, or authorized designee for the pre-approval process or blanket purchase. (Attachment 4) II. III. Software checked for ODOT approved standard. (A list of approved software that can be purchased to maintain standards will be published on the Division of Information Technology website) All software purchases are logged with the following information for inventory and tracking: A. Name of requestor B. Name of installer C. Purchase date D. Version of software E. Description of software F. Type of maintenance provided with software G. Serial number of resident hardware, unless under site license H. Name of authorized user I. Quantity J. Location of: 1. Department that is responsible 2. Office of installed software 3. Registration card 4. License agreement K. Copy of purchase documentation

7 Page 7 of 9 Attachment 2 Software Removal Plan I. List of software removed II. All software removed are logged with the following information for inventory and tracking: A. Name of software B. Name of assigned user C. Serial number of resident hardware D. Location of Department E. Location of Office

8 Page 8 of 9 Attachment 3 See Base Build Variance form on next page

9 Page 9 of 9 Base Build Variance Form Instructions to receive approval for variance: 1) Print or type 2) Provide list of variance from standard base build for workstations 3) Forward form to the Office Administrator FILL OUT FORM COMPLETELY Name: Work # Division/Office: Cost Center: List Variance from Base Build List reason for variance: ADMINISTRATIVE REVIEWS AND SIGNATURES Office Administrator/Manager Approved Disapproved Date Division/District Deputy Director Approved Disapproved Date Division of Information T echnology Deputy Director Approved Disapproved Date Explanation for Disapproval: Instructions: 1.Submit to the appropriate level for review and completion. 2.The Office Administrator (or District Business & Human Resource Administrator) will review, comment, approve or disapprove the variance. 3.The DD or DDD will review, comment, approve or disapprove the variance. Approvals are forwarded to DoIT. 4.DoIT DD approves or disapproves, then forwards to the Office of Resource Management 5.Office of Resource Management processes form and notifies office of status