STANDARDIZED SOFTWARE STANDARD BUILD STANDARD PROCEDURES



Similar documents
Anchor Bay Schools Software Policy

DOT.Comm Oversight Committee Policy

Medford Public Schools Medford, Massachusetts. Software Policy Approved by School Committee

CITY OF WAUKESHA HUMAN RESOURCES POLICY/PROCEDURE POLICY B-20 SOFTWARE USAGE AND STANDARDIZATION

Information Technology Security Policies

Best Practice exensys Asset Purchases

TABLE OF CONTENTS Information Systems Security Handbook Information Systems Security program elements. 7

This policy applies to all DRC employees, contractors, volunteers, interns and other agents of the state.

OP-P 270 Page 1 of 5. Operating Protocol-Procedure #: 270 Category: Employees Office of Primary Responsibility: Human Resources

Software Asset Management Toolkit

W Y O M I N G D E P A R T M E N T O F CORRECTIONS Policy and Procedure #1.107 Purchasing Card

Denver Public Schools - East High School

Competitive Bid Request for Proposal Re-Keying Project Fairfield & Alfond Campuses

Internal Control Guidelines

Virginia Commonwealth University School of Medicine Information Security Standard

Stated below are the SCIRE activity level control objectives for purchasing and accounts payable.

KAREN E. RUSHING. Audit of Purchasing Card Program

LIVINGSTON COUNTY CREDIT CARD PROCEDURES

DHHS Directive Number II-12

Justice Information Sharing Division ( ND CJIS ), and

UGA Cooperative Extension Service Credit Card Machine Policy

Vance County Schools Individual School Accounting

APHIS INTERNET USE AND SECURITY POLICY

Corporate Property Automated Information System CPAIS. Privacy Impact Assessment

PREPARED BY: AUDIT PROGRAM Author: Lance M. Turcato. APPROVED BY: Logical Security Operating Systems - Generic. Audit Date:

OUR KIDS OF MIAMI-DADE/MONROE, INC. OK Operating NO Revised Date: January 24, 2011 Revised Date: August 25, 2009

Auditor General s Office. Governance and Management of City Computer Software Needs Improvement

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES

Procedure for Procurement and Receipt

MEMORANDUM INTERNAL CONTROL REQUIREMENTS FOR NON-PROFITS

Lyford CISD. Accounts Payable Manual

Information Resources Security Guidelines

O.R.C ;

Information Security Policy and Handbook Overview. ITSS Information Security June 2015

State of Oregon. State of Oregon 1

TREASURER S OFFICE ADMINISTRATIVE STANDARDS FOR THE TREASURER S FISCAL PROCEDURE No MERCHANT DEBIT AND CREDIT CARD RECEIPTS

Caldwell Community College and Technical Institute

Hardware Inventory Management Greater Boston District

RIVERSIDE SCHOOL DISTRICT NO. 2 FIXED ASSETS PROCEDURES MANUAL

CITY OF SAN DIEGO ADMINISTRATIVE REGULATION Number PAYMENT CARD INDUSTRY (PCI) COMPLIANCE POLICY. Page 1 of 9.

Finance and Administration Cabinet Manual of Policies and Procedures. Agency Head means an individual who oversees the operations of the agency.

State of Ohio IT Policy

FSIS DIRECTIVE

The supply of materials and services for the University must be undertaken as follows:

Welcome to the ODE Secure Web Portal User Guide

Procurement Card. Procedures Manual

The ComplianceVault Archiving & Retrieval Appliance and the SEC a-4 Requirements

Guide for the Role and Responsibilities of an Information Security Officer Within State Government

PROCUREMENT CARD AUDIT ANALYTICAL REVIEWS OCTOBER 14, 2013

Administrative Policies and Procedures Manual 801 PURCHASING GOODS AND SERVICES

Vulnerability Management Policy

51 JS-R STUDENT USE OF INFORMATION TECHNOLOGY RESOURCES

THE CITY OF YOUNGSTOWN REGISTRATION OF SPECIALTY CONTRACTORS

VIRTUAL LEARNING ACADEMY CHARTER SCHOOL POLICY EMPLOYEE ACCEPTABLE USE POLICY

Department of Veterans Affairs VA HANDBOOK 4090 GOVERNMENT FLEET CARD PROCEDURES

Pitt County Schools Individual School Accounting. Internal Controls and Responsibilities Fiscal Year

Prepared by Office of Procurement and Real Property Management. This replaces Administrative Procedure No. A8.255 dated July 2012

Index #: Page 1 of 7

STATE OF OHIO I. AUTHORITY

micros MICROS Systems, Inc. Enterprise Information Security Policy (MEIP) August, 2013 Revision 8.0 MICROS Systems, Inc. Version 8.

Sub. H.B. 9 * 126th General Assembly (As Reported by H. Civil and Commercial Law)

Software Cost. Discounted STS Rate Units Total $0.00 $0.00 $0.00 $0.00 Total $0.00

Service Schedule for CLOUD SERVICES

Tender # C ; Implementation of Cloud ERP solution for Oman Rail Company

1. The records have been created, sent or received in connection with the compilation.

BELTUG Paper. Software Licensing Audits Checklist

Travel Card Policy and Procedure Manual

Transcription:

Approved: Shobna Varma Deputy Director Standard Procedure No.: 242-004 (SP) Responsible Office: Division of Information Technology STANDARDIZED SOFTWARE STANDARD BUILD STANDARD PROCEDURES PURPOSE: The purpose of this Standard Procedure is to ensure uniform standards are followed for the management of all personal computers and workstations software distribution as well as adhered to all laws, regulations, policies and statewide standards for the installation of software used by the Ohio Department of Transportation. The procedures of this policy will ensure standards for properly licensed software to be loaded on all information systems. These standards will reduce the complexity of tracking software on individual hard drives, consistent applications and versions, along with providing manageable supporting needs. It is ODOT s policy to complete timely physical inventories for all assets on an annual basis to ensure accuracy, reliability and compliance to the ODOT Inventory Policy. Quality Assurance Reviews will be conducted by the Division of Information Technology to ensure compliance of these software standards. AUTHORITY: United States Code Title 17: United States Copyright Law ORC 2913.02, ORC 2901.01 (J)(I) ORC 2921.01 (A), ORC 2909.05 (B)(2), ORC 2909.04 (A), ORC 2913.42 REFERENCES: Ohio DAS Policies ITP A.5 and ITP A.26 ODOT Policy 28-005(P), Software Copyright Compliance Policy ODOT Policy 220-001(P) Quality Assurance Review Policy ODOT Policy 210-001(P) Inventory Policy Software Publishers Association State of Ohio Agreement: http://state.oh.us/img

Page 2 of 9 SCOPE: All ODOT Divisions, Offices and Districts and all technical and end user personnel, all ODOT consultants, vendors, and contractors who use ODOT computer equipment and software. GENERAL: Maintaining control over software licenses and standards for ease of support by uniformity, ODOT has developed policies and procedures to assist in the task of identifying and inventorying the software resident on personal computers and information systems. The Federal Copyright Act makes no distinction between duplicating software for sale or for free distribution. The law protects the exclusive rights of the copyright holders and does not give users the right to copy proprietary software unless a backup copy is not provided by the manufacturer. It is illegal to make copies of proprietary software for any other purpose unless the license agreement stipulates otherwise. The State of Ohio entered into an agreement with the Software Publishers Association (SPA) with the express intent that all Executive Branch State Agencies will adhere to software license agreements. The Division of Information Technology has set forth a plan to identify standard software builds while maintaining an inventory of software licenses. This plan will assist in reconciling software licenses against software proof of purchase and be able to analyze risk assessments regarding user access beyond controlled servers. Periodic reviews will be conducted to ensure compliance with licensing agreements and risk assessments. This procedure replaces all previously released memoranda regarding this topic. DEFINITIONS: Base Build: A set foundation of the fundamental build containing the underlying software that the organization operates. Standard Build: The agreed upon software load placed on the Standard Office Automation or CADD workstation, using a standardized distribution method. Variance: A deviation from the standard build supplied to the Department, Office or District.

Page 3 of 9 PROCEDURE: I. STANDARD BUILD A. All employees, consultants, and contractors must use the base build on ODOT owned computers. Any additions to the base build must be legally licensed, and approved by the Deputy Director of the Division of Information Technology or authorized designee. B. All base builds will follow the Departmental standards and platforms set forth by the Division of Information Technology. II. VARIANCES A. In order to facilitate the Standard Office Automation or CADD workstation standard build the following apply to Departments, Offices, and/or Districts whom must have a variance from the base build (Attachment 3): 1. List reason why there would be a different build. 2. Submit to the appropriate level, Office Manager (or District I.T. Manager) for review and completion. 3. The Office Administrator (or District Business & Human Resource Administrator) will review, comment, approve or disapprove the variance and forward to DD or DDD. 4. The DD or DDD will review, comment, approve or disapprove the variance. 5. The approved variance form from DD or DDD shall be sent to the Division of Information Technology for final approval. 6. The approved form shall be kept by the Office of Resource Management. 7. The authorized designee shall also file and maintain the variance form for the Department, Office or District in which the variance applies. 8. If the variance list is changed this process will repeat for approval. 9. Upon approval, a copy of the software license should be filed with the Division of Information Technology, the original shall be maintained onsite at the appropriate District office. III. SOFTWARE ACQUISITION PROCEDURES A. Procurement of software must follow the Software Purchase Authorization Plan (Attachment 1). B. The Office of Resource Management will monitor the number of users and the number of legal licenses and determine purchasing requirements.

Page 4 of 9 IV. SOFTWARE INSTALLATION, MANAGEMENT and REMOVAL A. All technical or user personnel who install software must be authorized to do so. This will minimize the unauthorized installation of software and ensure that software is being used in accordance with license agreements. This process is included in the Software Purchase Authorization Plan (Attachment 1). B. All software license agreements with specific software serial numbers noted will be retained and filed at an ODOT facility (Division of Information Technology or District.) C. All base build software versions throughout the Department will be maintained by the Division of Information Technology. D. A Code of Ethics script will be provided on the base standard build. The script will prompt an identification and reference of the DAS and ODOT policies to assure user awareness. E. All removal of software from specific computer systems will need to follow the Software Removal Plan (Attachment 2) for proper inventory purposes and recording of license distribution. V. COMPLIANCE A. Annual reviews will be performed by the Division of Information Technology in accordance to the Office of Quality, Quality Assurance Review Policy (QAR), to assure license agreements are honored and standards are followed. B. The variance list supplied to the Division of Information Technology will be used in the QAR review. C. Non-compliant software will be noted on the QAR and will be removed. If the software is determined to be necessary for performing a business function, the request for variance should be submitted as per Section II, Part A of the standard procedure. D. The QAR action plan will identify the impact and recommendations associated for non-compliance issues. E. Review findings will be saved to provide a computer history for future reviews and risk assessments.

Page 5 of 9 TRAINING: A Code of Ethics script will be supplied on all base standard builds. This script along with the distribution of the Standard Procedures associated with this policy and the Software Compliance Policy to inform all end users of DAS and ODOT policies. Individuals found to be in violation will be identified by conducting annual reviews in the form of a QAR assessment.

Page 6 of 9 Attachment 1 Software Purchase Authorization Plan I. All software purchases must be approved by the Deputy Director of the Division of Information Technology, or authorized designee for the pre-approval process or blanket purchase. (Attachment 4) II. III. Software checked for ODOT approved standard. (A list of approved software that can be purchased to maintain standards will be published on the Division of Information Technology website) All software purchases are logged with the following information for inventory and tracking: A. Name of requestor B. Name of installer C. Purchase date D. Version of software E. Description of software F. Type of maintenance provided with software G. Serial number of resident hardware, unless under site license H. Name of authorized user I. Quantity J. Location of: 1. Department that is responsible 2. Office of installed software 3. Registration card 4. License agreement K. Copy of purchase documentation

Page 7 of 9 Attachment 2 Software Removal Plan I. List of software removed II. All software removed are logged with the following information for inventory and tracking: A. Name of software B. Name of assigned user C. Serial number of resident hardware D. Location of Department E. Location of Office

Page 8 of 9 Attachment 3 See Base Build Variance form on next page

Page 9 of 9 Base Build Variance Form Instructions to receive approval for variance: 1) Print or type 2) Provide list of variance from standard base build for workstations 3) Forward form to the Office Administrator FILL OUT FORM COMPLETELY Name: Work # Division/Office: Cost Center: List Variance from Base Build List reason for variance: ADMINISTRATIVE REVIEWS AND SIGNATURES Office Administrator/Manager Approved Disapproved Date Division/District Deputy Director Approved Disapproved Date Division of Information T echnology Deputy Director Approved Disapproved Date Explanation for Disapproval: Instructions: 1.Submit to the appropriate level for review and completion. 2.The Office Administrator (or District Business & Human Resource Administrator) will review, comment, approve or disapprove the variance. 3.The DD or DDD will review, comment, approve or disapprove the variance. Approvals are forwarded to DoIT. 4.DoIT DD approves or disapproves, then forwards to the Office of Resource Management 5.Office of Resource Management processes form and notifies office of status

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information