IT Procurement

Software
IT Sourcing Intake Form

Links

Get Help

In coordination with Duke Supply Chain Management, the Office of Information Technology (OIT) has established the following processes for all new software contracting

The IT purchases outlined below must be reviewed and approved by OIT as part of the IT Sourcing Intake process, a process that must be completed prior to purchasing. 

IMPORTANT: DUHS/DHTS business units (including the School of Nursing and the School of Medicine) in need of sourcing assistance should open a demand ticket.  Click on Get IT ➡️ Featured Requests ➡️ New Duke Health Project.

University business units should adhere to management center-specific processes for spending reviews and approvals of all capital and non-capital expenditures. 

Purchases of an IT product or service with the following criteria will require further review:

  • It will be used for sensitive data as defined in the Data Classification Standard
  • It will involve a contractual commitment on behalf of Duke University, regardless of cost

Approvals of Contractual Commitments

OIT approval is required for the following categories of IT systems/services: 

  • Software Licenses beyond individual consumer license purchases 
  • Web, application, or software development
  • External vendor contracts such as AV Integration and IT consulting

Note: Purchases from Duke Software Licensing do not need central review.

Exclusions

The only approved services for cloud storage of Duke data classified as sensitive or restricted as per Duke Data Classification Standard are those listed on the Duke Services and Data Classification web page.  

All other services that involve cloud storage, or the transit of Duke data from campus to other locations, require a Duke IT Security Office Vendor Risk Assessment.

If the service you would like to use stores Duke sensitive and restricted data in a cloud environment, it may not be used unless explicitly listed on the Duke Services and Data Classification web page.

Should you have questions about this process, contact security@duke.edu.

IT Procurement Process

After you complete the IT Sourcing Intake process, a Duke Supply Chain sourcing manager will be assigned to review your request. Follow your departmental / unit internal financial and IT approval process.

  • Complete the necessary reviews (see below) before submitting the IT Sourcing Intake form. 
  • Complete the IT Sourcing Intake Form 

You will be contacted when your request is in progress and throughout the review process until it is completed. For additional information and/or questions contact ITSourcing-procurement@duke.edu.

Information Needed to Complete the IT Sourcing Intake Form

Software Licensing:

  • Cost – Business owner, purchase amount, annual cost, term of license/lease (ex. 1-3 years)
  • Information Technology Security Office (ITSO) security review and approval date (ex. in progress, completed) 
  • Shibboleth integration form (Sign-on / Security Assertion Markup Language (SAML))
  • If Credit Card integration is needed (e-commerce)
  • Third-party integrations 
  • OARC (Office of Audit, Risk & Compliance) review if student data or PII is involved

Web, Application or Software Development

  • Cost – Business owner, purchase amount, annual cost, term of license/lease (ex. 1-3 years)
  • Information Technology Security Office (ITSO) security review and approval date (ex. in progress, completed) 
  • Shibboleth integration form (Sign-on / Security Assertion Markup Language (SAML))
  • If Credit Card integration is needed (e-commerce)
  • Third-party integrations 
  • OARC (Office of Audit, Risk & Compliance) review if student data or PII is involved

Audio Visual

  • Cost - Business owner for integration, consultation, and design costs; hardware costs (if any), and annual support costs
  • Competitive bids from at least 3 vendors
  • Third-party integrations 
  • Information Technology Security Office (ITSO) security review and approval date (ex. in progress, completed)

IT Consulting/Professional Services 

  • Cost – Business owner, purchase amount, annual cost, term of license/lease (ex. 1-3 years)
  • Information Technology Security Office (ITSO) security review and approval date (ex. in progress, completed) 
  • Shibboleth integration form (Sign-on / Security Assertion Markup Language (SAML))
  • If Credit Card integration is needed (e-commerce)
  • Third-party integrations 
  • OARC (Office of Audit, Risk & Compliance) review if student data or PII is involved

 

Related News