Get StartedFill out the Software Decision Analysis Questionnaire Email PMO
Are you looking at software that has already been through a software decision analysis?Reviewed Software & Departmental Apps
Software Decision Analysis
Before a new piece of software is introduced at ODU, ITS needs to review it for compatibility and security, especially if it will require the collection of personal data, the use of ITS systems and resources, or ongoing maintenance by ITS.
Here's how the process works:
- To get the process started, fill out the Software Decision Analysis Questionnaire at least eight weeks prior to the software's renewal date or purchase deadline.
- Our Security Team will contact you and the vendor to gather information and review compatibility issues over the next 4-6 weeks. We will make our recommendations and document any risks that we find.
- System and data owners must accept and approve the software before procurement makes the purchase.
See the full process flowchart here.
As you fill out the questionnaire, you need to identify three specific people by name.
(not units or departments)
Data owners are University employees (typically at the level of Registrar or Unit Director) who are responsible for decisions about the usage of institutional data under their purview. The data owner approves access to their data, and approves sharing of their data.
This person classifies the sensitivity and compliance requirements for the data and communicates data protection requirements to the System Owner.
The system owner is the manager or department head who is responsible for the operation and maintenance of the system or who is the contract owner for a hosted system. (This is usually someone outside of ITS.)
This person classifies the system based on the classification of the data, and is responsible for the overall security and compliance of the system according to ODU policy, ITS standards and Commonwealth and Federal laws and regulations.
The application administrator establishes, monitors and operates the application in a manner consistent with IT security policies and standards. This is usually someone outside of ITS, and arrangements for application administration should be made prior to purchasing an application.
This person protects the data from unauthorized access, alteration, destruction or usage in accordance with the requirements established by the system and data owners.