Looking to purchase or acquire new software or web-based service for UNT? Follow this checklist to help ensure it's approved in a timely manner.

Gather information

• It is the responsibility of the individual requesting the product to gather this information.

• Department and vendor checklists are also available for guidance at the IT Compliance Technology Risk Assessment webpage.

• Product information

  • Local install?

  • Cloud-based?

  • Licensing requirements?

  • Technical needs?

• Get vendor contacts (sales & technical)

• Ask the vendor if they have a 'VPAT' or Voluntary Product Accessibility Template.

  • https://www.section508.gov/sell/vpat/

  • Used to determine software's ability to meet accessibility standards.

• Check if vendor/product is already TX-RAMP certified

  • Overview of what TX-RAMP is: https://dir.texas.gov/information-security/texas-risk-and-authorization-management-program-tx-ramp

  • Look for the document "TX-RAMP Certified Cloud Products"

  • TX-RAMP will only apply if it is a Cloud-based product (web-based) or if any information is sent and stored/processed on a server not owned by UNT System / UNT Denton.

• Overview of the entire process from an IT Compliance standpoint: https://technology.untsystem.edu/divisions/citc/it-compliance/technology-risk-assessment-program.php

Where will it be installed?

• General student lab or a computer classroom
  • Use the Request New Software form.
  • Software in these spaces is strictly managed and must include Academic Technologies in consultation before proceeding with purchase or install.
  • Once we have worked with you to determine the logistical needs, proceed to "Submit a TAQ".
• Work-assigned computer or Research lab machine
  • If the software requires the use of a licensing server, or may need local IT to manage it in some way, submit a Request New Software form.
    • Once we have worked with you to determine the logistical needs, "Submit a TAQ".
  • If it is a stand-alone software that will only be installed directly on machines, "Submit a TAQ".
• Device not owned by UNT
  • AT does not support personal devices, but some software, e.g. Adobe Creative Cloud & Office 365, are available to install on personal devices.
  • If you want software purchased by UNT on a personal device, ask us at AT@unt.edu and we can check if there is a way to get it to you under a current license or with discounts.
• Hosted Service/Software
  • Even though AT is not directly supporting this, we highly recommend contacting us with all data from the 'Gather Information' phase by emailing us at AT@unt.edu before you submit the TAQ.
  • If being integrated with a UNT-hosted service (Canvas, etc.), you must "Submit a TAQ".
  • If it's a website, or fully online service, you must "Submit a TAQ".

Submit a Technology Aquisition Questionnaire (TAQ)

• Find the form HERE, or a link to it on IT Compliance's page: https://technology.untsystem.edu/divisions/citc/it-compliance/technology-risk-assessment-program.php
• The TAQ is designed to give IT Compliance the information it needs to determine if your request needs TX-RAMP approval or any other additional compliance needs.
• It is the responsibility of the individual requesting the product to fill out the TAQ.
• Here's an overview of current TAQ questions. If you have additional questions about this submission, contact us at AT@unt.edu.
• It should take approximately 1 week for a TAQ to receive approval, provided the software needs no additional review or coordination with other teams.
• IT Compliance will reach out to you directly once it has approved, or if they have any questions.

After TAQ is submitted:

TAQ may take up to 1 week before it gets released by IT Compliance. If you've gone more than 2 weeks and haven't heard anything, email us at AT@unt.edu. Once it gets reviewed, you will be in one of these three situations:

• TAQ was approved without any need for additional review:
  1. Purchase or acquire the software
  2. If Administrative rights are required to install the software, call our Service Desk and be ready to provide the email from Compliance approving the software, and a tech will install the software on the device.
  3. If it is software that requires additional management, reach out to the IT person you have already been speaking with in Academic Technologies.
• TAQ was insufficient and IT Compliance is requesting additional documents for approval:
  • If acquisition needs more than a TAQ, you will be working with us to get that handled. If we are not included in the process by this point, email us at AT@unt.edu with all the information so we can work on this with you.
• TAQ was denied:
  • Unfortunately you will need to look for an alternative product to achieve your goal or decide if what you wanted to do is viable without that software.

FAQ

Is a TAQ required for any new software?

• Yes. A TAQ is required for all new acquisitions or renewals of software - regardless of cost. The potential impact of that software on existing systems and the protection of secure data is independent of the price of that software.

What if I am buying a piece of scientific equipment and it comes with software that needs to be installed on a machine to use the device?

• Yes. A TAQ is required for this purchase.

I purchased this with my own money, I should be able to install it on my machine.

• No. Personally purchased software is not allowed on UNT managed devices.

I want to use a short trial to determine if the software would meet my needs, do I really have to do a TAQ for that?

• Yes. See if the vendor can provide a testing environment for you, but if you want to test it on UNT assets it must go through compliance first.

I purchased the software before, this is just a renewal of the license. Do I really need to do a new TAQ?

• Yes. Any renewals on previously purchased software, regardless of it getting approval in the past, must go through a new TAQ.

I got the TAQ approved, can I use it now?

• Yes. Install/Use the software by calling the Service Desk if you need administrator credentials to complete installation.

I just want to listen to music while I am working… can I just install Spotify?

• No. Any software installation on UNT requires a TAQ. Using a web-based software for any work purpose requires a TAQ, but using a web-based application for personal use (spotify in browser, youtube, etc.) should be fine as long as you do not use UNT email/usernames.

I want to install an extension for another, already approved application. This extension is minor and just checks my grammar. Does that require a TAQ?

• Yes. Any extensions or 3rd party add-ons to supported software require a TAQ.

This software was made by researchers at another institution for my field. It's free and open source when used for educational purposes. Do I need a TAQ?

• Yes. All software requires a TAQ, regardless of cost, accessibility of source-code, or the individual(s) who created it.

I accidentally bought software without getting it approved, can I just use it anyway?

• No. You must return the purchase and if you can't, you are not allowed to use it until it is approved by IT Compliance. Using unapproved software that was acquired after TAQ implementation (Jan 1, 2018) is a violation of UNT Policy.

I don't agree with IT Compliance's decision to deny my software, who can I speak with?

• If not already in conversation with a senior member of Academic Technologies, email us at AT@unt.edu with as much information as possible for us to understand the situation to ensure we are able to assist in the matter.
• It is not guaranteed that we will be able to do anything, and you may have to accept looking for another product to achieve your goals.

I want to buy a piece of hardware, does that require a TAQ?

• Maybe. A TAQ is only required if the hardware requires a custom piece of software that is provided by the vendor or needs to be purchased separately. If the hardware is 'plug and play' or simply has a driver that needs to be installed, it does not require a TAQ. Ask us if you're unsure by emailing us at AT@unt.edu.

I pay for web-hosting for a website that is not managed by my local IT or other UNT web services, do I need to submit a TAQ when I need to renew?

• Yes. Depending on what the website is being used for, it may require additional compliance oversight and you must provide full details to make sure all compliance needs are met.

I want to use a fully online piece of software for UNT work (research, administrative, etc.), do I need a TAQ?

• Yes. Any use of a web-based software requires a TAQ if doing any form of work on it, even simply uploading sample data.

I pay for a website to host music or videos from my program, does that need a TAQ?

• Yes. This is data hosting and content delivery via the web, so needs to go through the TAQ process.

I looked at the TX-RAMP qualifications and I think that my web-based service/software is exempt. Can I go ahead and buy it?

• No. A TAQ is always required, even if it turns out that the product does not require any additional certifications or review.

The software I want was purchased already by someone (maybe even in my own department!), but it was purchased only for their use originally. Do I need to fill out a TAQ if I'm going to be doing the same thing as them?

• Yes. Each use-case of each software may have unique compliance concerns, so any new acquisitions of the software at UNT require a new TAQ.