Checklist for New Information Systems & Services
Hamilton College regularly licenses software and services to store and manipulate data in support of college activities. In order to fully evaluate systems and services and associated costs, and assure that the providers comply with information security, accessibility and legal requirements, we developed the following checklist.
Anyone considering the purchase of such software or services should contact the VP for Libraries and Information Technology (x4566) or the Director, Enterprise Information Systems (x4164) to assure the steps are followed.
Parties involved are indicated in parentheses ( ).
- Needs Analysis (Department, LITS)
- Understand business needs
- What problem are you trying to solve?
- How do you currently perform tasks?
- What works well and needs to be preserved?
- What don't you have the functionality to do?
- Are policies and procedures being reviewed/changed? E.g., will the problem remain after the new software is put into place due to policies and procedures that did not change?
- Will the changes affect other offices? Do you plan to include them early on in the process?
- Is the business process being reviewed/changed?
- Evaluation of alternatives and new software (Department, LITS)
- Evaluate existing systems that could be used to build a solution (Department, LITS)
- Evaluate new candidates using your needs assessment (must have, nice to have, not important) (Department, LITS)
- Analyze integration with existing systems (LITS)
- Budget approval (VPAF, VPLIT)
- Negotiate pricing - check different vendors, check consortium arrangements (Department, LITS)
- Determine costs (one time purchase, implementation, training, and ongoing)
- Analyze necessary resources to provide ongoing support (LITS or contract), and who will provide and manage them
- Determine personnel impact
- Compliance (this can take 2-4 weeks to complete)
- Assess vendor compliance with information security standards (LITS, GreyCastle)
- Assess vendor compliance with accessibility standards (LITS)
- Ask vendor for their Voluntary Product Accessibility Template (VPAT)
- Obtain PCI attestation if credit card payments are involved (LITS, GreyCastle)
- Perform internal contract review (Cornish)
- Perform external legal review (if deemed necessary based on risk) (BSK)
- Assess compliance with institutional graphic standards (Communications)
- Develop an implementation plan with a focus on identifying timelines, resources, and communication - (include resource commitments from Department and LITS)
- Begin implementation
- Complete implementation and communicate to campus