Checklist for New Information Systems & Services
Hamilton College regularly licenses software and services to store and manipulate data in support of college activities. In order to fully evaluate systems and services and associated costs, and assure that the providers comply with information security, accessibility and legal requirements, we developed the following checklist.
Anyone considering the purchase of such software or services should contact the VP for Libraries and Information Technology (jshelley@hamilton.edu) or the Director, Enterprise Information Systems (msprague@hamilton.edu) to assure the steps are followed.
When submitting a request for a new software or service, there is one question then four parts.
The Enterprise Information Commitee’s Governance page includes scenarios that require involvement of the Committee. If it doesn’t rise to the level of EIC involvement, it still needs to go through the process outlined below.
- Needs Analysis (Department, LITS)
- Understand business needs
- What problem are you trying to solve?
- How do you currently perform tasks?
- What works well and needs to be preserved?
- What don't you have the functionality to do?
- Are policies and procedures being reviewed/changed? E.g., will the problem remain after the new software is put into place due to policies and procedures that did not change?
- Will the changes affect other offices? How are you planning to include them early on in the process?
- Is the business process being reviewed/changed?
- Evaluation of alternatives and new software (Department, LITS)
- Evaluate existing systems that could be used to build a solution (Department, LITS)
- Evaluate new candidates using your needs assessment (must have, nice to have, not important) (Department, LITS)
- Analyze integration with existing systems (LITS)
- Data Governance
- Any new system on campus will not be connected with existing systems until the data is governed.
- Budget approval (VPAF, VPLITS)
- Negotiate pricing - check different vendors, check consortium arrangements (Department, Administrative (Auxiliary) Services, LITS)
- Determine costs (one time purchase, implementation, training, and ongoing)
- Analyze necessary resources to provide ongoing support (Administrative (Auxiliary) Services, LITS or contract), and who will provide and manage them
- Determine personnel impact
- Compliance (this can take four (4) - eight (8) weeks to complete)
- Assess vendor compliance with information security standards (LITS - Director of Information Security & Privacy)
- Assess vendor compliance with accessibility standards (LITS - Director of Information Security & Privacy)
- Ask vendor for their Voluntary Product Accessibility Template (VPAT)
- Obtain PCI attestation if credit card payments are involved (LITS - Director of Information Security & Privacy)
- Perform internal contract review (Administrative (Auxiliary) Services)
- Perform external legal review (if deemed necessary based on risk) (Bond, Schoeneck & King)
- Assess compliance with institutional graphic standards (Communications)
- The contract will be signed by the Vice President for Libraries and Information Technology or another member of Senior Staff.
- Develop an implementation plan with a focus on identifying timelines, resources, and communication - (include resource commitments from Department and LITS)
- Begin implementation
- Complete implementation and communicate to campus
How much care and feeding will the new system or service require after the initial implementation is complete?
