The purpose of this policy is to ensure that the University meets its legal requirements for software procurement, use and renewal. It is also intended that this policy will lead to increased awareness and availability of software, as well as increase the ability of the University to control costs associated with software support and licencing.
The policy applies to any staff or students involved in the specification, acquisition, installation, use and maintenance of software and all software used whether purchased outright, renewed / leased, hosted via a third party (Software as a Service or SaaS), shareware or freeware. The policy also applies to all types of software including operating systems and applications.
Software should be purchased in accordance with university purchasing procedures ensuring that the correct type and number of licenses are being purchased. IT staff should be consulted to discuss any existing availability of the software on campus, support requirements for licensing and deployment / installation of the software as well as regular security patching. To assist with this, IT Services will develop a software library visible campus wide with details of known packages including how to obtain them.
Compliance and monitoring
Due to requirements placed on the institution to monitor and report on software installations and use, all university owned computers may be required to have software installed to report on software usage. This is irrespective of the machine being on a managed service or not. Over time it is anticipated that monitoring software usage will allow us to reduce software costs by only renewing licenses that are required.
Central adoption of software
In order to save money by reducing duplication, pooling of licenses and having better campus wide visibility of available software prior to purchase, IT Services will look to adopt packages in use in multiple schools or Professional Services. Each package will be considered on a case by case basis based on costs, usage and possible overlap with other similar packages.
Initially, a package should be used in 4 schools or Professional Services for consideration, though this does not guarantee adoption if the usage is minimal and the cost of a campus style license (for example) is far higher than current ad-hoc licenses. Requests for adoption will be considered by The IT Operations Group.
Permitted use of software
Many University licenses are restricted in their use, for example, teaching only, teaching and non-commercial research etc. It is highly unlikely licenses will cover consultancy or commercial training, but in all cases, the staff or students using a package should confirm the licenses cover their use. If in doubt, please contact IT Services.
Departing staff or students
When staff or students leave the University, any University software entitlements for software installed on computers they own cease, so all such software must be immediately removed.
Deans or heads of professional services are responsible for ensuring that all software used within the department / school, and stored on computers for which the department / school is responsible for has been properly obtained and is being used within the terms of the software licence. For each item of software managed by a department / school, they should ensure that adequate records are kept about the software, such as:
- The name, platform, and version number of the software
- The number of copies purchased
- The date purchased and purchase order reference
- The location of the software licences (if a paper licence was issued)
- The location of the installation media, installation codes and documentation
- Any restrictions on the licensed use of the software
- Date of renewal
These details should also be passed to IT Services who will maintain a central record.
- Use of illegal software, using software for illegal activities or using software outside of licensing terms will be dealt with in line with the University’s Acceptable Use Policy (AUP)
- Use of software, which tests or attempts to break University systems or network security, is prohibited unless the Director of IT Services has been notified and given authorisation
- Use of software, which causes operational problems that inconvenience others, or which makes demands on resources that are excessive or cannot be justified, may be prohibited or regulated
- Software found on University systems, which incorporates malware of any type, is liable to automated or manual removal or deactivation
- Use of software that monitors the activities of other people is subject to regulation
- Unless explicitly included in software terms, it should be assumed that use for commercial research, commercial training or consultancy are not permitted using academic licenses
- Software found that is not licence compliant must be brought into compliance promptly or uninstalled
- Software that is known to be causing a serious security problem, which cannot be adequately mitigated, should be removed from service
- Operating systems and application software must not be abandoned or otherwise left unmaintained for extended periods. Systems and application software that are no longer required should be decommissioned
- When decommissioning a computer system for disposal or re-use, appropriate measures must be taken in relation to any software and data stored on it. Software must be removed where not doing so could lead to breaking the terms of it licence
Breach of Policy
Staff or students who breach this policy will find themselves subject to the University's disciplinary procedures. In particular, students should familiarise themselves with the University's Ordinance XVII, Conduct and Discipline of Students. The Director of IT Services, as well as an individual's department or the Chief Operating Officer, may take such disciplinary action. Individuals may also be subject to criminal proceedings. The University reserves its right to take legal action against individuals who cause it to be involved in legal proceedings as a result of their violation of licensing agreements and / or other contraventions of this policy.