VII:01:05 Purchasing Computer-Related Hardware and Software Policy

I. Purpose

This policy provides guidance on the acquisition of computer hardware and software resources for all Volunteer State Community College locations. Compliance with this policy ensures safe and legal use of hardware and software at Vol State locations to mitigate cyber threats and vulnerabilities in Vol State computer systems and IT resources.

II. Definitions

For the purposes of this policy, the following definitions shall apply:

  1. Hardware – the physical components that are supportive of a computer system, including tangible items such as the central processing unit, memory (RAM), storage devices, input devices, output devices, networking equipment (switches, firewalls, routers, etc.), and physical multi-factor authentication (MFA) tokens.
  2. Information Technology Resources – all Volunteer State Community College information technology hardware assets, software assets, computing systems, networks, network components, facilities, services, data, and information, regardless of location, provider, management, medium, or how the resource is provided/delivered, that exists for the purpose of conducting business or academic activities. This includes, but is not limited to, computers, servers, mobile devices, email systems, internet access, cloud-based applications, databases, and any associated peripherals or support services.
  3. Software – the computer programs, procedures, and associated documentation and data that instruct computer hardware to perform specific tasks. This includes, but is not limited to, operating systems, applications, utilities, and any digital code used to operate computer systems and devices.

III. Policy

  1. The Vol State Chief Information Officer (CIO), or a budget unit head who has been authorized by the CIO, shall review all purchase requests issued for computer-related hardware or software. This review is to ensure hardware and/or software compatibility, to inspect licensing requirements, check budget restraints, and ensure inventory control.
  2. When Vol State receives the purchased hardware/software and it has been processed by Central Receiving, it will be delivered to the IT Department for inspection, inventory, and labeling. Where applicable, IT personnel will install the hardware/software in the requesting user’s department.
  3. All major IT projects and purchases shall be included in the Vol State IT Plan, which is managed by the CIO, or the CIO’s designee. Major IT project requests that are not included in the IT Plan may be postponed until they are added to the Plan, discussed, and approved. This process will cause a delay in the major project’s implementation.
  4. Purchasing unauthorized hardware and attempting to connect it to the Vol State network or other IT resources, and/or installing unauthorized software on computer systems and IT resources, is strictly prohibited. These activities can lead to potential system failures, system degradation, data breach, and/or malware. Unauthorized installations also place Vol State and its staff/faculty at risk for civil and criminal action, which may result in punitive measures for all involved parties. Both civil and criminal penalties may carry fines, jail time, or both.
  5. The Chief Information Officer (CIO) or their designee has the final authority to interpret the terms of this policy. The CIO or their designee may grant exceptions to this policy, in writing, based on an evaluation of the risks versus the benefits.

 

TBR Source: none.

VSCC Source: September 1, 1993, President’s Cabinet; November 1, 1997, President’s Cabinet; February 29, 2008, President’s Cabinet; June 11, 2025, President’s Cabinet