Chapter 11 - Information Technology
Publication Date: April 4, 2023
Policy Reviewed Date: November 27, 2023
Policy Owner: VP for Information Technology
11.11 Software and Hardware Asset Management
I. POLICY STATEMENT
The University of Texas at San Antonio (UTSA) maintains hardware and software assets that are part of a comprehensive management process minimizing disruptions, optimizing costs, stewarding assets, and bringing best practices to the organization. Effective maintenance and support of assets provide longer life, higher employee productivity, backups, and increased data user satisfaction.
II. RATIONALE
A clearly defined set of procedures to maintain hardware and software assets is used to manage the Information Systems at UTSA. This policy is designed to support preventative and ongoing maintenance of UTSA Information Technology Resources.
III. SCOPE
This policy applies to all UTSA staff, faculty, and student workers that support and maintain UTSA Information Systems for the university, their department, college, or business unit.
IV. WEBSITE ADDRESS FOR THIS POLICY
http://www.utsa.edu/hop/chapter11/11.11.html
V. RELATED STATUTES, POLICIES, REQUIREMENTS OR STANDARDS
- Family Educational Rights and Privacy Act of 1974, as amended in 2000.
- Copyright Act of 1976, as amended.
- Foreign Corrupt Practices Act of 1977, as amendedin 1988.
- Computer Fraud and Abuse Act of 1986, as amended in 1996.
- Computer Security Act of 1987.
- The Health Insurance Portability and Accountability Act of 1996 as amended by the Health Information Technology for Economic and Clinical Health Act and the Privacy, Security and Breach Notification Regulations at 45 CFR §§ 160 and 164.
- USA Patriot Act of 2001.
- The Texas Public Information Act.
- Texas Government Code, Section 441.
- Texas Administrative Code section 202.
- Information Resource Management Act, Texas Government Code section 2054.075(b).
- Texas Penal Code, Chapters 33 and 33A.
- Texas Department of Information Resources Practices for Protecting Information Resources Assets.
- Texas Department of Information Resources Standards Review and Recommendations Publications.
- The University of Texas System (“UTS”) Information Resources Use and Security Policy 165.
- UTSA Student Code of Conduct and Judicial Procedures Sections 201, 202, 203.
- UTSA Handbook of Operating Procedures, Code of Ethics, Chapter 4.01.
- UTSA Information Technology Resource Security Standards.
- Texas Government Code section 2054.
VI. CONTACTS
If you have any questions about HOP policy 11.11, Software and Hardware Asset Management, contact the following offices:
- Office of Information Security
210-458-7974
informationsecurity@utsa.edu
- University Technology Solutions
210-458-4555
techcafe@utsa.edu
VII. DEFINITIONS
- Backup: Copy of files and applications made to avoid loss of data and facilitate recovery in the event of a system failure.
- Data: Information that is recorded - regardless of form or media – that is used to support the administrative, academic, or research departments of the university. Data may be saved or transmitted in hard copy (printed or written), digital/electronic (including video, audio, images), or any other format.
- Information System: An interconnected set of Information Technology Resources under the same direct management and control that shares common functionality. An Information System normally includes hardware, software, information, Data, applications, communications, and people.
- Information Technology Resources: The procedures, equipment, facilities, software, and Data (see item VII. B ) that are designed, built, operated, and maintained to create, collect, record, process, store, retrieve, display, and transmit information. This may include, but is not limited to, any and all computer printouts, online display devices, mass storage media, and all computer-related activities involving any device capable of receiving email, browsing websites, or otherwise capable of receiving, storing, managing, or transmitting Data including, but not limited to, mainframes, servers, personal computers, notebook computers, hand-held computers, mobile devices, pagers, distributed processing systems, network-attached and computer-controlled medical and laboratory equipment (e.g., embedded technology), telecommunication resources, network environments, telephones, fax machines, printers and hosted services.
- Server: A computer system that provides shared resources on the network (for example, Web server, print server, or file server). Departments and individuals may have their own servers. Responsibility for verifying compatibility with UTSA systems and supporting maintenance relies on the departments and individuals. If a computer is used as a server, the computer needs to be reviewed and approved by University Technology Solutions to be on the network. If the server is managed by University Technology Solutions on behalf of a department or individual, then any required and supporting maintenance would be handled by University Technology Solutions.
VIII. RESPONSIBILITIES
- None
IX. PROCEDURES
- General
- Service, maintenance, upgrades, and support shall be properly staffed and managed through Tech Cafe.
- Computer, Server, and Network Hardware
- UTSA University Technology Solutions shall ensure:
- All Information Technology Resources (includes desktops, laptops, servers, peripherals, and network hardware such as switches, routers, and firewalls) are covered by on-site warranty agreements with responsive times to meet business continuity needs.
- All desktops and laptops should be covered by an on-site 5-year warranty agreement when available.
- All desktops and laptops should be budgeted for replacement through the following schedule:
- Laptop Computers: Encompasses all laptop systems and includes all associated docking stations and monitors as a single unit. Replacement timeframe is Fiscal Year immediately after 5th year of use.
- Desktop workstation computers: Encompasses all desktop workstation computer systems and includes CPU and monitor as a single combined unit. Replacement timeframe is the Fiscal Year immediately after the 5th year of use.
- Defective items under warranty are repaired in a timely fashion.
- Repairs or surplus of equipment not covered under current warranty meet all state and UTSA protocols and procedures.
- All Information Technology Resources (includes desktops, laptops, servers, peripherals, and network hardware such as switches, routers, and firewalls) are covered by on-site warranty agreements with responsive times to meet business continuity needs.
- UTSA University Technology Solutions shall ensure:
- Information System and Application Software
- For this policy, Information Technology Resources (i.e., computer/server software shall include all UTSA:
- Operating systems, virtualization, firmware, and related software;
- All major and minor licensed applications such as general financials, student information systems, learning management systems, email, and related databases/interfaces;
- Office productivity software including spreadsheets, word processing, presentation and similar office software.;
- All research activities. Please see HOP Chapter 10 for additional references (https://www.utsa.edu/hop/chapter10/). Third-party utility and productivity applications such as Internet browsers, Adobe Acrobat Reader, media players, Flash Player and similar applications.;
- Security protection software such as firewalls, anti-malware and similar security software; and
- Utilities and other tools.
- For this policy, Information Technology Resources (i.e., computer/server software shall include all UTSA:
- A University Technology Solutions support shall
- Develop configuration standards for all Information Systems and Information Technology Resources that address all known security vulnerabilities and are consistent with industry-accepted definitions.
- Periodically update Information Systems configuration standards as new vulnerabilities are identified.
- Install and maintain the Information System and end-user software.
- Maintain appropriate software license records for compliance purposes.
- Fully test applications to ensure they are compatible with the run-on standard University of Texas at San Antonio hardware.
- Subscribe to vendor software maintenance programs where appropriate and applicable.
- Tune and analyze operational software configurations for optimum performance.
- Ensure software and Data are fully Backed Up in the event of a failure.
- University Technology Solutions support shall not back up, patch, or maintain any research-related software, data, and applications (i.e., microscope or other research equipment) that are not connected to the network.
- University Technology Solutions shall remove Information Technology Resources that do not meet standards and/or are deemed a security threat.
- Update critical Information System patches.
- Patches shall be tested before deployment to production environments.
X. SPECIAL INSTRUCTIONS FOR IMPLEMENTATION
None
XI. FORMS AND TOOLS/ONLINE PROCESSES
XII. APPENDIX
None
XIII. Dates Approved/Amended
04-04-2023 (New)