Software & License Management Policy
| Policy #: | LFC.ITS.19 |
| Date: | 11/1/2024 |
| Author: | LFC ITS |
| Version: | 1.0 |
| Status: | Approved |
OVERVIEW
The Lake Forest College Software & License Management Policy establishes a centralized approach to software acquisition and management, supporting a responsible and streamlined approach to technology use across departments while maintaining information security and regulatory compliance standards for the College.
1. PURPOSE
By centralizing the selection, purchase, and management of software, this policy seeks to prevent redundant acquisitions, protect license integrity, and safeguard data privacy and security. Additionally, the policy provides a framework for evaluating and procuring software that aligns with the College’s academic mission, enhances regulatory compliance, and helps negotiate vendor contracts that represent the College’s interests. By managing software centrally under Information Technology Services (ITS), the College avoids adopting tools unsuitable for an enterprise environment and strengthens compliance with technology procurement and vendor management standards.
2. SCOPE
This policy applies to all faculty, staff, students, contractors, and any other members of the College community involved in the acquisition, licensing, or use of software applications, services, or tools within the College's network and computing environment. This policy covers software utilized on any College-owned or -operated devices, including computers, mobile devices, and cloud-based services, regardless of funding source or intended use.
3. POLICY STATEMENTS
3.1 Approved Software: Only software applications and tools approved by ITS may be utilized in teaching, learning, or administrative activities at the College. Approved software undergoes a comprehensive review to ensure it is technically suitable for deployment and licensing in an enterprise environment while also meeting the security and compliance needs of the College.
3.2 Requests for New Software: Individuals or departments requesting new software must submit a ticket through the ITS service portal at least one semester in advance of the intended use, and ideally during the yearly budgeting process each spring. This timeframe allows ITS sufficient time to evaluate, test, and, if appropriate, deploy the requested software in a manner that aligns with the College's academic and operational schedule.
3.3 Software Procurement Process: All software purchases, licenses, and subscriptions shall be procured exclusively through ITS. Departments, faculty, and staff are prohibited from independently purchasing software, as this is a violation of the Technology Procurement & Vendor Management Policy. ITS will coordinate the procurement, vendor evaluation, compliance checks, and license tracking necessary for the software to meet institutional standards.
3.4 ITS Responsibilities in Software Procurement: ITS assesses vendors for their technical, and security practices and their products for suitability of compatibility, fleet deployment methods, license tracking, etc. as follows:
- 3.4.1 Vendor Evaluation: ITS will assess vendors’ security and data protection standards and ensure the software aligns with the College's operational needs and compliance requirements.
- 3.4.2 Product Evaluation: ITS will assess the software’s functionality, suitability, compatibility with College endpoints, servers, network, and other infrastructure as required, and ensure that it can be deployed centrally through existing ITS fleet management tools.
- 3.4.3 License Management: ITS will manage all licenses and subscriptions, tracking purchases, assignments, and renewals to prevent duplication of purchases and loss of license keys due to endpoint lifecycle replacements or employee turnover.
- 3.4.4 Access Control: ITS will implement access controls to safeguard data and ensure software use complies with access policies.
- 3.4.5 Deployment and Integration: ITS will perform any necessary integrations (e.g., Single Sign-On) to ensure access and user management standards are maintained, ensuring cybersecurity standards are practiced, administrative and technical safeguards are in place, and the College’s regulatory compliance status is not impacted negatively.
- 3.4.6 Annual Reviews: ITS will conduct ongoing vendor and software reviews at contract renewals to assess the security, performance, and continued suitability of licensed software.
- 3.4.7 Renewals: ITS will handle all renewal processes to ensure continuity and prevent lapses in service.
3.5 Ownership of Software Licenses: All software purchases or subscriptions procured with College funds remain the property of Lake Forest College, regardless of the funding source or department initiating the purchase. Software licenses are institutional assets, not individual possessions, and therefore cannot be transferred or assigned to individuals, even in cases involving grant funding.
3.6 Prohibition on free, trial, or personal software purchases: Trial versions of software, as well as personal or free-licensed software, pose unique security and compliance risks and generally lack the institutional support and oversight needed for deployment in a higher education environment. First, individual members of the College community cannot legally agree to a vendor's Terms of Use on behalf of the College, which creates risks of non-compliance and potential liability. Additionally, without a formal relationship between the College and the vendor, there is no contract in place to protect the College's data or interests, meaning the vendor has no obligation to honor requests related to data security, privacy, or service availability. Without a vetted security review, the College cannot assess the vendor's security practices or regulatory compliance, potentially exposing the College to vulnerabilities and non-compliance risks. Furthermore, trial or personal licenses often lack features needed for enterprise integration, such as single sign-on (SSO) and centralized access controls, complicating user management and introducing avoidable security gaps. For these reasons, the use of unapproved software is strictly prohibited within the College’s network and computing environment without written approval from the Vice President for Information Technology and Chief Information Officer as outlined in Section 3.7."
3.7 Exception Process: Exceptions to this policy require the written approval of the Vice President for Information Technology and Chief Information Officer. Requests for exceptions must be accompanied by a documented justification and will be evaluated on a case-by-case basis to ensure alignment with the College's goals and security standards.
RELATED POLICIES:
Document Control:
| Entry#: | Date | Version | Notes |
| 1 | 11/1/2024 | 1.0 | Original policy draft |
| 2 | 11/5/2024 | 1.0 | Submitted to LITS Advisory Committee for review |
| 3 | 11/21/2024 | 1.0 | Reviewed and approved by LITS Advisory Committee |
| 4 | 12/05/2024 | 1.0 | Reviewed and approved by LITS Advisory Committee |
| 5 | 12/05/2024 | 1.1 | Reviewed and approved by the Senior Leadership Team |
Information Technology Services
- Password
- Service Desk
- Students
- Faculty and Staff
- Guests and Visitors
-
Policies
- Academic Technology Policy
- Acceptable Use of E-Resources Policy
- AI and LLM Use Policy
- Change Management Policy
- Computing Device Lifecycle Policy
- Copyright, File Sharing, and DMCA Policy
- Data Privacy Policy
- Eligibility for Accounts Policy
- Email and Mass Communication Policy
- GLBA Compliance Policy
- Information Security Policy
- Password Policy
- Printing Policy
- Software & License Management Policy
- Technology Procurement and Vendor Management Policy
- Printing Services
- Meet Our Staff