Information technology resources

These pages provide critical information for all college employees with regard to technology policies, resources, security and computer hardware and software purchasing requirements. It is the responsibility of unit leadership to ensure compliance and to clearly communicate  this information to all unit employees.

Technology and security standards

University

ASU’s University Technology Office and Information Security Office maintain a website documenting all university policies, standards and guidelines related to technology. Visit GetProtected to view details:

Policies  |  Standards  |  Guidelines

The College of Liberal Arts and Sciences

The College has its own subset of technology standards, purchasing and support policies specific to our faculty, staff and students.

Vulnerability management and remediation

The College works closely with its units and Enterprise Technology IT Risk Management to ensure network endpoint and web application vulnerabilities are identified and remediated promptly. The College information security team works directly with asset owners to guide them through the process. We follow the communication and escalation procedures below to ensure vulnerabilities are consistently progressing toward a state of remediation in the specified timeframes.

Asset owner notification and escalation protocol:

  • The ServiceNow vulnerability module alert system or The College information security team contacts the asset owner.
  • Information security team member's second attempt. This attempt includes The College technology lead.
  • The technology lead contacts the asset owner.
  • The technology lead escalates the communications to include the unit chair/director.
  • The technology lead escalates the communications to include The College's accountable administrator (the dean).

Computer Standards

The College of Liberal Arts and Sciences has adopted computer standards covering  hardware (e.g., laptops, desktops, monitors, tablets, etc.) and software. Standardization improves overall support, efficiency and security compliance while reducing initial purchase and long-term support costs.

The College limits hardware purchases to specific Dell, Apple, Microsoft and Android devices. These devices comply with university security policies and are available through ASU’s official purchasing portals.

In limited, special circumstances, exceptions may be granted. Exceptions will be escalated through a unit’s primary technical contact to the appropriate level of review (e.g., IT lead, director, chair) and may require additional approval by the Dean’s Office and the ISO. Considerations include:

  • Technical requirements (e.g., specialized lab equipment)
  • Security risks and requirements
  • Initial costs and proof of long-term, sustainable support plan

Purchasing

All technology purchases (hardware and software) must originate from a unit's business office or business manager. In addition, these purchases must be reviewed by the unit's designated technical lead before purchase. This process ensures hardware and software security compliance, proper warranty coverage and inventory control. It also prevents costly mistakes when purchasing individual licenses for a product the university or college already owns at an enterprise level.

Initiating a purchase

Security reviews
The College's internal security review process has been retired. To request a security review, please review the requirements below first.

The following standard hardware items no longer need a security review:

  • general-purpose computers and devices:
    • desktops, laptops, tablets
  • peripherals
    • monitors, keyboards, mice
  • adapters
    • cables, dongles, misc. connectors

Timeframes for security reviews

  • Department security review:
    • Please plan for a minimum of ten business days to complete a department security review.
  • ISO review:
    • ISO reviews generally take longer than department reviews, given the additional requirements and potential integrations. Vendors are often required to provide detailed documentation as well, which can slow down the process.

Exceptions
Hardware purchases exceeding $5000 per individual device (i.e., an individual desktop, laptop or storage device) may be destined for use as a server or network storage device. In these situations, a security review must be requested.

All other items should be considered nonstandard and must undergo review. Initiate the security review process here.

FMS/Workday
Workday now includes a 'technology' requisition type. This requisition type should be selected for all technology goods or services (e.g., computers, hardware, software, software systems, software maintenance, telecommunications or other digital technology products.) For additional information and documentation, please visit this reference site.

Also, note the following purchasing policies for technology:

  • Employee reimbursements will not be issued for the purchase of computer hardware (e.g., laptops, desktops, monitors, tablets, etc.) or software.

  • PCard purchases

    • If I must make a technology purchase on a PCard, how does this new process impact me?

      • PCard usage for technology-related products and services is not the preferred procurement process. Any PCard usage for a technology-related purchase is subject to the security review requirements and exceptions noted in the above examples. These transactions must also adhere to the same review and approval processes to comply with university/college/unit policies. Transactions will be reviewed at the university level for compliance with these policies. The department must include all approvals, along with the security review documentation in the department's PCard verification documentation.

  • These policies apply to purchases on ALL sources of funds, including faculty start-up, IIA, and grants/contracts.

  • Windows systems connected to the ASU network and supported by UTO deskside will receive a standard drive image, join Active Directory and be centrally managed via SCCM.

  • Mac systems connected to the ASU network and supported by UTO deskside will receive a standard drive image and be centrally managed via Jamf Pro.

  • Mac systems requiring the option to run Windows must use a software solution such as Parallels rather than dual-boot solutions (e.g., BootCamp) to comply with encryption requirements.

Your department or school may have additional purchasing policies. Please check with your local business office for specifics unique to your area. For general questions about the security review or technology purchase process, please email TheCollege.IT.Security@asu.edu.

Computer refresh cycles

The College of Liberal Arts and Sciences expects all of its units to follow a three to five-year refresh cycle for standard-issue faculty and staff computer equipment. This ensures the following conditions are met:

  • Faculty and staff have access to reliable, efficient and secure systems for official ASU business.

  • Systems have warranty coverage during the majority of their service to ASU.

  • Technical compatibility and adequate system specifications to run current versions of enterprise software.

  • Minimal downtime due to repair and refurbishing of aging hardware.

All units are expected to have clearly defined funding models and a formal plan to cover costs on a yearly, rotating schedule. This helps avoid situations where large numbers of systems become obsolete simultaneously, creating burdens for both the financial and technical resources within a unit.

Inventory requirements

UTO deskside will assist departments in maintaining inventory/documentation regarding hardware and software including configuration, software and user information.

Off-campus use

Use of equipment off-campus requires completion of the Off-Campus Use of Equipment Authorization form. The signed, completed form will be kept in the parent unit’s business office.

Personal equipment

The College does not provide support for personally owned computer equipment. Tech Studios are located on all ASU campuses and provide direct support for systems owned by students, faculty or staff.

Support

Windows 7 end of support

Microsoft ends support for Windows 7 as of January 14, 2020. All systems running Windows 7 must be upgraded in advance of this date to avoid any lapse in system and security updates. Technical support teams within all college units are aware and currently working through this process.

UTO deskside

While many units are covered by a broad UTO deskside support agreement centrally managed by the college, some units maintain individual agreements with UTO or have internal technology support staff. Technology support models may differ between these units, but policies and requirements apply universally.

Internal support

Internal technical support teams (non-UTO deskside) are expected to maintain system inventories, ensure compliance with all university and college security policies and procedures and follow technology purchase review policies. The College will monitor and audit the practice and implementation of these policies.