UA Software Request Process

Purchasing Software Overview

The Software Request Process

Frequently Asked Questions

Give Feedback

Helpful Resources

Software Procurement Change Log

 

Purchasing Software: Overview

 

UA has implemented a system-wide software review process in response to increased regulatory obligations relating to software and third party vendor risk management.  

 

To see an overview of the full process, please read the Step-By Step Guide (Document). To access this, you need to be logged into your UA google account.

 

Do you have questions about this process? Please visit our FAQ or contact us at ua-oit-grc@alaska.edu

 

 

The Process For Requesting Software

  Submit A Request
Submit your request through the Software Request Form. Make sure your request is as thorough and detailed as possible. Once the request is submitted, it will be reviewed by the applicable review groups.

Software Requests
  Wait & Watch TDX
Once your request is submitted, wait for it to be reviewed by the appropriate groups. Keep an eye on your ticket - if review groups need more information, the requestor will be contacted.

Learn About TDX
  Use Your Software
Once your software request is reviewed, if it is approved, you can go on to procure and use your new software for the intended use case.  The approval is for the business use case only. 

Learn About Requests

 

Software Details

 

Defined Exclusion List

In general, anything that is on the restricted purchase list in the ProCard Manual needs to be reviewed. Some exceptions have other Procurement Waiver requirements that are not addressed through this process such as copyright evaluations. Please contact Procurement at ua-card-main@alaska.edu if you need assistance. 

Defined Exclusions:

  • Stock photo services (iPhoto, Shutterstock, etc)
  • Web hosting and design services (Web907, Wordpress, GoDaddy etc.) 
    • May require a separate review outside of the Software Request process -  see above​
    • UAA has specific guidelines for web pages; please visit their site for more information
  • Subscriptions to newspapers, journals, and streaming services (Spotify, Newsminer, Reuters, Westlaw, etc.)
    • Review required if streaming services prohibit classroom use or public display of content. 
  • Memberships in professional organizations (NACUBO, NCURA, etc.)
  • Network Hardware (Starlink, communication equipment, cellular services)
  • Firmware/Drivers/Operating Systems
  • Online training (LinkedIn Learning, Pluralsight, etc.)
    • Must NOT collect more than username/password
  • Data files, records, or database access
Software Register

The Software Register is used to search for products that have already gone through the review and approval process. Even if a software is listed you still need to answer questions relating to the business use case and assign a Contract Administrator. 

Software Register

_______________________________________________________________________________

Documentation

Some requests may need additional documentation. If you are requesting a software that is not in the Register, please work to locate the following documents: 

  • Attestation of WCAG compliance for accessibility, usually found in a Voluntary Product Accessibility Template document. 
  • For foreign vendors (Tax Related), either the W8-BEN-E or a W-9. These documents relate to our regulatory requirement to address foreign tax witholding. See bottom of page for more information. 
  • For foreign vendors (Export Control Screening) please fill out these forms for us to evaluate the export control, embargo, and trade sanction laws and regulations for the requested product.

 

Frequently Asked Questions

The university is obligated to review software to ensure its quality, security, and effectiveness in meeting the educational needs of students, staff,  and faculty. This review process is crucial to protect the integrity of academic work, safeguard personal and institutional data, and promote an efficient and productive learning environment. Furthermore, it ensures that the software aligns with the university’s mission and values, complies with legal and ethical standards, and provides equitable access and usability for all users. 

At this time we are not evaluating device drivers or device firmware.   

 

Currently all software requests must be reviewed. However, we are working to eliminate this requirement in an upcoming version. 

 

No, only those individuals named in the request will have access.

 

We are not currently monitoring the version of the software. Automatic updates are preferred because this is how the software developer improves their product and it's security. However, if you are aware of significant changes to its terms and conditions or its privacy policy, please notify your help desk.

 


For the purposes of this review process, we are concerned with the following types of software:

 

Application Software:  Application software is typically installed on your device. Examples of application software could be products such as AutoCAD, and Adobe Photoshop.


Software as a Service (SaaS):  Software as a service (SaaS) allows users to connect to and use cloud-based apps over the Internet, typically in a “pay as you go” model. Examples include Asana, Slack, and Salesforce.

 

Current review groups that review every product:

  •  Accessibility Review
  • Contract/EULA/T&C Review 
  • IT Risk & Compliance Review

Current review groups that review only those products identified as containing sensitive data: 

  • Data Export Control Review
  • Intellectual Property Review 
  • IRB/Human Subject Review
  • Foreign Company/Tax
  • PCI-DSS Point of Sale Review

Follow the steps outlined in this KB Article.

If you're adding licenses to the same request, or 'true-upping' a product then an additional review is not necessary. The key to this is ensuring that the business use case, the department, or the contract language for the software has not changed from the original request. If it has changed significantly, a new request form will need to be submitted.

Yes, freeware and open source software need to be reviewed just the same as purchased software.

Once your request is approved, you will purchase the approved software. Then, you will need to contact the helpdesk to get your software installed. When you contact the helpdesk, please have your ticket number from the software request ready.

 

 

We Want To Hear From You!

 

Have you used the new software procurement process? Please fill out our feedback form!

 

If you still have questions, please email us at ua-oit-grc@alaska.edu 

 

 

Provide Feedback!

 

 

 

Helpful Resources for Software Procurement                                                

 

Software procurement is regulated by both OIT ISA and UA Procurement.

Procurement resources that impact software procurement:

Procurement Website

ProCard Program

Regulatory resources and policies that impact software procurement are:

Board of Regents Chapter VI - Procurement and Supply Management

UA Accounting and Administrative Manual Section 400: Information Technology

Useful KB Articles for software procurement:

View your Tickets in the Service Portal

Software Request

Best Practices related to software procurement are as follows:

    • Clearly describe the business use case. Why are you needing THIS particular software vs any other?

    • Clearly describe the type of information you'll be giving the software such as names, birthdays, grades, research data etc.

    • Ensure the contract administrator understands the role they're accepting. 

Change Log - Current Version: 4.0 - Released 8/1/2025

 

Since its inception in December 2022, this process has gone through several revisions based on your feedback. 

Major Changes: 

  • Introduces the 'Short Form' which is for software products that have already gone through a complete review.
  • Eliminates extraneous fields in the Short Form
  • Creates a method to capture responsibility for the product without delaying the review. 

 

See Completed Change Logs here:

  • Creates a 'Short Form' for software that has already been reviewed. 
  • Ensures the 'Long Form' still applies to software new to UA. 
  • Removes department approver as identified by user feedback as redundant. 
  • Replaces the software 'Catalog' with a software 'Register'. 
  • Ensures the new Software Register is updated weekly to reflect new request activity. 
  • Adds Approval Date to final approval .pdf

  • A new notification has been sent to everyone in the ticket letting them know that the review has moved from the department review stage to the formal Risk & Compliance review.

  • The export control form has been replaced by a series of questions. This removes the need for a separate form.

  • PCI Compliance reviews have been streamlined.

  • An exception list has been created and can be found in the FAQ's.

  • Ticket Creator will get push notifications now.

  • Dept approver is OPTIONAL but if you put a person in there -then the field becomes REQUIRED - repercussions are if they don't answer or deny its a automatic ticket cancellation - the approver gets 3 total notifications before the ticket is automatically cancelled.

  • Reminder notifications added

  • Reviewer groups will be reminded daily to fulfill their duties

  • Requestor will be reminded every 2 days for 2 days so 3 notifications total

  • CA gets a separate notification with a pdf of their signed CA acknowledgement

  • Notification step included between dept approver and before the SLA application - notifying them that it's progressed to the Service Desk review.

  • SLA Clarification - 10 business days for all reviews- recognizes UA holidays and weekends, SLA starts AFTER the dept has responded. Depts have 5 days to respond. 

  • Reviewers are notified every 2 days for unreviewed software

  • Dept approver, creator, requestor and contacts are notified the software is denied.

  • Improve responsiveness of "Department Review" stage
  • Update Software Exception Choice Notification
  • Improve logic for copying "Comments" and translating HTML <br> tags to paragraphs.
  • Procard field changes
  • Increase visibility of approval comments
  • Fix bug when canceling tickets due to no response from department
  • SLA Applied to Ticket
  • Software Renewal Terms
  • MAU Service Desktop Routing
  • changed auto cancellation times
  • changed workflow timing
  • Form issued to procurement
  • Message for out of office set
  • User Survey attached to ticket
  • added notification to IT service desk to validate the dept instead of cancelling the ticket
W-8BEN-E (For Foreign Entities)
Who uses it?
  • Foreign companies or organizations (not individuals) that receive payments from U.S. sources.
Why is it needed?
  • To tell the IRS:
    • “We are a foreign entity.”
    • “Here’s our tax status.”
    • “We may qualify for reduced U.S. tax withholding under a tax treaty.”
When is it used?
  • When a U.S. company pays a foreign entity for services or income.
  • Especially when the services are performed outside the U.S. (called Non-U.S. Source Income).
What happens without it?
  • The U.S. may withhold 30% of the payment for taxes.

W-9 (For U.S. Persons or Entities)
Who uses it?
  • U.S. citizens, residents, or U.S.-based companies.
Why is it needed?
  • To provide a Taxpayer Identification Number (TIN) to the payer (like a business or client) so they can report payments to the IRS.
When is it used?
  • When a U.S. person or business is paid by another U.S. entity.
  • Common for freelancers, vendors, or contractors.