Software Licensing

All software installed or run on KUMC equipment must be licensed.  Each KU Medical Center department is responsible for assuring that the software running on all computers used by department employees is appropriately licensed.

Background
The proper licensing of software is both a legal requirement and an ethical imperative.
KU Medical Center licenses the use of computer software from a variety of outside companies. Unlike software developed by KU Medical Center employees, KU Medical Center does not own this licensed software or its related documentation and, unless authorized by the software developer, does not have the right to reproduce it except for backup purposes. Ordinarily a separate license must be purchased for each computer on which a software product is installed.

According to applicable copyright law, persons involved in the installation and operation of unlicensed software can be subject to civil damages and criminal penalties including fines and imprisonment. KU Medical Center does not condone the illegal duplication, installation, or operation of software.

Industry watchdog organizations may survey organizations for software license compliance and can assess substantial penalties for noncompliance.

Definitions

Freeware: software for which a license is provided without charge. Frequently the license is provided to select groups (home users, educational users, etc.) although some freeware is available to anyone.

Shareware: software for which a temporary license is provided without charge to use for evaluating the software. Virtually all such temporary licenses expire after a fixed period of time after which a standard license must be purchased.

Workstation license: the most common form of license associated with the use of a personal computer.  A typical workstation license enables a software application to be installed on one or two devices (for example, a desktop and a laptop) used by the same individual.

Site license: a license enabling the installation of a software product on computers throughout an organization, thus avoiding the need to license individual copies.  Specific terms of site licenses vary.

Concurrent use(r) license: a license that enables a set number of users to use a server-hosted application at the same time.  Typically those users must be associated with an organization or other functional entity.  For example, a KU Medical Center 10 concurrent user license might mean that any KUMC employee could use the software but no more than 10 could use it at the same time.

Named user license: a license permitting a specific individual to use a software application.  Relatively uncommon.

Note: license terms vary widely.  Read the license packaged with the software for specific information.

Procedures

KUMC provides site licenses for Microsoft Windows (desktop versions only, not server versions);  Microsoft Office Enterprise (Word, Excel, PowerPoint, Access, One-Note, InfoPath); GroupWise; and McAfee anti-virus and anti-malware. KUMC also requires that McAfee EndPoint Encryption be installed on all mobile PCs (including laptops, notebooks, tablets, and netbooks).

All other copyrighted software, including all commercial software, running on KUMC personal computers must be licensed. KUMC departments must be prepared to demonstrate licenses for all such software. Proof of purchase of a license is sufficient. The KUMC PeopleSoft Financial Purchasing module has been modified to allow KUMC departments to track all such purchases. In order to purchases any needed software license not covered by KUMC site licenses, KUMC department administrators can email our current State contracted software vendor for a license quote at kansas@shi.com.

No KU Medical Center employee should install, upload, download, or use any software without the informed approval of the Department Head. KU Medical Center employees who make, acquire, or use unlicensed copies of computer software are subject to disciplinary action including suspension or dismissal.

Each KU Medical Center employee who believes that unlicensed software is installed on equipment that he or she uses is responsible for advising the Department Head of that circumstance. Each department head that has reason to believe that unlicensed software is installed on any equipment operated or managed by department employees should either purchase appropriate licenses immediately, remove the software immediately, or consult with the Department of Information Resource's Director of Information Security to resolve the problem. Information Resource's Customer Support Unit (ext. 8-7995) can provide assistance in removing unlicensed software from desktop computers or servers.

At least every 3 years, the Department of Information Resources will perform an inventory of select software applications running on computers in University departments. The Department of Information Resources will provide each department with a listing of software identified in the inventory. Departments are responsible for matching inventory records with purchase records to assure that all software is appropriately licensed. To achieve compliance, departments will need to either purchase a license for, or discontinue using, each unlicensed application identified. Each department will sign a statement confirming that licenses have been identified for all software running in that department within 60 days of receipt of the inventory.

The Department of Information Resources can only perform software inventories on computers that are regularly connected to the network and meet University standards (http://www2.kumc.edu/ir/operationalprotocols/pc_standards.asp). Departments that choose to use non-standard equipment, including Macintosh computers, will need to inventory their own equipment and provide separate assurance of compliance. Departments will also need to inventory software on all computers not regularly connected to the network including stand-alone PCs, laptops and notebooks, handheld computers (PDAs), and University equipment installed at off-site locations including homes.

Related Links

Microsoft Campus Agreement

Contact Information

For information and clarification regarding this policy, please contact

Associate Vice Chancellor for Information Resources
Chief Information Officer
913.588.4900

Director of Information Security
913.588.0966

Approved: July 31, 2001.  Revised June 2, 2009