Skip redundant pieces
 

Working with Vendor Systems

Principle

Departments contracting with technology vendors to provide information technology services or applications must work with Information Resources to ensure security standards are met and appropriate levels of support have been defined.

Definition

Vendor system: a locally-hosted software application, with or without associated hardware, acquired from commercial, open-source, or other non-KUMC source

Purpose

The purpose of this policy is to minimize the risk associated with the introduction of new vendor systems into the KUMC information technology infrastructure and to assure adequate support for the successful implementation and operation of such systems.

Groups covered

All KUMC faculty, staff, and students.

Procedures

To be connected to the KUMC network, including connectivity for web-based accessibility, implementations of vendor systems must follow these practices:

  1. KUMC Information Resources should be involved prior to system acquisition to provide guidance in selecting vendors and products that will work in the existing KUMC web environment.
  2. Any application to be hosted on KUMC's production web servers will be loaded and tested on the IR-managed testing environment prior to being installed on production servers.  IR staff will assist in this process.
  3. All applications must be entered into the Central Application Database.  All servers used to host applications must be certified by KUMC Information Security and entered into the Central Server Database.
  4. All security policies and protocols of the Department of Information Resources must be adhered to.
  5. Departments should assign one or more staff as Application Administrator(s) to manage the day-to-day activities associated with the application and a point-of-contact for working with IR on on-going technical activities including loading patches/updates, backup recovery, and configuration.
  6. Departments should budget for ongoing technical support of the system through either a maintenance agreement with the vendor or a Service Level Agreement with Information Resources.

Enforcement

Systems not in compliance will be disconnected from the network or disabled.

Contact information

For information on this policy, please contact:

Jameson Watkins     
Director of Internet Development
Department of Information Resources
University of Kansas Medical Center
4021 Taylor, 3901 Rainbow Blvd
Kansas City, Kansas 66160
(913) 588-7387

Jim Bingham
Associate Vice Chancellor for Information Resources
Chief Information Officer
University of Kansas Medical Center
1018 Taylor, 3901 Rainbow Blvd
Kansas City, Kansas 66160
(913) 588-7300

     Last modified: Dec 21, 2011