General University Policies Manual
Effective: April 3, 2014
This policy defines when an employee may accept a license on behalf of the University, and when additional review is required. The technology licenses addressed by this policy include:
- Software (operating system, applications, drivers, firmware)
- Services (including computing, storage, internet access, and applications) (collectively, “Licensed Technology”)
It applies to all Oregon State University employees using University-owned equipment and/or University-purchased software and services.
Classes of licenses:
There are four classes of licenses:
1) General OSU Licenses. These are Master OSU Technology Licenses with general applicability, procured by the University and made widely available. (Examples include Microsoft and Google.) These software and services may be made available through University websites, or may be installed directly by Information Services.
- In entering into these agreements, Procurement, Contracts and Materials Management (PCMM) will consult with Information Services (IS) and the Office of General Counsel (OGC).
- Employees (end users) are authorized to click on-screen license agreements for installation, updates, and patches.
2) Department-Specific Licenses. These are software and services with specialized functionality, intended for limited use in departments.
- Technology Licenses will be entered into by PCMM for use by specific unit/person/research group within OSU. PCMM retains signature and decision-making authority for the contract. Business decision resides with the unit/person using the technology.
- PCMM may authorize click-through of technology for upgrades and updates.
3) Employee-Licensed Technology. These are licenses intended for an individual’s use to conduct University business. OSU will defend and indemnify an employee if the employee followed OSU guidance in procuring and using the Licensed Technology. Acceptable use of employee-licensed technology is described below.
4) Individually-Licensed Technology. These are any other license not fitting into the above. Employee is acting in his/her individual capacity and will not be defended or indemnified in the event of a dispute.
Authorization and Acceptable Use of Employee Licensed Technology
Subject to OSU’s generally applicable requirements for defense and indemnity of employees, OSU will defend and indemnify an employee under an Employee-Licensed Technology license if:
1) The procurement and use of the Licensed Technology complies with this Policy and all other OSU rules and policies, including without limitation OSU’s procurement rules and policies. If the Licensed Technology falls within a category that, under OSU’s procurement rules and policies, must be procured under a specific process, the Licensed Technology may only be procured consistent with those rules and policies. Other relevant policies include:
- Acceptable use of University Computing Resources
- Acceptable use of University Information
2) OSU has not prohibited use of the Licensed Technology
Oregon State University may specifically prohibit use of certain software on University owned machines and/or while conducting University business.
Additionally, supervisors may further restrict use of software or online services on University-owned computing devices or while conducting University business.
3) Employee has determined there is no OSU Master Technology License for same Licensed Technology.
4) Employee uses the Licensed Technology as part of his/her work at OSU, i.e. technology is licensed with reasonable intent to serve OSU.
5) Employee reviews license, ascertain terms of license and makes reasonable steps to comply.
6) If University Data or Records will be hosted by, shared with or transferred to a third party under the Licensed Technology, the employee must determine what kind of University Data or Records could be hosted or shared under the employee’s use and proceed accordingly. The following policies define acceptable use and handling of University data and information:
- Information Security Policy and Procedures Manual, Section 204: Use of Third-Party/Non-OSU Services
- Information Security Policy and Procedures Manual, Section 202: Classification Standards