HOW-TO - order software

Required steps for ordering software

Here are the basic steps to ordering software:

Submit the Lightweight Risk Assessment (LRA)
LRA Evaluation
Submitting the P-card forms or Reaction Purchase Request
- If requesting the software be purchased by P-Card
- If submitting a Purchase Request in Reaction

Submit the Lightweight Risk Assessment (LRA)

The first step in any software purchase or renewal is the Lightweight Risk Assessment (LRA). The LRA really needs to be filled out by the faculty or staff member requesting the software as there are many questions that other staff will not have answers for.

The LRA is something of a "choose your own adventure" form - the answers to the first few questions determine what questions are presented next.

You can add Jay Guelfi, (jeguelfi@illinois.edu) as the “person responsible for configuring, maintaining and updating this system/solution” (question 4 on the LRA) and/or as an “alternate University contact”. Jay can then get a copy through the CyberSecurity office if needed.

NOTE: Please DO NOT add scs-computing@illinois.edu - TDX (Tech Services' ticket system) and RT (SCS Computing's ticket system) do not play nicely.

After you submit the LRA form, you’ll receive an email from “GRC Survey” indicating that they’re received the Vendor Risk survey. At some point, you’ll likely also receive an email from servicereplies@uillinois.edu with a subject that contains a service request number and the words “Lightweight Risk Assessment”.

LRA Evaluation

Once the LRA is submitted, it is reviewed by the GRC (Governance, Risk and Compliance) team, a subset of the University's CyberSecurity Office. The GRC will determine what additional steps, if any, will be required before the purchase is allowed.

This review is an effort to ensure that student data (FERPA data) is adequately protected. They will get back to the faculty or staff member who submitted the request with their findings.

IMPORTANT NOTE: Per https://cybersecurity.illinois.edu/governance/, the GRC has 90 days to review the submitted LRA and provide written feedback. If a faster turnaround is needed, you can try emailing digitalrisk@illinois.edu to see if that's possible.

The GRC will reply to the ticket with any questions, and will update the ticket with their final report. When the final report is issued, the subject line will have the service request number and will end with “has been updated to Resolved”. Please note that each email from TDX (Tech Service's ticket system) will have slightly different subject lines, so if you view your email by “conversation”, the emails won’t be together. To see all of the emails, you'll need to search by ticket number.

Submitting the P-card forms or Reaction Purchase Request

Once the LRA has been reviewed and findings issued, the software and/or electronic service can be purchased either by a staff member with a P-card or by submitting a Purchase Request in Reaction.

If requesting the software be purchased by P-Card

You''ll need to forward the reviewed LRA to the staff member who will be placing the order.

The staff member will need to fill out the appropriate P-card request form and the P-card Exception Request form (link below), and send them to scs-computing@illinois.edu. Jay will review and sign the form (note: this step is supposed to go away soon). When the signed form is returned, both documents, along with the LRA, need to be forwarded to OBFS for approval.

P-card forms: https://www.busfin.uillinois.edu/bfpp/section-7-purchasing/7_6_the_university_purchasing_card__pcard_ - search for "computer software"

If submitting a Purchase Request in Reaction

Keywords:

software license licensing p-card purchase order electronic service

Doc ID:

108812

Owned by:

Jay G. in School of Chemical Sciences
UIUC

Created:

2021-02-02

Updated:

2025-04-23

Sites:

University of Illinois School of Chemical Sciences

0 0 Comment Suggest new doc Subscribe to changes