Tufts University has made substantial investments in information technology (IT) over the past few years. A significant portion of that investment has been directed towards rebuilding and modernizing our IT infrastructure. Technology Services is committed to the ongoing delivery of improvements to our infrastructure and to working with members of the Tufts community in their efforts to make full use of the technology that Technology Services supports.
Given Tufts' decentralized environment, schools and divisions are also deploying additional technologies to meet local needs. Some technologies involve the networking infrastructure while others operate in a standalone manner. It is vitally important that these local IT acquisitions work well and work in concert with the University's existing and planned IT environment. For example, a problematic local system can have a catastrophic effect on enterprise-wide network performance. In some cases a decision to acquire a specific technology without consulting others may result in an overlap in services, incompatible technologies, or an inefficient use of resources. With the highly competitive environment and challenges facing the University, making the most effective use of available resources is particularly critical. We all recognize that technology purchases need to be well-managed to ensure that investments are made in technologies that will remain viable and satisfy needs.
The questions below are intended to identify things you'll want to consider when contemplating a technology acquisition such as network equipment, software, a business application (including those provided via ASP services) or servers. Not all of the questions will apply to your particular planned acquisition. However, the questions are intended to help with identifying potential risks based on the size of the investment, how many people will be relying on it, and how critical it will become to supporting the ongoing business of Tufts University. Space for your notes is provided to the right of each question.
Further, in some instances, the University may already have resources in place or planned which would satisfy the business problem that your technology purchase is intended to address. If you have any concerns related to the questions provided or want to consult with people who make similar purchases or decisions every day, we have identified Technology Services resources with expertise in specific subject areas. These resources are committed to providing you with assistance with minimizing the cost, maximizing the effectiveness and enhancing integration with existing technology at Tufts. You are invited to contact them with any questions you have regarding a planned IT acquisition.
The questions listed below relate to the vendor's viability, reliability and ability to provide ongoing support for the purchased product(s).
- How long has the vendor been in business?
- What's the vendor's financial status? Are they publicly held?
- Does the vendor have other higher education customers for the product(s) being considered?
- How many customers have/use the product(s) under consideration?
- Will the vendor provide as references other customers using the products under consideration? Are any of these references from higher education?
- Has Tufts purchased other products from the same vendor? How successful were these purchases?
- How many developers and support people does the vendor have on staff?
- Does the vendor offer training or consulting services in support of the product(s) under consideration? Are there business partners or 3rd party companies offering these services?
- Does the vendor offer technical support (fixes for problems) for the product(s) under consideration? How many people are available to provide support? During what hours? In what form?
- Does the vendor continue to make improvements or enhancements to the product under consideration?
- Is there a user group for the product(s) under consideration? Is membership included with the purchase?
- Does the vendor sponsor a conference for the product(s) under consideration? Are any registrations included with the purchase?
- Is the product under consideration a core product for the vendor? What percentage of the vendor's business does it represent?
- If the vendor offers consulting services, what are the qualifications of those performing these services? Have references been consulted?
- Does the vendor offer implementation services or assistance? Is this included in the purchase price? If not, what's the cost of these services?
- How many people will be using the product?
- How important or integral will the purchase become to day-to-day processes?
The questions listed below are concerned with how well the contract reflects the agreed-upon business terms and how well it protects Tufts' interests.
- Does the vendor have a standard contract?
- Are the vendor's terms negotiable?
- Is there a provision protecting the use of Tufts' name?
- Does the contract provide for future changes to its terms?
- Does the contract clearly include all of the business terms that the salesperson has presented?
- What warranties does the contract offer?
- What are Tufts' options if the product doesn't deliver as promised?
- Does the contract include any sort of acceptance period?
- Does the contract use Massachusetts law or designate Massachusetts as the venue for disputes?
- Does the contract provide adequate protection for Tufts' confidential and sensitive information?
- If the product(s) under consideration include software, does the contract make it clear that the vendor has the right to license it? Can Tufts get a refund if the product is found to infringe?
- If the product(s) under consideration include software, is there any provision for getting a copy of the source code or placing source code in escrow? That is, can we obtain required versions of software if the vendor goes out of business or stops marketing the software for any reason?
- If the product(s) under consideration includes software, what kind of license is available? Perpetual? Annual? Does the scope of use specified in the license meet Tufts' needs?
- Is Tufts obligated to install upgrades to the product(s) under consideration? How frequently (on average) does the vendor release new versions?
- For how long is the manufacturer committed to supporting the product?
- Does the contract require Tufts to submit to audits? How frequently? How much notice is required? What are the penalties for non-compliance?
- Does the contract require that the vendor be granted remote access to the network/system? Are secure facilities available at Tufts to support this?
- Does the contract allow for Internet access to the product(s) under consideration?
- Will the vendor add any price protection guarantees for future purchases?
- Are there acceptable limitations on who may use or benefit from the product?
- Are there acceptable limitations on how the product may be used? (E.g., May it only be used for conducting university business or only by Tufts' personnel?)
- Are vendor limitations on duplicating or taking back-ups of the application/software acceptable?
- Are vendor limitations on duplicating documentation acceptable?
- Does the vendor permit electronic distribution of documentation or software?
- If the product under consideration is software/application, can it be used at an alternative site in the case of a disaster?
- Are termination terms reasonable? For example, can Tufts destroy rather than return software and all back-up copies on termination?
- Does the vendor offer discounts to Higher Education customers?
- If support or maintenance is involved, is the fee calculated using list or purchase price? Are there caps placed on annual increases?
The questions in this section are concerned with how well the application/software will meet Tufts' requirements, fit into the existing and planned technology environment, and make acceptable demands on available resources.
- Have business requirements been identified and enumerated? In gathering requirements, have all affected groups at Tufts been consulted?
- How long has the software/application been on the market?
- Does the product satisfy the business requirements? If not, can it be customized to suit Tufts' requirements?
- Does the product require any workflow changes? If so, will the changes work in the Tufts environment?
- Is the application/software redundant? Are there other products already licensed and in use at Tufts that offer equivalent functionality?
- If configuration tasks (e.g., table set-ups) are required to implement and maintain the software/application, are there staff designated to perform this work?
- If the software/application is replacing an existing system, are utilities available to convert existing data to a format that's compatible with the product?
- Is there adequate staffing available to test the product/application?
- If the product requires a 3rd party database, can Oracle be used?
- Are infrastructure requirements (e.g., operating system, browser) compatible with Tufts' standards?
- Is product performance in similar environments adequate to meet Tufts' needs?
- Is the software/application scalable? Can it accommodate future growth?
- If the software/application suffers an outage, who is responsible for correcting the problem?
- If outside resources (either vendor or Technology Services) are to be relied on to provide technical support services, have necessary supporting arrangements been made? Have adequate funds been budgeted to accommodate these services at the level required?
- If internal resources are to be relied on to provide technical support services, has necessary training been arranged for or completed? Is there sufficient staff to cover this work?
- Is there a contingency or fail-over plan in place should the software or its environment fail?
- Have plans been made, testing done and staff available to recover data in case of a system failure?
- Does the software/application or its planned infrastructure offer adequate security to protect Tufts' confidential or sensitive information?
- Have adequate funds been budgeted to accommodate upgrades to the supporting infrastructure such as servers or operating systems? Is trained staff available to perform these upgrades?
- Have adequate funds been budgeted to accommodate maintenance and upgrades to the application/software? Is trained staff available to perform needed upgrades?
- If the software/application requires the purchase of new servers, where will they be housed? Will they reside in a secure environment? If servers are to go in the TAB data center, have arrangements been made?
- If additional users licenses must be purchased to accommodate growth, have funds been budgeted?
- Is staff training a requirement? If so, have necessary arrangements been made to acquire or develop training?
- Is vendor documentation available? It is adequate? If not, have arrangements been made to acquire or develop documentation?
- If the application/software will house sensitive or confidential data, has a qualified Systems Administrator been identified?
- Is the application client-server or web based? Either way, is it compatible with Tufts' desktop standards?
- If there's a need to obtain data from existing systems in order to user the application/software, has consideration been given to how this will be done?
- Has consideration been given to how changes to the system will be logged?
- If there's a possibility that the system will need to be expanded at some point in the future, does the application being acquired offer adequate compatibility, interoperability and standards compliance?
Tufts' campus network supports TCP/IP transport between buildings and to off-campus locations. Support to the desktop consists of Ethernet service at various speeds (10, 100 or 1,000 megabits per second). A number of standards, which have been adopted and published, govern network use. (More detail on these can be found at www.net.tufts.edu):
- Only one computer or network-attached device may be connected to any given network outlet. Additional outlets can be ordered if a room must house more computers than there are outlets.
- Any device that can provide connectivity to other computers may not be connected to the campus network.
- Any device which is causing network problems will be disconnected (with notice, if possible).
- Computers connected to the network must adopt security precautions to deny access to others and prevent take-over for "denial of service" attacks.
The questions below are formulated to reflect these standards and are designed to ensure that purchased equipment will successfully integrate and will not interfere with others. If you have questions, please contact the listed resource for assistance.
- Will your purchase require network protocols other than TCP/IP?
If so, the equipment probably won't work at Tufts.
- Does the equipment you're purchasing require a type of connection other than Ethernet?
If so, it probably won't integrate with the network.
- Does the equipment under consideration require more than one Ethernet connection per unit?
If it does, some special configuration may be needed.
- Does the device being purchased provide Ethernet connections for other pieces of equipment?
If so, it violates published standards and won't be permitted on the network.
- Does the equipment being purchased act as a firewall or deny other kinds of network traffic?
If so, it can create generalized network problems.
- Does the equipment provide wireless connectivity or otherwise use radio frequencies in the 2.4 GHz or 5 GHz unlicensed bands?
If so, it is prohibited at Tufts.
The questions in this section are concerned with how well any servers being purchased will meet Tufts' requirements, fit into the existing and planned technology environment, and make acceptable demands on available resources.
- Have you determined that you're acquiring sufficient CPU, memory, disk, and network adaptors to support the application that will be running on the server?
- Have projections been developed to predict application growth and concomitant increases in capacity requirements?
- Have funds been budgeted to cover increased capacity requirements?
- Has redundancy been built into the server design (e.g., power supply, fan, disk mirroring or RAID)? Have high availability and disaster recovery requirements been considered?
- Has consideration been given to outage handling, recovery and outage prevention?
- Is the server warranty adequate?
- What kind of support does the server vendor provide? Is it adequate to meet your needs? Have funds and resources been budgeted for ongoing support?
- Has consideration been given to locating the server in a secure location?
- If the server is to be located in the Technology Services data center, have the appropriate people been included in the planning? Are there funds to cover any wiring, rack mounts or other special needs?
- Has consideration been given to backing up the server, frequency of back-ups, recovery from a back-up and off-site storage of back-up files?
- Have arrangements been made for virus protection, security, encryption or firewall protection consistent with Tufts's existing practices and standards?
- Have arrangements been made for regular disk defragmentation, if necessary?
- Who will be responsible for ongoing monitoring and tuning the server, the console server (if present) and/or data bases?
- Who will document and be responsible for server shutdown and reboot procedures?
- Has consideration been given to power and cooling requirements? For example, some systems require a dedicated circuits?
- Has consideration been given to the kinds of maintenance and support availability that will be needed? What kinds of support response times does the vendor make available?
- Has consideration been given to an extended support agreement as a way to reduce costs?
- How will replacement of parts be handled? Will the vendor come on site to install replacements, ship parts to you for replacement or require return of the server for part replacement?
- Have funds been allocated to cover delivery and installation costs?
- Have delivery logistics been worked out? For example, will a lift gate be required to unload the equipment?
- Is the server scalable? Can it accommodate additional hardware, for example?
- Can the operating system and/or application be pre-loaded before the server is shipped?
- Has consideration been given to establishing and maintaining call lists?
- What operating system will the server run? Has consideration been given to who is going to maintain it?
- If the server will be using a Windows operating system, will it be stand-alone or will it need to be part of the Tufts's domain? If the latter, have arrangements been made with the local IT organizations?
- Will a remote console be required? If it is, who will have access to it?
- Has consideration been given to who will have root, administrator or other special account access?