Purchase and Use of Computer Servers/Services

The unrestricted purchase or creation of computer servers/services by faculty, staff, and students is not an appropriate use of College funds and resources. The only departments permitted to use College resources for computer servers are those that have a justifiable requirement for such in support of the mission of the College and its goals.

Policy

Computers that provide services to the College need to be secure and resilient. Any computer that provides services that are required for a business process of the College must have a support plan with disaster recovery/business continuity and security provisions. Business processes requiring a server/service should have continuity plans to cover the unavailability of the server/service. A security profile plan is required, detailing the security configuration, authorization/authentication methods, maintenance schedule, replacement cycle, and data retention/protection options of the server. Any computer that is compromised or provides unapproved services will be removed from the campus network immediately.

When working with vendors where a computer server/service is required, a very strong preference for using a virtual machine should be indicated and communicated in any request for proposals or purchases. The College’s virtual machine infrastructure has been designed to provide a very high level of resiliency and efficiency. Individual physical servers consume additional power and resources and should be only used when there is no possible virtual machine option.

Any department that wishes to use computer servers must forward a justification to the Chief Information Officer, South Hall 119, describing how the server/service is required to support their departmental mission and a support plan. The Chief Information Officer and/or the College Controller will review the justification for appropriateness, and requestors will receive written notification of the response to their request within ten (10) business days.