Software License Acquisition and IT Procurement Process

Find information about buying software that requires a license agreement. Please be advised that the IT procurement process can take time. Early planning is recommended to avoid delays.

Background

A software license is a contract that gives one party the right to use a computer program owned by another party. The license includes terms such as the duration of the license, permissible location of the software, limited purpose for which the software can be used, and number of users allowed to use the software.

Software Licensing Contacts

• All new software purchases are required to be reviewed by ITS OIA. To begin the third party data security review, please visit the Supplier Review Site (login required).
• Software purchases may also require a privacy review if it processes P3 or P4 data, or AI using any personal data. For more information, please visit the Campus Privacy Office online. To begin the privacy review, please access Risk Intake Form.
• If you have created software that an outside person or company wants to buy, contact Office of Innovation and Commercialization.
• For information on supported software applications available to students, faculty, and staff, along with instructions on how to request them, please visit the ITS Enterprise Software Licensing page.
• For details on Adobe please visit Adobe - ETLA CC and ETLA Acrobat. For details on Microsoft products and licensing, please visit Microsoft for Departments and Units and Microsoft for Individuals.
• For software licenses not listed on the ITS Enterprise Software Licensing page or to renew a license purchased by an external individual or company, please contact Andrew Bunker for review.
• For more information please visit Merchant Services and PCI resources. 

Before You Buy Software That Requires A License

Read these regulations and recommendations:

• Please review the UCOP Technology Ageements before purchasing software or technology from a third-party supplier. 
  • These systemwide agreements may offer pre-negotiated terms, pricing, and data protection provisions that benefit the campus and streamline the procurement process. 
  • Using an existing UC agreement will help avoid delays and ensure compliance with university policies.

• Your ITS team should be included when any of the following conditions are present:
  • New / Upgrade / Replace/ Renewal (mid-cycle or new contract)
  • Software that will require ITS Maintenance and Support
  • Software that will be used by multiple departments
  • Involves any campus data (level of review required depends on what type)
  • Will be used by the student body, staff, and/or faculty
  • Involves PCI and Point-of-Sale
  • Involves financial information
  • Will be budgeted for and purchased through ITS
  • Involves integration(s) with other systems, Activity Hubs, SSO, OFC, Recharge, etc.
  • Requires an RFP or RFI or in some cases sole-sourced (>$100K cost)
  • IT Professional Services
  • Temp. workers doing IT-related work on software that’s supported by ITS
  • COTS Examples: Tririga, Maximo, GIS, NetSuite, Transact, Persona
  • Custom development: .NET, Java, Python, React

• Highlights For Project Teams:
  • All software contracts need to be signed by Procurement 
  • UCSD requires a DSA be sent and agreed upon by the vendor 
  • Reviewing agreements and products takes time 
  • The Vendor always signs first (before UCSD) 
  • If the vendor or product is already used and contracted at UCSD or UCOP: 
    • Don’t assume they have been vetted for your specific use case (OIA can confirm if the software has been previously reviewed for data security and privacy level) 
    • It may still need review
  • Requestors should consider the use case and associated data protection level (data saved, processed, transmitted, etc.) in implementation timeline estimates. The more sensitive the data, the more detailed the review, and higher the insurance requirements will be
    • Engaging Suppliers and Classification of Information and IT Resources 

• Discuss these issues with your purchasing director or designated professional buyer before deciding on a license agreement: 
  • Field of use: Whether you intend to use the software for a specific purpose (e.g., research only, not teaching).
  • Transfer, sublicense, assignment, exclusive/ non-exclusive: Whether you want to permit others to use the software.
  • Site licenses, archival copies: Whether you want to be able to make copies, install, and use the software on one machine or on many at the same time.
  • Access to object code/ source code, source code escrow, proprietary rights: Whether you want to be able to customize, modify, reverse engineer, or otherwise customize the software, and who owns the rights to any improvements you may make.
  • Export Administration Act: Whether you expect to be able to export the software to other countries, which is governed by this federal law.
  • Version/ release:. Whether you expect to receive upgrades or new releases, and at what price.
  • Maintenance, renewal, price protection: Whether you expect the licensor to provide training or technical support, for what period of time, and at what price.
  • Fixes/ error correction: Whether or not you expect to pay for correction of bugs.
  • Proprietary rights indemnification: Whether the licensor will be responsible if another person accuses you of infringing on its ownership rights to the software.

GASB 96 Requirement

As part of our commitment to transparency and accountability, UC San Diego is actively working to comply with the Governmental Accounting Standards Board (GASB) Statement No. 96, which pertains to the accounting and financial reporting of Subscription-Based Information Technology Arrangements (SBITAs).

What Is GASB 96?

GASB 96 requires public entities to report certain IT subscription contracts—such as cloud services, software agreements, and digital platforms—as capital assets. These arrangements now impact our financial statements and must be reviewed and documented thoroughly.

GASB 96 requires that Subscription-Based Information Technology Arrangements (SBITAs) be treated as financing transactions, requiring capitalization, unless the SBITA has a maximum possible non-cancellable term of 12 months (or less) including any options to extend, regardless of their probability of being exercised.

UC Office of the President has set a Threshold Materiality of $500K undiscounted future SBITA payments, including option periods and includes implementation costs.

Why It Matters

• State & Audit Compliance: Accurate reporting ensures we meet UC system-wide and California state requirements.
• Financial Transparency: Helps provide a clearer picture of our IT investments and long-term commitments.
• Risk Mitigation: Avoids potential audit findings or financial misstatements.

How You Can Help

Your participation is vital in helping us identify and document qualifying IT subscriptions. Here’s how campus clients can assist:

• Review Contracts & Invoices: Look for ongoing IT subscriptions, software agreements, and cloud-based services.
• Share Documentation: Send any relevant contracts, purchase orders, or renewal documents to the GASB 96 tracking team when requested.

Software Purchases Using the Procurement Card (PCARD)

Software may be purchased using the PCARD under specific conditions. All software acquisitions must comply with UC San Diego’s policies regarding:

• Information Security
• Privacy
• Accessibility
• Data Use Agreements
• Software Licensing Terms

Before making a software purchase, departments must ensure that any required reviews (e.g., OIA, Privacy, IT Security) have been initiated or completed. In some cases, an exception or additional approval may be required.

For more information please visit the Procurement Card Blink Page.