Prince Sultan University PSU
Policy Management System
Approved Application Policy

Policy Code: IT0010
Policy Title: Approved Application Policy
Owner: Deanship of Digital Transformation
Responsible Office/Department: Vice President for Academic Affairs
Approved by: University Council
Date Created: 02 Februrary 2017
Recent Review: 15 August 2020
Effective Date:

POLICY STATEMENT

PSU is committed to ensuring a secure and efficient digital environment for its community. Our Approved Application Policy mandates that all software and applications used for university-related activities, including teaching, research, and administration, must be formally evaluated and approved by the university's IT department. This policy ensures compliance with our security standards, intellectual property rights, and data privacy regulations, supporting PSU's dedication to technological excellence and safeguarding our community's digital integrity

BACKGROUND AND JUSTIFICATION

With the increasing use of various software and applications in academic and administrative settings, there's a growing risk of security breaches, data privacy violations, and inefficiency in technology use. The policy is justified by the necessity to standardize and control the applications used within PSU to ensure they meet security standards, comply with legal and intellectual property regulations, and align with the university's overall technological strategy. This approach not only protects the university's digital infrastructure but also ensures that technological resources are optimally utilized, contributing to the university's mission of delivering high-quality education and research.

SCOPE AND PURPOSE

The scope of the Approved Application Policy encompasses the following key areas:

  1. Usage: The policy applies to all software and digital applications used for academic, research, and administrative purposes across the university.
  2. Coverage: It is relevant to all PSU faculty, staff, students, and any other stakeholders who utilize or manage digital applications within the university's network.
  3. Approval and Compliance Process: The policy governs the process of evaluating, approving, and ensuring compliance of applications with university standards for security, privacy, and functionality.
  4. Integration and Compatibility: It includes guidelines for ensuring that all approved applications integrate seamlessly

PRINCIPLES OF THE POLICY

All employees may operate programs on the IT approved application list. If an employee wants to use an application not on the list, they should submit the application program to the IT department for approval prior to using the program on a system connected to the organizational network. The main principles of this policy are the following.

  1. Security and Privacy: Prioritize the security and privacy of the university’s digital infrastructure and user data in every application used or introduced within the university.
  2. Compliance and Standardization: Ensure that all applications comply with legal, regulatory, and PSU-specific standards, including intellectual property and data protection laws.
  3. Efficiency and Effectiveness: Select and approve applications that enhance operational efficiency, improve the effectiveness of educational and administrative processes, and support the university's strategic objectives.
  4. Oversight and Accountability: Establish clear procedures for application approval, regular audits, and accountability measures to ensure ongoing compliance and optimal use of technology resources.

Exceptions

Special exception may be made to this policy for specific employees depending on the required job function and the skills of the employee. Some reasons for exception include:

  1. The employee may be the person who needs to test new applications on a test network, then on the main network.
  2. The employee may be a developer that must run applications developed by themselves in order to test their own work.
  3. Network administrators may be allowed the ability to operate and test new software.

Approved Applications

IT department approved applications are listed below.

  • Windows Operating system
  • Microsoft Office Suite
  • Google Chrome
  • Mozilla Firefox
  • Google Chrom
  • Microsoft Edge
  • Adobe Acrobat
  • Microsoft Visio
  • Symantec/ Trend micro Antivirus
  • Roxio Easy CD Creator
  • WinZip
  • WinRAR
  • Nero CD Creator
  • Citrix Web client
  • Power Archiver
  • AutoCAD
  • PDF writer
  • VLC Media Player

DEFINITIONS

  1. Software Application: An application program (software application, or application, or app for short) is a computer program designed to carry out a specific task other than one relating to the operation of the computer itself.
  2. Data Integrity: is the maintenance of, and the assurance of, data accuracy and consistency over its entire life-cycle
  3. Software Installation: is the configuration of software with a view to making it usable with the computer
  4. Security Incident: a single or a series of unwanted or unexpected information security events that have a significant probability of compromising business operations and threatening information security.
  5. Software Developer: a person who designs, programs, builds, deploys and maintains software using many different skills and tools.
  6. Network Administrator: a person designated in an organization whose responsibility includes maintaining computer infrastructures with emphasis on local area networks up to wide area networks.

RESPONSIBILITIES AND IMPLEMENTATION STRATEGIES

ITC staff will review the list of approved application periodically, taking user feedback into consideration. The ITC manages the installation of all software and will continuously monitor compliance.

PROCEDURES FOR HANDLING POLICY VIOLATION

Since running safe programs is critical to the security of the organization, employees that do not adhere to this policy may be subject to disciplinary action up to and including dismissal.

REFERENCES