Skip to end of metadata
Go to start of metadata



Find Policy by Category


Click here to view faculty-only policies

Software Compliance

Policy Information

Issuing Office

Information Services

Affected Parties

Faculty, Staff, Students

Policy Language

The following provides the in and out of scope items for the policy.

1.2.1 In Scope

All software media purchased, in possession, accepted by formal agreement, or in the process of being acquired is bound by

2.1.1 Acquired Software

All software media which is not legally owned or appropriate for installation or use by the university – faculty, staff, student worker, or any other member of the university on a university-owned machine is bound by

2.1.2 Unlicensed Software

All employees that are required by their position to handle license keys or similar data are bound by

2.1.3 Permitted Staff

All employees that are not required by their position to handle license keys or similar data are bound by

2.1.4 Non-permitted Staff


1.2.2 Out of Scope

• Software installed on a non-university-owned machine where the acquisition and use of that software does not correspond with a Liberty University position-related function, task, or role

• Software written by university staff

 

2.2 Specific Concerns and Guidelines

The following provides a list of concerns of which employees, particularly Permitted Staff, should be aware.

2.2.1 Copyright

A copyright is formed from the moment a work is created and fixed in tangible form, whether it is source code written on paper or machine code recorded on magnetic or optical disk. It exists whether or not a computer program is published and formal registration is not necessary for legal protection. With computer software, the user usually acquires a license to use the copyrighted work under the terms and conditions set by the copyright owner.

2.2.2 Licensing Agreements

When software is purchased, the purchase is only acquiring a license to use it– the publisher retains the full rights to the software and has the sole rights to further distribution and reproduction. Most of Liberty University’s software license agreements state that the license is “non-transferable” – meaning that we cannot sell, gift, or transfer the license to another entity or individual. Each license agreement is reviewed during the ITSC/ARB approval process to ensure our licensing method and software usage are compliant with the agreement.

Ensuring licenses are not accidentally transferred requires:

(1) Accurate inventory with approved installations

(2) Controlling/auditing the software purchasing process

Not all license agreements can be considered in compliance by counting installations or users. Some license agreements limit the type of user (i.e. faculty only, no staff use) or place the software can be used (i.e. site license for 1971 University Blvd, not to be used by traveling recruiters). Therefore, some software approvals may require additional information from the requestor or specific wording to be shared during installation to ensure the user is aware of special limitations.


2.2.3 Remote and Home Users

Liberty has several staff situations that need to be considered when requesting/approving new software installations. Some software publishers’ licenses allow for “remote” or “home” use of their software, but the license agreement needs to be examined carefully. Any special staff situations in the software approval request should be included to be reviewed. E.g., adjunct faculty (non-university-owned machines) or work from home employees (university-owned machines).


2.2.4 Educational and Non-Profit Exemptions –There is no blanket exemption from liability for copyright infringement by educational institutions or non-profits.

“fair use”- only permits the limited use of portions of a copyrighted work for the purposes such as criticism, comment, news reporting, teaching, scholarship, or research To define exemptions for educational and non-profit organizations


2.2.5 Liability and Penalties

Any person illegally reproducing software can be subject to civil and criminal penalties including fines (beginning at $100,000 per occurrence) and imprisonment. All users must not condone illegal copying of software under any circumstances and anyone who makes, uses, or otherwise acquires unauthorized software will be appropriately disciplined. If an organization is using illegal copies of software, the organization may face not only a civil suit for damages and any profits attributable to the pirated software, but in some circumstances, corporate officers and individual employees may even be charged with criminal liability as well. Every person that participates in copyright infringement is jointly and severally liable, meaning that each defendant can be required to compensate the software company for the damages it suffered to the entire cost.


2.2.6 Accesses to License Keys

Certain IT staff members have access to license keys if appropriate for their job role. This access is granted after the staff member has attended Compliance Training with IS Accounts Management and signed the Software Code of Conduct. Any other license keys and digital or physical media, not properly inventoried in Service-Now, should be sent to software@liberty.edu and the IS Accounts Management and Compliance office to be inventoried.


2.2.7 Purchasing Process and Procedures

Inquiries, questions, and concerns about the process or procedures for purchasing IT software and equipment should be directed to IT Office Managers or the IS Accounts Management and Compliance office. While these processes and procedures are defined outside the scope of this policy, all approved prescriptive documents, training, or other guidance provided by Enterprise Architecture, IS Accounts Management and Software Compliance, or Administration should be treated as normative and authoritative. Nonconformance to these documents will be assessed on a case-by-case basis, but will almost certainly be counted as nonconformance to this policy and all contents herein.


2.3 Responsibility

It is the responsibility of the IS Accounts Management and Compliance department to ensure that training, policies, and process are in place to increase that the likelihood for software compliance as well as compliance effectiveness. It is the responsibility of individual users across IT and the broader university to maintain conformance with this policy and related processes, guidance, and training materials.

Policy Rationale

Software compliance processes and standard operating procedures should be appropriated by all relevant IT and ILRC staff and irrelevant staff should be unable and unentitled from any activities inconsistent with their job role or function. Without supplying all of the specific process steps or standard operating procedures for maintaining software compliance, this policy will support the education and governance of such activities.

Definition of Glossary Terms

2.1.1 Acquired Software

In this document, acquired software is software that is legally in the possession of the university. This legal ownership of software media may have been obtained through a variety of methods, such as:

(1) Purchase and Sale Agreement: typically executed as a Software Licensing Agreement entitling the university to a number of users, sessions, installations, or combination

(2) Informal Terms of Use Agreement: often accepted by “I accept” checkbox with free access/download

(3) Internet-based Software as a Service Subscription: can be treated like (1), (2), or combination.

The legal acquisition of software media or “cloud” (as a service) software is nearly always accompanied by a formal or informal agreement regardless of the cost to acquire. Even free software is licensed according to an agreement: the acceptance of which by university staff, establishes obligations for theuniversity to the software provider. While these obligations can be benign or low risk, employees should consider the potential consequences of accepting an agreement unintentionally on behalf of the university, should a legal dispute occur. Therefore, all staff members who acquire software should report that acquisition to the IS Accounts Management and Compliance department by emailing software@liberty.edu.

2.1.2 Unlicensed Software

Software that is acquired illegally or without written agreement or permission of the author, vendor, or legal provider should be immediately uninstalled or subscriptions cancelled. If software was acquired, but the legal status of its acquisition is unclear, then interested parties should email software@liberty.edu.

2.1.3 Permitted Staff

In this document, Permitted Staff are employees who, once software has been legally acquired, have access to software media and license keys or similar data enabling them to legally provision, install, and assign usage to a university user. Typically, this will be limited to HelpDesk and IS Accounts Management and Compliance staff all of whom are required to attend Software Code of Ethics training and provide documented awareness and agreement with this code.

2.1.4 Non-permitted Staff

Any staff member who is not explicitly Permitted Staff, either for a specific software title or by job role, is not entitled to install or access software media or license key or similar data. A non-permitted staff member becomes permitted through training, a documented approval, and one or more security entitlements in Service-Now and Molly – providing access to license keys and software installation media.

Procedural Information

Procedures

None specified

Sanctions

Non-Conformance

Any response to non-conformance will be handled on a case-by-case basis, but will likely result in the uninstallation of software from non-conformant machines. Given the circumstances, additional responses could involve employee role reduction, reassignment, or termination. It is important to recognize the seriousness of non-compliance with license agreements or other legally enforceable obligations, non-conformance to this policy will be dealt with an equally serious response.

Exceptions

None