(Rich Carlson and Erin Murtha, co-chairs)
Accomplishments for Fall 2015/Spring 2016:
Software Asset Management (SAM) Service Launches
- The RCCI Software Working Group helped identify functionalities that will be incorporated into the SAM service and the supporting online software portal.
- The SAM service has been well received by the early adopters and will be offered to the entire Penn State community in April 2016. More information can be found at http://sam.psu.edu/.
- As this tool becomes widely used, it will be important to understand structures and procedures that hinder or facilitate cost-sharing and access to software across units. As a result of this working group, a team has been assembled representing numerous university offices (Software Licensing, Risk Management, Procurement, Corporate Controller, Security, Privacy, Export Control, Office of Research Protections, Office of Sponsored Programs, and General Counsel) to document the current process for vetting new software and technology contracts. The deliverables will include a single workflow illustrating the current state, a single workflow illustrating an ideal state (accompanied by policy recommendations and resource requests), and a log of efficiencies gained by this group collaborating. This team will provide an important point of contact for recommendations concerning faculty researcher concerns and needs regarding software vetting.
Exploring Best Practices to Balance Security and Research Needs
- There is great disparity of unit policies concerning administrative rights for faculty and staff. This is a frustration for faculty concerned with productivity, especially in time-crunch situations. We have charged our working group members to explore and share their units’ best practices, and have shared these documents within our team. In addition, Greg Madden will have discussions with peer institutions to learn more about their challenges and successes.
- We gathered examples of unit policies from members of the working group, and the Survey Research Center is compiling information on these and other security policies from all units in the university. As of 3/31/2016, this effort is approximately 70% complete.
Planned Work for Fall 2016/Spring 2017:
Software Asset Management Service
- By the Fall of 2016, the SAM service will have several months of service. The RCCI will collaborate with the Service Manager to review challenges and opportunities, and to continue discussions on marketing and promoting the service to researchers at Penn State.
- It is likely that the Contracts Vetting team will continue to work together to streamline processes.
Exploring Best Practices to Balance Security and Research Needs
- We learned through our discussions that at least some units are working, apparently in isolation from one another, to implement solutions such as Beyond Trust Power Broker to provide alternatives to full administrator rights, allowing a more flexible balance between researcher and security needs. We will explore the progress and effectiveness of these efforts, working toward best-practice recommendations and possible central solutions for these efforts. One focus of this discussion will be best practices concerning custom software developed by researchers and often freely shared across labs and institutions.