Request for a new IT service

The IT department will provide advice in planning towards a new IT service. Areas we assist with include:

• clarifying the need
• roles and responsibilities
• solution alternatives and architecture choices
• required agreements
• data privacy and security
• identifying the resources that should be involved in the process

We normally respond within 3 business days, but depending on the size and scope, the process from treatment to final acquisition can take weeks to months.

Under the menu items listed below, we outline what you should consider before submitting a request.

One of the most important questions to be answered in any ICT procurement is what need an application or system is intended to meet. Put another way, what is not functioning optimally today? By describing the need or needs, you simultaneously answer why you require this system.

What process is this application or system requirement a part of? And is the system necessary for the process to function? (e.g. a project)

What benefits do you see from using a system to achieve the desired outcome or goal?

Is the need short-term and limited to a certain period, or is it tied to a more permanent solution?

It is important to clarify who will be the users of the solution. The answer could be anything from a group of students or researchers at a specific institute, in a project, everyone at OsloMet, the sector, or the public. Identifying the system's users will determine where the need must be anchored in the organization, as well as who will own the solution.

If the system is to be used by students, it is a central question whether the solution should be mandatory or voluntary. The answer will likely set some requirements for the service going forward.

What data to be entered into an IT system should be answered on at least two levels:

• Which users should be registered as users?
• What data should be entered into the system itself?

It may be useful to describe how you envision data entering and exiting the service, how data will be stored, and when data will be deleted. If personal data is intended to be entered into the system beyond the registered users, this is information that will require special requirements for further planning for use.

For user registration, what information will be required? Only name and email or will the system or service require other information as well, if so, which?

Are there any integrations or data sharing between other systems planned?

Classification of your data

OsloMet has adopted the sector's information classification which determines the level of security that a service requires to safeguard our data in terms of confidentiality and criticality.

Which information class applies to your personal data? Please contact your privacy contact for advice.

Visit OsloMet's own pages on confidentiality classes to assess the appropriate class for your data.

The need must be elevated to the appropriate level in the organization to ensure support for the further process of acquisition, implementation, and use.

Consider whether there are others in the organization who may have a similar need and whether the need should be elevated collectively.

Normally, ownership and responsibility for the final solution will lie with the level of the organization that has raised the need or has the greatest need. See service/system ownership below.

Perhaps someone else in the organization has already made such a purchase? If so, please check OsloMet's agreement catalogue, our ordering system, consult with someone in the purchasing department, or clarify with IT.

Service/System ownership

Any application or system acquired by OsloMet must have a responsible person, often referred to as a service or system owner.

This applies to both internal and external systems in use. Someone must take responsibility for ensuring that the system is used in accordance with applicable rules and regulations, as well as ensuring necessary operation and management.

The responsibilities and tasks of the responsible person will depend on the size and scope of the service/system, but perhaps the most important clarification to move forward in the process is to ask:

• Does the unit (project, department, institute, etc.) have the resources to manage the solution?
• What other resources in the organization are needed to establish the solution?
• What other resources, internal or external, are needed to manage the solution?
• Will the solution affect existing business architecture, services, or systems?

Licensing

Many suppliers offer different types of licenses, often depending on the number of users and the functionality that is desired. For the further process, you should have familiarized yourself with the license agreement that you think is most relevant, and why.

Agreement

If you are going to use a program or service that is not operated by OsloMet, but a service that is available on the internet, OsloMet is obliged to enter into a data processing agreement with the supplier, even if the only personal data transmitted is the username for login. Any use of personal data must legitimize its use before starting. See the separate checklist under 'Privacy considerations when purchasing' on this page.

If the procurement requires financing, approval must be obtained from someone with budget authority to carry out the purchase. For larger purchases, it must be clarified whether the costs for annual use will eventually exceed the threshold value. See the procurement pages for rules regarding finance and procurement.

Have you checked with IT Service Desk whether the system can be delivered through one of OsloMet's application and system dealers? This is relevant to clarify payment methods and terms.

For some larger systems/procurements, SIKT has framework agreements.

Consideration must also be given to costs associated with any user support, administration of users, and the system as such.