Considerations before buying, developing, or deploying new applications in UCD
This page provides considerations for those who are considering deploying an application locally within a school or unit - it does not constitute an approvals process and does not imply endorsement of the application for use within UCD.
For assistance in navigating through these considerations contact IT Partnership ((opens in a new window)itpartners@ucd.ie), and we will respond to you as soon as possible.
Assistance will depend on the nature and complexity of the request, as well as existing priorities and commitments.
Applications being delivered by IT Services follow the established IT projects planning process. See here for details and how to submit an IT project request.
Overview
Purpose
To provide Schools and Units an overview of the considerations they must undertake regarding alignment with UCD’s Enterprise Architecture Principles, IT policies, technical and security standards, and in meeting regulatory and legal compliance requirements.
For assistance in navigating through these considerations contact IT Partnership (opens in a new window)(itpartners@ucd.ie), and we will respond to you as soon as possible.
In Scope
Any application that provides functionality to UCD’s community, typically accessed through a web browser, mobile device, or desktop, or that provides functionality or capabilities to other applications.
Applications include on-premise hosted and cloud services; bespoke and packaged solutions; internally managed and externally managed by a third party; subscription and perpetual paid licences; as well as free or open source solutions.
Enterprise Architecture Principles
Alignment to Enterprise Architecture Principles
The UCD Enterprise Architecture Principles inform, guide and govern the design and deployment of applications across the University.
Alignment with these principles is a requirement for all applications, from departmental solutions in individual schools and units, to centrally-managed university-wide platforms.
A key consideration is to avoid the deployment of applications with duplicative or overlapping functionality. Please engage with IT Partnership ((opens in a new window)itpartners@ucd.ie) to make sure that the sought functionality is not already provided or possible through an existing application.
Engage Procurement
Adherence with UCD Procurement Guidelines is a Requirement
As part of any project, it is important that project team engage with UCD Procurement as early as possible. They will guide on thresholds, particular frameworks available, and timeline considerations.
The University is subject to EU and National Public Procurement legislation and all staff with responsibility for purchasing should be familiar with UCDs Purchasing Unit procedures and quotation & tender compliance requirements.
Technical & Security Considerations
Applications must be designed and built securely, aligned to the enterprise architecture
Adherence to University Policies is a requirement
IT related Policies and Guidelines are provided to protect applications, safeguard data, and comply with legislation.
To help protect University applications and data from internal and external cybersecurity threats, you should review (opens in a new window)Assessing the Security of Digital Solutions with whoever will manage your application, before buying, developing or deploying a new application.
Non-Functional Requirements
A predefined set of (opens in a new window)Non-Functional Requirements is provided without support or assistance. These should be tailored to suit the intended solution and agreed as complete with Technical Owner.
The Non-Functional Requirements cover;
- Sample Introduction Section, and Context for Requirement
- Sample Non-Functional Requirements, covering
- Performance and Availability
- Integration and Interoperability
- IT Security and Data Controls
- Service Management & Support
These should be complemented by Functional Requirements developed by the Business Owner.
University Data
Personal Data
Where an application involves processing or storing UCD personal data, full compliance with GDPR regulations is required.
A DPIA must be completed where UCD collects, stores or processes personal data, and a Transfer Impact Assessment must be undertaken where personal data is exported outside the EEA.
The UCD DPO has developed a (opens in a new window)comprehensive UCD Data Protection Checklist to guide UCD academic and administrative units through the key steps involved in the selection and acquisition of applications.
A library of policies, procedures, training, guidance, templates, and contact information to support you through this are available on the UCD GDPR website.
Research Data
Where an application involves processing or storing of Research Data, then UCD's (opens in a new window)Research Data Management site will help you ensure that your research data is stored, retained, made available for use and reuse, and disposed of according to best international practices, as well as in compliance with legal, statutory, ethical, contractual and intellectual property obligations, and the requirements of funding bodies and publishers.
Accessibility & Integration Requirements
Accessibility standards (e.g. W3C WCAG2.1 or ISO/IEC 40500) and legislation (e.g. EU Directive 2016/2102), must be assured for all applications. For UCD websites (managed through T4 CMS), IT Services provides Silktide to test and assess website accessibility.
Single Sign On (SSO) should be used wherever possible.
Where SSO integration is required, please contact the IT Helpdesk.
For other application or data integration requests, please contact IT Partnership (itpartners@ucd.ie)
Rollout, Routine Management, and Retirement
Applications deployed should be registered in the (opens in a new window)UCD Application Register.
It is recommended that applications are routinely assessed to ensure they are fit for purpose and meeting University requirements.
Applications that are no longer required should be decommissioned, including secure data destruction, cleanup and release of infrastructure resources such as virtual instances, physical servers, DNS registration, and removed from the Applications-in-Use Repository.
IT Services can help you follow the correct decommissioning steps.
Quick Links
- UCD Procurement site
- (opens in a new window)UCD Procurement Guidelines
- UCD Data Protection and GDPR site
- (opens in a new window)UCD Data Protection Checklist
- UCD IT Policies and Guidelines
- Cloud Computing Guidance
- UCD EA Principles
- (opens in a new window)UCD Application Register
- (opens in a new window)UCD Research Data Management
UCD IT Services
Computer Centre, University College Dublin, Belfield, Dublin 4, Ireland.Contact us via the UCD IT Support Hub: www.ucd.ie/ithelp