Software Evaluations and Privacy Impact Assessments

Whether you’re looking to invest in new software or replacing a current product, all software being considered for use at RRC requires a Software Evaluation and/or Privacy Impact Assessment.

Having software evaluated by the Centre for Learning and Program Excellence (CLPE) and Information Protection and Compliance will provide valuable information when deciding on what tools to invest in, including:

Data Security

What are you agreeing to when accepting the company’s terms of use and privacy policy? It is important to read the fine print and determine what type of data and analytics the company will be collecting, who owns it, and how it is stored. A software evaluation answers all those questions and more.

Academic Requirements

Is the software a good fit for the College’s academic learning environment?

Redundancy

Is there software already in use in the College that can provide the same solution?

Request a Software Evaluation Consultation

Prior to committing to purchase or use software, please complete the form below to request a software consultation with the CLPE. All software used within the college requires an evaluation to ensure it is suitable for the purpose, meets data security requirements, and is compatible with our teaching and learning spaces.

Please consult the list of completed software evaluations.

It is important to submit unapproved technology, either prospective or currently used, for approval by the CLPE and ITS Information Protection & Compliance department.

Software Evaluation Consultation

Contact Information

Preferred contact method *

Software

What are Software Evaluations and Privacy Impact Assessments?

Red River College’s Information Protection and Compliance department conducts two types of software reviews as part of ITS governance:

  1. Software Evaluations
  2. Privacy Impact Assessments

Other departments such as the CLPE may be consulted on assessments if necessary.

Software Evaluations

Software Evaluations examine the wording of the software company’s Privacy Policy and Terms of Use Agreements to assess data security clauses, including what data will be uploaded to the external website, where is it stored, policies around data ownership, and other security information.

Typically, this type of evaluation is for software that will not interact with other College systems, and the user base is a specific department or group. If the evaluation flags any security or privacy concerns, it may be referred to Legal Services for review.

Privacy Impact Assessments

The Privacy Impact Assessment is a process that RRC uses to identify and address potential privacy risks when contemplating the purchase of a new system or service that will be used by a broad range of staff or students. The PIA process examines potential impacts to privacy and considers reasonable measures to lessen these impacts if concerns are identified. As a public body, the College is currently using the PIA tools that have been provided for use by the Manitoba Ombudsman. This assessment assists RRC in identifying potential privacy risks, and as a result, allow us to address those risks early on.

Purchasing Policy and Legal Agreements

Please remember to follow all of the procedures outlined in the RRC Purchasing Policy and ensure that software agreements are reviewed by Legal Services.

The Risks of Free Software

It’s tempting to download free software and although it does not have a monetary cost, it can come at a price in the form of malicious viruses, spyware, adware, or browser hijacking. They can be innocuous and annoying, or they could send your private data to a third party and steal your passwords.

Not all free software is free; your personal data could be the price.