All software and system procurements go through IT Services
- If you need new computer software, mobile application, or IT system in Metropolia, fill in the procurement form at https://hankintalomake.metropolia.fi -> Ohjelmistot ja järjestelmät.
- If any personal information is handled in the computer software, mobile application, or IT system, you need to fill out DPIA-form. Familiarise yourself with the DPIA-guidelines in OMA. (link: https://oma.metropolia.fi/gdpr-ja-tietosuoja/tunnista-dpia) and fill out DPIA-form (link: https://elomake.metropolia.fi/tunnistaudu.php?lomake_id=25145).
- Based on the decision of the Metropolias executive board, any type of computer programs, mobile applications, or IT systems (even free ones) shall not be used without going through previously mentioned process.
(Unfortunately some links and forms are only in Finnish)
1. What do I need to do if I need new software or system for Metropolia?
- Check the process diagram and instructions on the IT Services website (link:https://wiki.metropolia.fi/pages/viewpage.action?pageId=169024187) (only visible to logged-in users).
- Open the procurement form at https://hankintalomake.metropolia.fi
- Click Ohjelmistot ja järjestelmät (Software and Systems).
- Login with your Metropolia username and fill out the form.
- Familiarise yourself with the DPIA-guidelines (link: https://oma.metropolia.fi/gdpr-ja-tietosuoja/tunnista-dpia)
- If the digital tool processes any personal information, please complete the DPIA form (link: https://elomake.metropolia.fi/tunnistaudu.php?lomake_id=25145)
This motion affects all Metropolia's units and projects. Therefore, nobody can independently acquire digital product tools (computer programs, mobile applications, and IT systems) without complying with the above process, regardless of the size of the acquisition: The obligation applies to all digital tools even when installed to a single computer or mobile device to organization-wide systems.
2. Anticipate purchases
IT Services and Legal and Archiving Services are in constant dialogue with each other and work together to develop the software and systems procurement process to be more efficient and flexible. The procurement form is also being developed. Above-mentioned units aim to provide smooth service within the framework of the legislation. Though the obligations are fully binding as it’s required by the law, which means it is not possible to ignore these steps even in the most urgent cases.
Try to plan your software and system needs as early as possible. This will help to get the tools you need in time. Completing the procurement process may take some time, but urgent procurement will be prioritized over the less urgent ones.
3. The statutory risk management process
EU General Data Protection Regulation (GDPR) 2016/679, National Data Protection Act (1050/2018) and 1.1.2020 Act on Information Management in Public Administration obliges the organisation to control the introduction of newly adopted digital tools (IT systems, electronic services and software’s). Meaning that digital tools are only permitted in a controlled manner. Therefore, each digital tool must go through a mandatory risk management process. This process must be documented for each digital tool, so there is evidence that the process has gone through impact assessment.
In GDPR, the risk management process is called the DPIA or Data Protection Impact Assessment process. (Article 35). In the Act on Information Management in Public Administration, the same issue is referred to as change impact assessment (5§).
By the decision of Metropolia's executive board, all computer programs, mobile applications, and IT systems procurement is centralized in the IT Services to enable Metropolia to comply with the above-mentioned, statutory risk management process. Read the instructions below on how a new digital tool can be taken into use at Metropolia.
Act on Information Management in Public Administration set requirements for information security, for example in relation to procurement. The law states that appropriate information security measures must be implemented for the information system being procured.
- The pre-inquiry on information security identifies the information processing description, which is useful for establishing the functional requirements.
Additional information Data Protection Officer, Legal and Archiving Services
- Data protection legislation
- Inquire about the progress of your procurement
- Inform about digital tools that are already in use at Metropolia
- Give more information about the procurement process and
- Give assistance in completing the procurement form.
Frequently asked Questions
Question: I want to install a mobile app for personal use on my work phone. Do I need to fill out the procurement form and is it allowed to install the mobile app on my work phone?
Answer: The installation of mobile applications on work phones is allowed for personal use and when used for personal use, you do not need to fill out the procurement form. In situations where the mobile application is used in Metropolia's operations, such as in projects, the procurement form must be filled.
Question: I need Microsoft Office for my laptop. Do I have to fill out a procurement form?
Answer: No need. Microsoft Office is pre-installed on all computers maintained by Metropolia.
Question: I need a program that isn't among the official tools. Do I have to fill out a procurement form?
Answer: If the program is not already in use at Metropolia, you must complete the procurement form.
Question: The program is free, but it has not been used in Metropolia before. Do I have to fill out a procurement form?
Answer: Yes you have to. The price of the program does not matter.
Question: Information Management Services has already implemented the program in Metropolia, but I want the program to be used for teaching in a specific computer class.
Answer: You do not need to fill out a procurement form. Please contact HelpDesk if you need help with the installing.