Buying Software

When purchasing software or software licenses, Cloud software-related Professional services and cloud computing services, there is a specific BearBuy Software form to use and a Supply Chain Management Buyer will be involved in your transaction regardless of dollar value.  This includes but it not limited to purchases for software as a service, software support and maintenance, software upgrades and app design. Cloud services can mean collections of applications, information, infrastructure components, and/or services which are provided as pools of resources.

UCSF IT Security Risk Assessment

Any system that involves creation, storage, transmittal, hosting or other processing of information by a supplier or another third party must go to UCSF IT Security for a risk assessment. In addition if you are purchasing hardware that may contain software you should also contact IT Security for a risk assessment.  This applies to UC information including but not limited to PHI, PCI, and PII.

You must contact UCSF IT Security to commence a security assessment before submitting your requisition. SCM will not be able to finalize requisitions/purchase orders without this assessment being completed.  For more information about the IT Security risk assessment, how to request an assessment and what to expect during the process, please visit the UCSF IT Security website.  

Purchasing Software

Use the BearBuy Software form to purchase:

  • Software or Software Licenses.
  • Software as a service – Software support, maintenance, service levels, upgrades and app design
  • Cloud Software-related services - Any consulting services pertaining to the implementation, installations and/or customization of any Cloud Software Technology.
  • Cloud Computing Services - Cloud computing is a model for delivering information technology services in which resources are retrieved from the internet through web-based tools and applications rather than a direct connection to a server.  Also see UCSF IT Security Cloud Service Basics.

Do not use the BearBuy Software form to purchase: 

  • On premises software or hardware (i.e. Adobe Acrobat).
  • Equipment that contains embedded software.

The BearBuy Payment Request form and UCSF Procurement Cards should not be used to purchase software, software licenses, or cloud computing services. Most on-premises/off-the-shelf software should be purchased through the BearBuy SHI punch-out.

The "click through" agreements for software or services available on the Internet are not approved by UCOP or UCSF legal and procurement departments; moreover, only authorized individuals can enter into agreements for UC. Additionally, these agreements often contain language and clauses that are problematic for business and patient care data.  Therefore, please avoid clicking-through on such agreements and instead please use the BearBuy Software form to engage SCM in finalizing your transaction, including agreement terms that are compliant with regulations, UC policies, etc.

Consider using any established agreements that could help determine your supplier selection, possibly improve product pricing, and offer better terms and conditions of sale. If you are using such an agreement please enter as much contract information (title, reference, number, etc.) as you can in the agreement field on the form.

Cloud Computing Guidance

Per UCSF IT Security, the "cloud" is a continually evolving term which broadly references cloud services or cloud computing. Cloud services can mean collections of applications, information, infrastructure components, and/or services which are provided as pools of resources.

There are also commercial and consumer cloud services providing many different capabilities. Most people use free or almost free cloud services for things like email, calendaring, music services, social media, online storage, and photo storage. These consumer focused technologies may seem as if they would meet business needs and some of them can be used under certain circumstances but in general they are not approved for use at UCSF.

There are generally three service models for cloud computing; Software as a Service (SaaS), Platform as a Service (PaaS) and Infrastructure as a Service (IaaS). In addition to the various cloud computing service models these services can be deployed with varying points of access and integration within an organization's computing infrastructure and network.  For examples of each type of service model please visit UCSF IT Security Cloud Computing Guidance.    

Using the Software form:

  1. Review UCSF IT Security Cloud Computing Guidance.
  2. Determine if an IT Security risk assessment is required to be commenced before submitting your BearBuy Requisition. 

           •  Upon completion of the IT Security risk assessment please upload the IT Security approval email as an internal attachment on the form.
  3. Complete the BearBuy Software form.
  4. Complete the Department Information section. Specify the department name as well as the departmental technical contact who will answer technical questions about the software purchase.
  5. Establish a Statement of Work (SOW). Establish payment structure based on completion of job, achievement of project milestones, or phases of work or provision of acceptable deliverables. This detailed Statement of Work differs from the “Brief Software Description” provided on the form itself. 

            •  Include a brief software description including but not limited to what it will be used for, whether (and what kind of) UC data will be hosted,        
               stored or accessed by the supplier.
            •  Provide details on what type of service, if any, will be performed.
  6. If PHI and HIPAA are involved, select “HIPAA” in the drop-down box on the BearBuy form, next to where it states, “If the supplier has access to Protected Health Information (PHI), select HIPAA. Otherwise select NO.”

            •  If PHI/HIPAA are applicable and UC PHI is being transmitted or stored outside the University’s systems, you must initiate an IT Security risk assessment as soon as possible so as not to hold up release of your PO. 
  7. Indicate if this transaction results from a current or prior License or Service Agreement with the supplier and if yes, provide the PO or agreement number if known.
  8. In the selection justification field, University purchases require demonstration of selection of an appropriate supplier and of price reasonableness attaching any supporting documentation you may have. Please explain why this supplier was selected, and why their price is reasonable, in the box below. If this is the only vendor who can provide this good or service, then please complete and attach a Single Source Justification instead.
  9. In the Price field enter the total estimated dollar value of the software.
  10. Attach any required or relevant documents.
  11. Add the form to your cart. 

           •  In the BearBuy cart, use the Taxable checkbox to indicate if the transaction is taxable:

a) The taxability of the Software can vary. If the software is delivered through physical media (e.g. hardcopy CD or thumb drive), the software is taxable. In the BearBuy cart, ensure the taxable checkbox is checked for the Software License Price line.

b )If the software is delivered electronically, it is not taxable. In the BearBuy cart, ensure the taxable checkbox is NOT checked for the Software License Price line to indicate the software is not taxable.

  1. Process your cart as you would for standard BearBuy orders.
  2. A Supply Chain Management Buyer will facilitate completion of your transaction regardless of dollar value.   

Accounting Guidance

When purchasing software for campus, review the matrix below to assign your BearBuy order to the appropriate account number. Orders assigned to the business unit “SFCMP” are campus. 

Software for capitalization must meet the following criteria:

  1. Has a unit value (per copy) or system value of $5,000 or more.
  2. Has a normal (useful) life expectancy of a year or longer and is not expendable.
  3. Lacks physical substance.  The asset may be contained in or on an item with physical substance, for example a compact disc in the case of computer software.

Any software purchased by Agency Funds (2XXX series) can only be expensed; not eligible for capitalization.

The four-digit equipment custody code is not needed in BearBuy for this type of purchase.  

description account expense capitalize
Software Maintenance/Assurance Plan/Service Agreement (which may include: maintenance, help desk support, license fees, training, upgrading and enhancements) 55053 X  
Hardware Maintenance/Assurance Plan/Service Agreement (which may include: maintenance, help desk support, license fees, training, upgrading and enhancements) 55052 X  

Perpetual license
Cost per license is $5,000 or more

51323 (sponsor project)
52602 (non-spon proj)


Software System
System value greater than $5,000

51323 (sponsor project)
52602 (non-spon proj)


Software (Microsoft suite, Adobe)
Unit value/system value less than $5,000 per copy

52305 X  
Software purchased separately for an existing piece of inventorial equipment is considered a replacement/supply and is expensed. 52311 X  
Consultant Services that are directly attributed to a specific software application which include: Design of selected software include configuration and software interfaces. Coding, testing including parallel processing phase.

51323 (sponsor project)
52602 (non-spon proj)

Consultant Services not associated with a specific software application. 55102 X  

Important Links and Information