Buying Software and Cloud Computing

The Software & Cloud Computing Form in BearBuy is required to purchase:

  • Cloud computing services, defined as a model for delivering applications, information, infrastructure or services as pools of resources via the internet (for definitions and examples, refer to IT Security Cloud Computing Guidance)
  • New software or software licenses (other than the exclusions listed below)
  • Software license agreement renewal or software maintenance contract renewal when the supplier has access to UC PHI or UC non-public information, information resources or protected information (defined in Appendix DS), or the scope of work has changed.


The following types of software do NOT need to be ordered on the BearBuy Software form:

  • Single-user desktop software that does not interface with other UCSF systems or connect to the internet to store or transmit UCSF data
  • Software embedded in hardware or equipment
  • Software provided by UCSF IT, e.g., Microsoft Office 365 or Pulse Secure VPN. For assistance, contact IT Service Desk at (415) 514-4100
  • Software sold by UCSF Library (discounted pricing available): SAS, SAS Server, SPSS, JMP, NVivo. Please order directly through UCSF Library. The library also provides links to software (including MATLAB, ArcGIS, Stata) available with academic pricing through other sources.
Microsoft, Adobe, Netskope,  Microfocus Dell Dell punch-out [email protected]
Software available from SHI SHI SHI punch-out [email protected]
EndNote* Clarivate Non-Catalog FormAmount-based PO Lauren Zellner (480) 550-8573 or Boaz Levin (215) 837-7637
VMWare Bedrock Technology Partners LLC Non-Catalog FormAmount-based PO Ibrahim Ibrahim
Twilio Twilio Non-Catalog FormAmount-based PO Brandon Crutchfield (408) 250-4941

*Pricing for EndNote from Clarivate is currently $106 for staff/faculty/student licenses, $90 for upgrades of existing licenses; no additional discounts for bulk buys.

Do not use the BearBuy Payment Request Form or UCSF Procurement Card (P-card) to purchase software, software licenses or cloud computing services. The "subscriptions" option on the Payment Request Form is intended only for periodicals, such as newspapers or magazines.

UCSF IT Security Risk Assessment

According to the UC Electronic Information Security policy (BFB IS-3), all systems that create, store, process, or transmit data internally at UCSF or externally through a supplier or other third party must be assessed for risk. This applies to all UCSF data, including but not limited to PHI, PII, PCI, RHI, FERPA and other restricted or sensitive data. UCSF prioritizes the highest-risk systems for a full security risk assessment.

If you are purchasing a software product or cloud service that creates, stores, processes, or transmits UCSF data, a full security risk assessment may be required.  

  • Before placing your order in BearBuy, contact IT Security at [email protected] to determine whether a risk assessment is required.
  • For more information on the risk assessment process, including how to request an assessment, what supporting documents are required, and what to expect during the process, visit the IT Security Risk Assessment page.

BearBuy Instructions - Software & Cloud Computing Form

When you are ready to place your order, follow the instructions below.

Accounting Guidance

When purchasing software for campus (business unit "SFCMP"), review the matrix below to assign your BearBuy order to the appropriate Account. After adding the Software form to your cart, click Proceed to Checkout to enter the Account in the Accounting Codes section of your order. This will override the Commodity Code selected on the form.

  • Note: Any software purchased by Agency Funds (2XXX series) can only be expensed; not eligible for capitalization.
  • The four-digit equipment custody code is not needed in BearBuy for this type of purchase.
Software Maintenance/Assurance Plan/Service Agreement (e.g., maintenance, help desk support, license fees, training, upgrading and enhancements) 55053
Hardware Maintenance/Assurance Plan/Service Agreement (e.g., maintenance, help desk support, license fees, training, upgrading and enhancements) 55052
Perpetual license, cost per license is $5,000 or more 51323* (sponsored) or 52602* (non-sponsored)
Software System, value greater than $5,000 51323* (sponsored) or 52602* (non-sponsored)
Software/System, unit value less than $5,000 per copy 52305
Software purchased separately for an existing piece of inventorial equipment 52311*
Consulting Services directly attributed to a specific software application; design of selected software (configuration, interfaces), coding, testing (parallel processing phase) 51323* (sponsored) or 52602* (non-sponsored)
Consulting Services not associated with a specific software application 55102

*capitalized expense

Contractual Risks Associated with Software Purchases

Part of what has been recognized in regards to cloud computing and software purchases is a particular exposure to contractual risk with such purchases. For example, it is quite common for such purchases to be accompanied by very easy-to-execute “click through” agreements, using Supplier terms and conditions.

“Click-through,” “shrink-wrap” and similar supplier terms/agreements may constitute legally binding agreements, binding UC to their terms.  Acceptance of such terms as written could expose the University to unacceptable and costly risks, including but not limited to being liable for using infringing software; being liable for third party acts or omissions (i.e., a direct violation of a UC Standing Order); HIPAA violations; possible mishandling of sensitive data; intellectual property concerns; and non-compliance with laws/regulations/policies of Federal, State, UC, funding agency entities.

Such "click-through" agreements for software or services available on the Internet are not approved by UCOP or UCSF legal and procurement departments; moreover, only authorized individuals can enter into agreements for UC. Therefore, please avoid clicking-through on such agreements and instead please use the BearBuy Software & Cloud Computing Form to engage SCM in finalizing your transaction, including agreement terms that are compliant with regulations, UC policies, etc.

Consider using an established UC agreement that could help determine your supplier selection, improve product pricing, and offer better terms and conditions of sale. When using such an agreement, please enter the contract information (title, reference, number, etc.) in the box under “Software Information and Justification” on the BearBuy Software form.

Software Suppliers That Do Not Accept Purchase Orders

Software and cloud computing purchases can potentially expose the University to risk from legally binding agreements and data security. To mitigate this risk, BearBuy purchase orders (POs) should be created for software purchases. POs contain UC terms and conditions that are shared with suppliers, which can help protect University interests.

However, not all suppliers accept POs. These purchases require additional review by SCM and IT Security to determine if the software meets UC terms and conditions of purchase and IT Security standards before the purchase can be made. 

If you have a software supplier that will not accept a BearBuy PO, follow the steps below to facilitate this review before the purchase:

  1. Complete the Software Purchase Form for Suppliers That Do Not Accept Purchase Orders
  2. Contact IT Security at [email protected] to confirm if an IT Security Risk Assessment is required for the purchase (but see exclusions listed above). Then, complete the IT Security Risk Assessment or obtain the Risk Assessment Intake Email Response (stating no risk assessment is required).
  3. Email the above form, IT Security documentation, and all other supporting documentation to SCM at [email protected].
  4. SCM will review all this information and coordinate with you on the purchase.


Last updated: August 2023