Software not recommended for use by DIT Security

Software Not Recommended for Use by DIT Security

Software is reviewed by various campus stakeholders they include: ADA, IT Compliance,
Privacy, Procurement and Software Licensing. Software can end up on this list because of
insufficiencies noted by any one of these groups. Given the collective time invested by each
group, if a product fails a review, a year is required before a new review can be performed so the
vendor has adequate time to correct the issue and have it independently verified.

In general, we do not encourage utilizing free software. There are risks and liability with free
software that outweigh the financial benefit. Free software will not be integrated with enterprise
systems such as Zoom and Gmail, due to the lack of assurances with the software.

As of July 2024, this is the list of software not recommended for use:

• Badgr - Did not provide adequate documentation for the Privacy (FERPA) review.
• Calendly - Did not provide adequate documentation for IT Compliance or Privacy
  review.
• Otter.ai - Did not provide adequate documentation for IT Compliance review.
• Voicethread - Did not provide adequate documentation for IT Compliance review.
• Orchard - Did not provide adequate documentation for IT Compliance review.
• Hypothes.is - Did not provide adequate documentation for IT Compliance review.
• WW Norton - Did not provide adequate documentation for the ADA review. 
• NameCoach - Tool has been discontinued by the vendor.

To initiate a new review on any of the noted software please reach out to DIT-thirdpartyreview@umd.edu to begin the process.