Skip to main content
Skip table of contents

Software Application Approval Process

Overview

Numerous software applications are available to help us perform our daily tasks. It is essential to consult the correct documentation and policies when complying with our information security requirements.

  • Please read this policy first! The Acceptable Use Policy is the overarching policy that outlines the expectations for Thrive Team Members and the use of Thrive Technology.

  • Traditional software: If the software you are requesting is not an artificial intelligence tool, follow this Software Application Approval SOP to request a new software package that is not already included in our tenant.

  • Artificial Intelligence: If you are requesting a new AI tool, please review and follow the Artificial Intelligence Policy and the Artificial Intelligence Standard Operating Procedure.

  • External Software Collaboration: Refer to the Technology Vendor Management Policy if you are attempting to collaborate with companies outside of Thrive and use their software.

Terminology

Enterprise Applications

(evaluated by Information Security)

large software systems that automate and streamline business processes to improve productivity, efficiency, and collaboration: 

  • Purpose

    EAs are designed for large, complex environments, such as corporations and government, to help reduce complexity and enable collaboration. 

  • Features

    EAs can range from basic content management systems (CMS) to more complex software that automates routine tasks. They can also help protect data. 

  • Benefits

    EAs can help improve processes and productivity and enable cooperative workflows. 

  • Examples

    Some examples of EAs include: 

    • Accounting and billing systems 

    • Customer relationship management (CRM) 

    • Point-of-sale software (POS) 

    • Supply chain management (SCM) 

    • Enterprise resource planning (ERP) 

    • Business intelligence systems 

    • Human resource (HR) systems 

  • Delivery

    EAs can be delivered as software-as-a-service (SaaS) or on-premise tools

If there is a budgetary impact to adding any application, approval is required from the department VP or department head before proceeding.

New Application Evaluation

When a new application is requested, please submit a ticket to ithelp@thrivepet.com with a detailed description of the application/software, including its purpose.

Obtain Approval

  1. The Service Desk or the Azure Team will assess the new software and determine whether its purpose is the same as any other application currently used in Thrive. Additional departments may need to be consulted for input.

  2. If a different application other than one of our approved work applications is requested:

    1. Verify the requested application provides a service not offered in the current application database.

    2. If the requested application is unique in design, the Information Security Team will review its request for permissions.

      • Many apps ask for elevated permissions and must be reviewed.  Some examples of elevated permissions are (this is not a complete list):

        • Have full access to all files the user can access

        • Maintain access to data you have given it access to

        • Read and write access to user email

        • Have full access to the user's email

        • Have full access to the user calendar

        • Read and Write to user mailbox settings

        • Read and Write access to user mail

  3. Determine the risk of permissions vs reward based on all factors, including application and company reputation.

  4. If approval is granted, continue to Onboard the Application.

Onboard the Application

To onboard the new application, follow the approval process outlined in Section 5 of the Technology Vendor Management Policy, including approval from the Information Security, Procurement, and Legal departments.

No new application will be onboarded without these approvals.

Existing Application

These applications have already been vetted and approved, or they have been integrated with Azure.

No approval is necessary unless a licensing cost is involved.

Current approved software applications

  • Adobe

  • Microsoft Suite of Applications

  • Atlassian Confluence

  • For a complete list of approved AI applications, see Approved AI Vendors

Examples of approved applications include Adobe Suite and Calendly.

Compliance with Other Policies and Procedures

The review, approval, and exercise of authority under this procedure must comply with all applicable Thrive policies and procedures, including, without limitation:

Amendment and Revision History

We are committed to continuously reviewing and updating our policies and procedures. The Company, therefore, reserves the right to amend, alter, or terminate this policy/procedure at any time and for any reason, subject to applicable law. When material changes are made, Thrive will post the changes on our internal website and provide Team Members with subsequent notice consistent with local laws or regulations.

Department

Technology

Department Head

Joe Mazzarella, Chief Technology Officer

Subject

Microsoft Security

Last Update

October 25, 2024

Subject Matter Experts

Daniel Ochoa, Director, Microsoft Cloud Computing

Tony Ombrellaro, Director of Information Security

Data Classification

Public

Internal ☑️

Restricted

Personal Information

Updated By

Revisions

Date

Revision Number

Daniel Ochoa

First Issue

3/13/2024

1.0

updated with streamlined processes for Enterprise or non-enterprise applications

10/25/24

1.1

OFFICIAL POLICIES AND PROCEDURES ARE AVAILABLE THROUGH PNP.THRIVEPET.COM AND NOT AS A PDF.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close