Security Requirements for IT Purchases

Per University policy, all technology purchases must go through the IT Compliance process. As part of that process, the security team will conduct a review. During this review, the technology will be assigned the appropriate data classification level so that security can ensure compliance with the applicable security requirements for that level.

IT Compliance will work with the vendor directly to have them provide information and documentation that ensure they meet the minimum security requirements for the identified DCL. Vendor responses will be reviewed and remediation measures may be suggested for any areas that fall short of the minimum security criteria.