Security Requirements for IT Purchases

Per University policy, all technology purchases must go through the IT Compliance process. As part of that process, the security team will conduct a review. During this review, the technology will be assigned the appropriate data classification level so that security can ensure compliance with the applicable security requirements for that level. vendors must demonstrate compliance with the University of Missouri IT Security requirements.

Security and IT Compliance will work with the vendor to have them provide information and documentation that ensure they meet the minimum security requirements for the identified DCL. Vendor responses will be reviewed and remediation measures may be suggested for any areas that fall short of the minimum security criteria.

The security requirements are subject to additions and changes without warning. The University of Missouri reserves the right to periodically assess the hardware and/or software infrastructure to ensure compliance with industry best practices and these standards.