InfoSec Resources

Information Technology Procurement

Security Requirements for IT Purchases

As part of the selection process vendors must demonstrate compliance with the University of Missouri IT Security requirements by responding in writing to every statement and question. Vendor responses will be reviewed and remediation measures may be suggested for any areas that fall short of the minimum security criteria.

The security requirements are subject to additions and changes without warning. The University of Missouri reserves the right to periodically assess the hardware and/or software infrastructure to ensure compliance with industry best practices and these standards. Per University policy, all applications must be registered with the Division of IT, Information Security & Access Management group. Additionally, applications must be assigned the appropriate data classification level and meet the applicable security requirements for that level. All applications may also be required to undergo a security inspection.

A consultation with ISAM is required to customize requirements and to ensure the appropriate security requirements are met. This consultation can be scheduled by contacting