System and Services Acquisition Policy and Procedures (SA-1)

Description

The university develops, disseminates, and periodically reviews/updates formal, documented procedures to facilitate the implementation of the System and Services Acquisition policy and associated System and Services Acquisition controls.

Applicability

This control applies to the university Chief Information Security Officer (CISO).

Implementation

1
The university CISO, in coordination with Information Resource owners, shall develop, document, and disseminate to units a set of controls that addresses the System and Services Acquisition of information resources. These controls should include purpose, scope, roles, responsibilities, management commitment, coordination among university entities, and compliance.
2
The CISO shall review and update the System and Services Acquisition controls as necessary.

System and Service Acquisition (SA)

System and Services Acquisition Policy and Procedures (SA-1)

Description

Applicability

Implementation

Need Help with IT Policy?

Support

FAQs

Glossary