System and Services Acquisition (SA)

Purpose – 

The System and Services Acquisition Policy and associated controls help ensure that systems, system components, and services that are acquired are compliant with Tarleton State University (Tarleton) information security standards and are compatible with existing information resources, have sufficient documentation, and are an efficient use of funds.  

---

Scope and Roles – 

This policy applies to information resources owned or managed by Tarleton. The intended audience includes all involved in hiring and personnel management, the Tarleton Chief Information Officer (CIO), Chief Information Security Officer (CISO), and information resource owners and custodians. 

---

Compliance – 

System and Services Acquisition controls are implemented to ensure compliance with the Texas Department of Information Resources (DIR) Security Control Standards Catalog as required by Title 1 Texas Administrative Code (TAC) §202.76, and Texas A&M University System (TAMUS) Regulation 29.01.03, Information Security.