Missouri S&T Information Technology has set up a standardized process to ensure compliance with Board Policy Manual Policy No. 12004 (BPM 12004) on IT-related purchases. This process is the culmination of partnerships with several offices and departments both at S&T and UM System.

Below is a summary of the core phases of an IT Compliance review. You can follow the provided links for more detailed information.

Information Collection

IT will begin by collecting all required information. This starts with the requester receiving a standardized form of questions to answer. These questions help each involved team within IT and UM System to review an IT-related product more effectively. If the purchase includes research instrumentation, IT Research Support will communicate with the vendor to get technical specifications for both software and hardware IT-related items.

Learn More

Legal Review

IT works primarily with the UM Office of General Counsel (OGC), UM Office of Risk and Insurance Management (RIM), but also with other strategic partners through the UM System as needed to find, file, and review all agreements about the IT-related hardware and software purchases. OGC and RIM make sure that the University’s interests are protected by ensuring all agreements meet requirements that the UM System might be obligated to follow as an instrumentality of the State of Missouri and by working to protect individual employees or departments from being sued by shifting legal risk to the University.

Learn More

Security Review

IT Security performs a thorough review of the hardware and software products in the purchase to ensure that the products meet or run per Missouri S&T, UM System, State and Federal requirements. Based on their findings, they will either clear the software or hardware for operation within a specific Data Classification Level (DCL) and sometimes with specific precautions that must be met by the requestor for the specific use case.

Learn More

Supplementary Reviews

Depending on the nature of the hardware or software product, IT might need to engage other offices and departments within S&T or UM System to ensure compliance with other campus, UM System, state, or federal requirements.

Learn More

IT Leadership Review

Once the above reviews are finalized, the information is summarized and provided to either S&T IT’s Chief Information Officer (CIO) or CIO Delegate for final approval. If the purchase is above $25,000 in total cost, the UM Vice President of Information Technology must also approve the hardware or software service.

Learn More

Completion

Once an IT-related hardware or software item is approved by a member of IT leadership, the requestor is provided with a PDF to be filed with their requisition or expense report. S&T IT adds any software related items to the campus software directory.