System and Services Acquisition Policy and Procedures | SA-1

System and Services Acquisition Policy

MCC recognizes that system and services acquisition policies and procedures are vital to reducing information security risks.

Purpose

The System and Services Acquisition Policy and associated controls help to ensure that systems, system components and services that are acquired are compliant with MCC information security standards, are compatible with existing information resources, have sufficient documentation, and are an efficient use of funds.

Scope and Roles

This policy applies to information resources owned or managed by MCC. The intended audience includes the Cybersecurity Manager, the Chief Information & Technology Officer, Information Resource Owners and Custodians.

Compliance

System and Services Acquisition controls are implemented to ensure compliance with the Texas Department of Information Resources (DIR) Security Control Standards Catalog as required by Title 1 Texas Administrative Code §202.76.

Implementation

The Cybersecurity Manager or their designee is responsible for: 

  • ensuring that this policy and supporting procedures are periodically reviewed and updated.

Last updated: 5/27/2026

Contact Hours or Questions?

Information on Tech Support