IT Purchase Compliance includes Purple data

The Office of Information Technology (OIT) Security and Compliance requires that any IT purchase that involves Purple or ultra-sensitive data, regardless of cost, be submitted for an IT Purchase Compliance review. 

An IT product or service must be reviewed before it is purchased to ensure compliance with university standards and federal and state guidelines.

OIT’s IT Purchase Compliance currently requires a review of all IT purchases of $5,000 or more and all HIPAA, International Traffic in Arms Regulations (ITAR) and Payment Card Industry (PCI)-related purchases, regardless of cost.

To learn more about this review process, see IT Purchase Compliance.

If you have any questions, email