Section 12.105 Acquisition and Procurement Flashcards
Objectives 1.3 Explain the importance of change management processes and the impact to security. Objectives 4.1 Given a scenario, you must be able to apply common security techniques to computing resources. Objectives 4.2 Explain the security implications of proper hardware, software, and data asset management.
Acquisition
Process of obtaining goods and services
Procurement
Entire process of sourcing and obtaining those goods and services, including all the processes that lead up to the acquisition
New piece of software: Organisations will have a structure in place to purchase
Conducting the acquisition and procurement process:
Company Credit Card
Understand the different types of purchase options
○ Quick purchase of low-cost items
○ Transaction limits and item restrictions
e.g Printer ink
Conducting the acquisition and procurement process:
Individual Purchase
Understand the different types of purchase options
○ Employee purchases then seeks reimbursement
○ Used in emergencies or when no company credit card is available
e.g Company travel - flights, hotel etc
Conducting the acquisition and procurement process:
Purchase Order (PO)
Understand the different types of purchase options
○ Formal document issued by the purchasing department
○ For larger, more expensive purchases
○ Dictates payment terms (NET 15, NET 30, NET 60)
NET meaning how long they have to pay you back (SLA’s)
Internal Approval Process
■ Ensures purchase alignment with company goals
■ Validates budget allocation
■ Assesses security and compatibility with existing infrastructure
Post-Approval Procurement
■ Product compatibility assessment
■ Security checks and configurations
■ User training
■ Integration into the existing workflow
