When purchasing products that interact with High Risk (Level 3) and Restricted (Level 4) Data or critical systems, a particular set of requirements must be agreed to by Penn State and the vendor. The document most often used to establish that agreement is known as the Penn State Hosted Sensitive Data Addendum. OIS works closely with Purchasing and Risk Management to ensure that data security and privacy needs are balanced against university business needs. If you intend to purchase a product or service that interacts with High Risk (Level 3) and Restricted (Level 4) Data or critical systems, AD95 and its supporting standards require OIS review and approval of the vendor and agreement. OIS involvement in the planning of the purchase will reduce the time-to-approval, so please firstname.lastname@example.org as early in the process as you are able.