This policy establishes requirements that address system and services acquisition controls for Department of Administrative Services (DAS)-managed information systems, information technology (IT) products, and IT services. This policy outlines the steps that need to be taken at each stage of the system development life cycle (SDLC) to protect DAS IT resources.