The purpose of this policy is to provide information security assessment and Ohio Department of Administrative Services (DAS) Office of Information Security & Privacy (OISP) security approval requirements for DAS-managed information systems and services.