In tight budget times, many universities are strategically outsourcing software and services to third-party vendors; however, contacting with outside vendors can raise issues concerning the security of university data on these systems. The University of Missouri has implemented a program to ensure new technology purchases are reviewed by the Information Security team prior to the finalization of a contract. This presentation will provide an overview of the processes that support this program and discuss the program's successes and challenges. Attendees will leave with a head start on a practical model for implementation on their campuses.