System and services acquisition policy
system and services acquisition procedures
procedures addressing the integration of information security and privacy requirements, descriptions, and criteria into the acquisition process
procedures addressing the disposition of personally identifiable information
solicitation documentation
acquisition documentation
acquisition contracts for the system or system service
personally identifiable information processing policy
service level agreements
information sharing agreements
memoranda of understanding
system security plan
privacy plan
privacy impact assessment
privacy risk assessment documentation
other relevant documents or records