Across U.S Federal Regulations for HIPAA, FERPA, GLBA, as well as European Union (E.U.) Regulations for GDPR or standards such as the PCI DSS, is a common requirement for periodic risk assessments. The information in this category describes the Office of Information Security's Risk Management Program and related components such as Risk Assessments, Third Party Risk Management, and Vendor Risk Management.