Third-Party Vendor Security Review

Description

Perform a risk-based assessment of a 3rd party/vendor's information security practices and posture.

This quick list is to assist in identifying any information security, technology, or other possible needs in order to best support your purchase.

If any of the questions below are answered yes or are a possibility, please complete and submit the 3rd party/vendor request  before the signing of any contracts and before the system or application is purchased.

• Is data stored anywhere other than on a University-owned system residing on the Villanova network? (AWS, Microsoft Azure, any public or private cloud, vendor data center, etc.)?
   
• Are there any integrations with any already existing Villanova systems automated, manual, or otherwise needed (manual entry, export data from one system, import into this system or application)? 
   
• Is there any PII or protected data stored such as the name or email address of any faculty, staff, or student? (SSN, DOB, FERPA, HIPAA, etc.)?
   
• Will this system or application be used for sensitive research or grant-funded research?
   
• Does the system or application require university-provided hosting services (server, storage, etc.) ?

Eligibility

This service is available for faculty and staff members

Cost

None.

How to Access and Use

To request a vendor review, create a ticket by clicking the "Request Third-Party Vendor Security Review" button on this page.

Service Levels