Description
Perform a risk-based assessment of a 3rd party/vendor's information security practices and posture.
This quick list is to assist in identifying any information security, technology, or other possible needs in order to best support your purchase.
If any of the questions below are answered yes or are a possibility, please complete and submit the 3rd party/vendor request before the signing of any contracts and before the system or application is purchased.
- Is data stored anywhere other than on a University-owned system residing on the Villanova network? (AWS, Microsoft Azure, any public or private cloud, vendor data center, etc.)?
- Are there any integrations with any already existing Villanova systems automated, manual, or otherwise needed (manual entry, export data from one system, import into this system or application)?
- Is there any PII or protected data stored such as the name or email address of any faculty, staff, or student? (SSN, DOB, FERPA, HIPAA, etc.)?
- Will this system or application be used for sensitive research or grant-funded research?
- Does the system or application require university-provided hosting services (server, storage, etc.) ?
Eligibility
This service is available for faculty and staff members
Cost
None.
How to Access and Use
To request a vendor review, create a ticket by clicking the "Submit Third Party - Vendor Security Review Request" button on this page.