Laptop with encryption lock
Hook with information attached
Envelope with locked page icon
Phone with lock

Security Guides and Policies

Security Tools and Services

Search all tools and services using the search bar.

Software and Applications Assessment

Category: IT Security OIT - Categories Software Audience: Faculty Researchers Staff
In order to protect university confidential and highly confidential data, including PHI, the risk and compliance team assesses the security and practices of all third party vendor server applications and cloud services.
Request Review

Third party vendors are now subject to the same Security Rule requirements as Covered Entities, and are also subject to relevant sections of the Privacy Rule and the HITECH Breach Notification Rule. In order to protect university confidential and highly confidential data, including PHI, the risk and compliance team assesses the security and practices of all third party vendor server applications and cloud services. Third party vendor applications include those that process, transmit or store PCI (Payment Card Industry) data.

Third party vendors must:

  • Prevent the loss, theft, unauthorized access and/or disclosure of university data
  • Destroy data when no longer needed per university data owner instructions
  • Have incident response procedures and reporting requirements in case of a breach

Need an Assessment

Learn more about the assessment process. Reach out to the Risk and Compliance (RAC) team to determine if an application is approved for use.

Additional Resources