Vendor Assessment Form

The following information is being requested as part of the 3rd party vendor assessment process to ensure appropriate protections and safeguards of University information. Responses will be reviewed by the appropriate compliance officials to determine if additional steps, reviews or contract language is necessary to meet university or regulatory requirements. You will be notified within 2 business days of submission if additional action on your part is required. Thank you.
2. Will the vendor be responsible for services, software or hardware that process, store or transmit University data (i.e. configuring or installing routers, VPN devices, creating reports, webpages, etc.) by?  
4. Do the data elements fall under the definition of "sensitive data" and protection by University policy and or regulatory requirements (HIPAA, FERPA, HB5, PCI, Export Control, Research, etc)? See definition of Sensitive Data linked below.

Please verify by checking the definition of Sensitive Data (PDF) to answer question the next question..

5. Have compliance officials been included in the process (check all that apply)?  
7. Acknowledgement:  

Thank You for your submission. For additional assistance please contact the Information Security Office at or Kim Adams at 852-6692.