Vendor Assessment Form — Information Security Office

Your Name

Your E-Mail Address

Phone number

Department Name

Vendor Name:

Vendor Web Site:

1. What is the primary service that this vendor will be providing to you?

2. Will the vendor be responsible for services, software or hardware that process, store or transmit University data (i.e. configuring or installing routers, VPN devices, creating reports, webpages, etc.) by?

a. providing software or hardware

b. configuring software or hardware

c. installing software or hardware

d. developing software

e. not applicable

3. What data elements (fields) will be shared, collected, processed or managed by the vendor or in performing the services noted above? Examples include name, social security number and date of birth.

4. Do the data elements fall under the definition of "sensitive data" and protection by University policy and or regulatory requirements (HIPAA, FERPA, HB5, PCI, Export Control, Research, etc)? See definition of Sensitive Data linked below.

Yes

Not Applicable

Please verify by checking the definition of Sensitive Data (PDF) to answer question the next question..

If your answer was YES to question 4, which data elements fall under the definition of "sensitive data", please specify:

5. Have compliance officials been included in the process (check all that apply)?

a. Export Controls - Will Metcalf

b. FERPA - Sherri Pawson

c. HIPAA - Stacie McCutcheon

d. House Bill 5 - Kim Adams/Dave King

e. ITS Enterprise Security for Firewalls, network connectivity, custom Firewall,VLAN segregation, etc.?

f. Information Security Office - Kim Adams

g. PCI - Merchant Services - Jill Riede

h. All of the above.

i. Not at this point.

6. Has the vendor discussed or mentioned that subcontractors or other service providers will be involved in the process? Example: Any cloud based data storage. If other contractors will be involved please explain here. (Example: AWS)

6. What type of authentication method do you intend to use? Example: ULink userid and password

7. Acknowledgement:

This form has been filled out to the best of my ability and in accordance with University Policies and regulatory compliance requirements.

Thank You for your submission. For additional assistance please contact the Information Security Office at isopol@louisville.edu or Kim Adams at 852-6692.

Information Security Office

University of Louisville

Louisville, Kentucky 40292

Office Hours

M-F 8:00am to 4:30 pm

Closed Holidays

Phone

tel (502) 852-8305

tel (502) 852-0665

isopol(@)louisville.edu

Adobe Acrobat Reader Download