To assure UI data is handled, and systems are operated, compliant with UI policy and IT standards required by Data Classification and Standards (APM 30.11). When using, purchasing, or renewing systems or vendors, OIT requires identification of the risks associated with a particular product or service for the intended use. A Risk Assessment must be completed by the OIT Information Security Office before the University acquires or utilizes external information systems.
Vendor Security Assessment Info