The Risk and Compliance process consists of the following steps:
To protect university confidential and highly confidential data, including PHI, the RAC team assesses the security and practices of all third-party vendor server applications and cloud services.
Third party vendors must:
Requests are processed in order received. Timelines depend on responsiveness and complexity, typically taking 10–15 business days. More details are on the Technology Risk Assessment webpage (SSO required).
To get started, Complete the Technology Risk Assessment form.