Requesting a Vendor Security Risk Assessment

Overview

Per the Vendor Security Risk Assessment Operating Standard, any unit that wishes to engage with a vendor must complete the onboarding questionnaire linked below. Please initiate the risk assessment early to avoid delaying engagement with the vendor.  The questionnaire can be previewed here but needs submitted through the Request an Assessment link below.

The questionnaire provides Pitt IT Information Security with the information to understand the product or services that the vendor will provide to the University. It also defines the assessment scope, identifies the University’s potential risk, and collects the vendor’s contact information.  

For additional guidance regarding when a Vendor Risk Assessment is required, please review the Submitting a Vendor Review Overview presentation.  

Related Policies and Additional Information

Pitt IT Security

• Data Risk Classification and Compliance

University Policies Relating to Data Security

• University Administrative Computer Data (UACD) Security and Privacy AO 35
• Use and Management of Social Security Numbers and University Primary ID (UPI) Numbers CS 23
• Payment Card Handling and Acceptance FN 16
• Health Insurance Portability and Accountability Act CS 30
• Access to and Release of Education Records Act AC 04
• Computer Data Administration AO 10
• Vendor Security Risk Assessment Operating Standard