Skip to content

Governance, Risk, and Compliance (GRC) Third-Party Risk Review

University Purchasing and GRC have developed a process to help ensure a complete review of software and cloud-related purchases and contracts before buying, so that leadership can be more aware of the university’s vendor security and privacy posture in making risk decisions.

University Purchasing will require a Third-Party Risk Review before signing a contract. We want this process to be out of your way as you pursue the university’s primary mission. When the GRC team is engaged at the beginning of your project, they can complete most of the work before you make a vendor/solution engagement decision.

Start the engagement as early as possible by sending an email to