Third Party Risk Management

Tools & Services

As part of Third-Party Risk Management, GRC will review the privacy and security compliance posture of all contracts and purchases related to university data.

Our aim is to serve as a “concierge” service to help you navigate the myriad of compliance requirements that might apply to your project.

  • If your project will result in a purchase that will store, collect, access, create, manage, process, or transmit university data, engage the GRC process at the beginning of the project to help avoid implementation delays.
  • To begin, fill out the Initial Risk Assessment ( to provide information about your project.

Vendor cooperation is by far the primary determining factor as to how long a review takes. You may be able to speed things up by taking an active role to ensure your vendor is responsive to the needs of the process.

Offered by
Governance, Risk and Compliance

Free, available upon request; required for purchases involving university data