Tools & Services

Browse tools, software and programs that have been vetted by our security and compliance team and are supported by our service desk.

Technology Risk Assessment

Category: IT Security OIT - Categories Audience: Faculty Staff
Third-party vendor apps and cloud services can pose risks to the university. To reduce these risks, the Risk and Compliance (RAC) team reviews vendors handling confidential or highly confidential data, including HIPAA, FERPA, and PCI.
Get Started

Overview: Risk and Compliance (RAC) Process

 

A wheel with the different steps listed showing the order of the RAC process.

 

The Risk and Compliance process consists of the following steps:

  1. Assessment request is submitted
  2. An initial review and department Q&A
  3. The vendor will be engaged by the RAC team
  4. Analysis of the vendor-provided information, and vendor Q&A with RAC team
  5. Close out (approved, approved with conditions, denied)
  6. Requesting department will purchase the approved software/application with university procurement (PSC)
  7. Department will resubmit an assessment request when it is time to renew the software or application license (this could be annually or custom duration depending on the contract agreement)

 

Compliance Requirements

To protect university confidential and highly confidential data, including PHI, the RAC team assesses the security and practices of all third-party vendor server applications and cloud services. 

Third party vendors must:

  • Prevent the loss, theft, unauthorized access and/or disclosure of university data
  • Destroy data when no longer needed per university data owner instructions
  • Have incident response procedures and reporting requirements in case of a breach

 

Timeline 

Requests are processed in order received. Timelines depend on responsiveness and complexity, typically taking 10–15 business days. More details are on the Technology Risk Assessment webpage (SSO required).
To get started, Complete the Technology Risk Assessment form.

 

Digital Accessibility

The RAC process includes working with vendors to ensure that technology procured by the university is inclusive and accessible. The RAC process collects a Voluntary Product Accessibility Template (VPAT) and accessibility questionnaire from the vendor to produce a digital accessibility risk assessment.  For reference, visit our CU Anschutz Procuring Accessible IT guide.
This assessment provides insight into the technology's digital accessibility level of compliance and is sent back to the original requestor.

 

Other University Teams to Contact for Process

 

Resources

H2 here, starting a main section.

Main sections in this template are separated by 10px, colored padding widgets. Integer ut facilisis felis. Integer porta felis odio. Sed venenatis nibh ex, faucibus facilisis nisl euismod vel. Sed blandit aliquam nibh rhoncus malesuada.

Sed venenatis nibh ex, faucibus facilisis nisl euismod vel. Sed blandit aliquam nibh rhoncus malesuada

This is really important.

Sed venenatis nibh ex, faucibus facilisis nisl euismod vel. Sed blandit aliquam nibh rhoncus malesuada.

Sed venenatis nibh ex, faucibus facilisis nisl euismod vel. Sed blandit aliquam nibh rhoncus malesuada

Click this link if you want to see something cool.

[tab 2 content - click edit to update]

Another H2 here, starting a new main section.

Let's do four columns this time. Main sections in this template are separated by 10px, colored padding widgets. Individual line items are separated by 1px padding widgets. Integer ut facilisis felis. Integer porta felis odio. Sed venenatis nibh ex, faucibus facilisis nisl euismod vel. Sed blandit aliquam nibh rhoncus malesuada.

Go ahead and click this

A calm, rocky mountain stream in Winter.

This is just an H3 to start a subsection.

Donec aliquet pulvinar felis, sit amet tempor orci lobortis eu. Duis sit amet metus efficitur, ornare risus nec, iaculis nunc. Suspendisse ut vehicula quam, vitae vehicula nisi.

Let's get something started here

Information Strategy and Services

CU Anschutz

Fitzsimons Building

13001 East 17th Place

Aurora, CO 80045


CMS Login