The Vendor Security Assessment process ensures that third-party service providers handling URI data meet appropriate security standards. ITS Security conducts these reviews as part of the IT Contract Review process to protect University systems and comply with data protection regulations. This is required for any department contracting with vendors who may store, process, or access sensitive or restricted data.
Executive Lead
Michael Khalfayan
Technical Lead
Michael Khalfayan
mkhalfayan@uri.edu
Support Team
ITS Information Security Office
About the Service:
Features
- Risk Review: Evaluates the vendor’s cybersecurity controls and classifies them as low, medium, or high risk.
- Compliance Support: Helps ensure URI meets obligations under GLBA, HIPAA, GDPR, PCI DSS, and other regulations.
- ERM Integration: Results are shared with Enterprise Risk Management to determine insurance needs.
- Third-Party Risk Visibility: Proactively identifies risks associated with data handled outside the University.
Access
Who Can Use: All URI faculty, staff, and administrative units entering into agreements with third-party vendors that involve University data.
How to Access:
- Review the IT Contract Review page first.
- Submit a Vendor Security Assessment request via the online form.
- Requests are reviewed by the Chief Information Security Officer (CISO) and updates are shared throughout the process.
Support and Training
ITS Service Desk: For questions or help submitting your request.
Additional Info: Visit the ITS Security Services page for security policies and guidance.