Third Party Review
The Third Party Review, also known as the Vendor Risk Assessment, is the process of assessing the risk associated with Third Party (vendor managed) services that store or process university information.
The Third Party Review covers these areas:
- Service Duplication: A comparison is done with the functions of the cloud service being requested and existing pre-screened cloud services already in place. This step is taken to reduce cost and the overhead required to onboard a new cloud service.
- Security Assessment: The Third Party Review assesses the security controls a third party has implemented to protect university information. These requirements depend on the type of information that will be stored or processed by the Third party.
- Technical Assessment: Assesses if the service can run in our computing environment and if it can integrate with other systems if integration is needed.
- Accessibility Assessment: We partner with the Student Access office to determine if student facing applications can be used with the accessibility tools provided by the university.
Why do we perform these assessments?
According to Whistic, 47% of businesses they surveyed experienced a data breach. 80% of these breaches were attributed to a third party vendor. The university’s cyber insurance underwriters require that the university maintain risk assessment and risk management strategies. The Third Party Review is a part of the university’s risk management strategy.
What is the process?
The following is an overview of the third Party Review Process:
- The Third Party is asked for a standard set of information that is used for the assessment. For services that collect very sensitive information, additional reports are requested.
- The Third Party is asked for information regarding any system or data integration
- The service requestor is asked to provide some standard information to determine what the university’s requirements are for the service.
How long does this process take?
This process can take 10 business days or more. This length of time taken is highly dependent on how fast the Third Party and the university stakeholder provides the requested information.
How is the Third Party Review Initiated?
The third Party Review is triggered by one of the following:
- A new Cloud Service Purchase Request
- A Project Request submission
- A significant change in the information stored on a cloud service
- 5 Years since the last Third Party Review was conducted.
-
Resources for Current StudentsToolsAcademic ResourcesAccessibility & Support ProgramsBilling & Financial AidCampus Life
- Athletics (Adelphi Panthers)
- Bookstore
- Bhisé Center for Global Understanding
- Clubs & Activities (MyAULife)
- Commuter Student Services
- The Delphian (Student Newspaper)
- Diversity, Equity, Inclusion & Belonging
- Dining Services & Meal Plans
- Interfaith Worship
- Locker Rentals
- Lost & Found
- Multicultural Center
- Residential Life & Housing
- Student & Community Engagement
Career ServicesCourses & RegistrationDisclosures & InfoGraduationHealth & WellbeingLibrary ResourcesSafety & TransportationStudent Conduct & Concerns -
Resources for FacultyToolsAcademicsResources and PoliciesSupport and Community
-
Resources for StaffToolsResources and PoliciesSupport and Community
-
Resources for Parents & FamiliesAcademicsFinancial ServicesHealth & SafetyResources
-
Resources for Alumni & FriendsExtraordinary ImpactNews and Events
-
Resources for Local CommunityFor Kids & Future College StudentsFor Art & Culture LoversFor FitnessFor Lifelong LearnersFor Those Who Need SupportFor Those Giving Back to the CommunityFor Vendors