oneColumn
Third Party Risk Management
UNF has a process to review all third party software and integrations used by the university. All new data integrations are reviewed during the contract review process. Existing integrations are reviewed during contract renewal (once every 5 years) or after relevant security alerts. UNF leverages the BitSight platform to calculate risk combining:
- The third party's BitSight Security Rating
- The classification of the data being used by the third party based on the UNF Data Classification Policy
Based on these data elements the following documents could be required from the third party:
- SOC2 or SOC3 report on the hosting facility
- Completed HECVAT Full or HECVAT Lite
- Copy of the most recent Privacy Policy