Third Party Risk Management

UNF has a process to review all third party software and integrations used by the university. All new data integrations are reviewed during the contract review process. Existing integrations are reviewed during contract renewal (once every 5 years) or after relevant security alerts. UNF leverages the BitSight platform to calculate risk combining:

• The third party's BitSight Security Rating
• The classification of the data being used by the third party based on the UNF Data Classification Policy

Based on these data elements the following documents could be required from the third party:

• SOC2 or SOC3 report on the hosting facility
• Completed HECVAT Full or HECVAT Lite
• Copy of the most recent Privacy Policy