Service Description
When Vanderbilt University uses a 3rd party application or service, we outsource security responsibility to the 3rd party vendor. Their action (or inaction) can have impactful consequences, potentially leaving Vanderbilt data and operational continuity in someone else's hands.
This Vendor Risk Assessment (VRA) is intended to identify the amount of risk associated with using 3rd party applications and services. It evaluates the likelihood that the vendor will experience a security incident (i.e., their security posture) and the potential negative impact that Vanderbilt would incur if it happened (e.g., downed operations, reputation damage, regulatory violations). The VRA results in a determination of whether to proceed with the vendor engagement. It also helps identify potential security risks and provides risk reducing recommendations.
All " ___ as a Service" purchases, including software as a service (SaaS), platform as a service (PaaS), and infrastructure as a service (IaaS), should be assessed in the VRA process, regardless of cost. The process takes about 10 business days to complete on average; however, this can vary greatly depending on factors such as new vs. renewal assessments, the amount of upfront information provided, data sensitivity, the vendor's responsiveness, etc.
For more process details, review the related article, visit the VU Cybersecurity website, or contact it.risk@vanderbilt.edu.
How do I get the service?
To access this service, follow these steps:
- Review the related knowledge articles for further information.
- For help, select the "Request Service" button on this page.
- Fill in the form with all the required information.
Contact for Further Assistance:
For additional help, please contact:
- Help Desk: 615-343-9999
- You may also chat with us by using the chat function found at the bottom of the page.