Resource Catalog

The six phases of the third-party assessment (3PA) process. This process must be completed prior to sharing any institutional data with a third party. The assessment offers: 1. A review of the data classification and contract requirements based on the data to be shared with the third party. 2. A review of the privacy policy of the third party to ensure they are not collecting data without IU's knowledge, claiming data ownership, or sharing it with other third parties without IU's approval. 3. A review of the data requested to ensure it meets regulation requirements and has a legitimate educational interest. 4. If Personally Identifiable Information (PII), restricted, or critical data are involved it will include a review of the vendor's HECVAT submission. This survey is given to assess the third parties' security readiness.