Security Review

This service provides a formal security assessment of systems, applications, vendors, processes, or projects to ensure they meet organizational security standards and regulatory requirements. The Security Review helps identify potential vulnerabilities, evaluate data protection controls, and provide recommendations to reduce risk and strengthen overall security posture. This service supports responsible decision-making and helps safeguard institutional data and technology resources.

What’s Included

  • Security assessment of applications, vendors, systems, or workflows

  • Review of data handling, storage, and transmission practices

  • Evaluation of compliance with institutional policies and regulatory requirements

  • Risk rating and documentation of findings

  • Recommendations for mitigation or required security controls

  • Coordination with IT, Risk Management, Legal, and Procurement

  • Follow-up consultation as needed for remediation planning

Who Can Request This Service

  • Department leaders and managers

  • Project managers and technical teams

  • Procurement staff evaluating new products or vendors

  • Researchers or staff handling sensitive or regulated data

  • Any employee launching a new system, tool, or process involving institutional data

When to Use This Service

Submit a Security Review Request when:

  • Procuring or contracting a new vendor, software, or cloud service

  • Implementing a new system or making major changes to an existing one

  • Handling sensitive, confidential, or regulated data (e.g., FERPA, HIPAA, PCI)

  • Integrating third-party tools or enabling data sharing

  • Unsure whether a project or workflow meets security requirements

Requirements Before Submitting

Please include:

  • Description of the system, service, or vendor

  • Type of data involved (public, internal, confidential, regulated)

  • Purpose and scope of the project

  • Any available documentation (security questionnaires, architecture diagrams, contracts/SOWs, vendor security docs, etc.)

Fulfillment Time

Dependent on complexity and documentation availability; initial review typically begins within 3–5 business days.