Vendor Engagement

Vendor Engagement

University of Washington organizations frequently engage with vendors to upgrade existing IT services or procure new ones and UWB-IT wants to make these interactions as seamless as possible. With so many options, it can be hard to know what kind of risk is involved, if privacy requirements are being met, and what level of security is included.

From simple orders like a new piece of software that needs to run on University computers to the less conspicuous such as Internet of Things (IoT) enabled devices, interoperability, security, and risk assistance is available. Below are some common questions that most IT Vendor engagements should consider:

Does the software, device, or service connect to the UW network?

The Data Security and Privacy Agreement (DSPA) is the University's foundational agreement for vendors to sign when handling University data and providing IT-related services. This document both acts to retain ownership of UW data, limit the use of UW data to the minimum necessary to perform agreed upon services, and hold the vendor accountable in the event of a security incident. The DSPA is a template document that often requires additional language or modification of existing language. UWB-IT's Risk and Security service is ready to assist in using the DSPA and additional support is available from UW Office of the CISO.

The DSPA is a template document that often requires additional language or modification of existing language. UWB-IT's Risk and Security service is ready to assist in using the DSPA and additional support is available from UW Office of the CISO.

Learn More from UW CISO about external data sharing.

What are the Vendor's binding contractual and compliance obligations?

A few common compliance requirements for University data are FERPA, PCI, and HIPAA. It's important to know when these and other regulations apply to projects or processes you may be involved in. Service Level Agreements (SLA) help to ensure clear expectations are set and desired outcomes are met when contracting vendor services. Knowing the right questions to ask goes a long way towards a successful vendor interaction.

Service Level Agreements (SLA) help to ensure clear expectations are set and desired outcomes are met when contracting vendor services. Knowing the right questions to ask goes a long way towards a successful vendor interaction.

Contact UWB IT:

uwbit@uw.edu

425-352-3456