MENU

Technology Security Assessment (Hardware)

We Help You Choose Compliant, Compatible Technology

ITCS evaluates new and existing technology for colleges/departments to ensure compliance regarding HIPAA, FERPA, SSN/PII, PCI and other sensitive data types.

The launch of an ITCS assessment shall occur due to the following:

  • New Technology (purchase):
    • Requisition
      • Materials Management shall submit a request to ITCS to begin the assessment process
    • ProCard
      • Department/college shall submit a completed assessment to begin the process
  • Existing Technology:
    • Technology has never been assessed
    • College/department use case has altered, deeming a re-assessment necessary*

*Cloud-based solutions utilizing sensitive data shall be reviewed ANNUALLY or during renewal cycle.

Additional guidance for ONLINE INSTRUCTIONAL TOOLS can be found via: www.ecu.edu/onlinetools/

What Information Do You Need?

If a college/department is proposing a cloud-based solution, please gather the following information before completing this assessment:
  • Geographic location of vendor or 3rd party data center
  • Description or copy of vendor or 3rd party security policy
  • Description of the authentication process along with the link (URL) in which users will access the system
  • Details on auditing capabilities of software
  • Details on username and password configuration including encryption methods
  • Details on data encryption in transit and in storage
  • Description or copy of your college/department Business Continuity Plan if the software/application is unavailable
  • Description or copy of Disaster Recovery Plan for entity hosting data
  • Report or letter from entity hosting data certifying they have had a successful SSAE16 or SOC report completed from a credentialed auditing firm within the last year
If a college/department is proposing a solution hosted onsite, please gather the following information before completing the assessment:
  • Description of the authentication process
  • Details on auditing capabilities of software
  • Details on data storage location
  • Details on username and password configuration including encryption methods
  • Description or copy of your college/department Business Continuity Plan if the software/application is unavailable

    ITCS Technology Assessment

    Assessment Workflow

    For information on the assessment workflow, visit the project office website.