Technology Security Assessment (Software)

We Help You Choose Compliant, Compatible Technology

ITCS evaluates new and existing software for verification of compliance regarding HIPAA, FERPA, SSN/PII, PCI and other sensitive data types.

When is a Technology Security Assessment Necessary?

  • Department purchases a new technology
    • Requisition - Materials Management submits the assessment request.
    • ProCard - The department submits the assessment request.

  • Department already owns a technology, and...
    • ...the technology has never been assessed. The department submits the assessment request.
    • ...the technology's use case has altered, and a re-assessment is necessary. Cloud-based solutions utilizing sensitive data are reviewed ANNUALLY or during renewal cycle. The department submits the assessment request.
    • Additional guidance for ONLINE INSTRUCTIONAL TOOLS is found:

  • Department is contemplating a software purchase (department submits the assessment request)

    What Information Do You Need?

    Required information for a cloud-based solution:
    • Vendor's geographic location or third-party data center
    • Vendor's (or third party's) security policy
    • Authentication process and user login URL
    • The software's auditing capabilities
    • Username and password configuration including encryption methods
    • Data encryption details in both transit and storage
    • Your Business Continuity Plan if the software/application is unavailable
    • Hosting entity's Disaster Recovery Plan
    • Hosting entity's report or letter certifying a successful SSAE16 or SOC report issued by a credentialed auditing firm within the last year
    Required information for a hosted, onsite solution:
    • Authentication process
    • Software's auditing capabilities
    • Data storage location
    • Username and password configuration plus encryption methods
    • Your Business Continuity Plan if the product is unavailable

      ITCS Technology Assessment

      Assessment Workflow

      For information on the software assessment workflow, visit the project office website.