Technology Security Assessment

Support

An ITCS technician will respond to support requests during regular operating hours.

 Phone: 252-328-9866 / 800-340-7081

Pirate Techs Chat

Submit a Ticket

Overview

We Help You Choose Compliant, Compatible Technology

ITCS evaluates new and existing technology for colleges/departments to ensure compatibility with ECU’s platforms and infrastructure (network, application and environmental controls) to identify any potential security threats. This assessment also includes verification of compliance regarding HIPAA,FERPASSN/PIIPCI, and other sensitive data types.

When is a Technology Security Assessment Necessary?

  • Department purchases a new technology
    • Requisition – Materials Management submits the assessment request.
    • ProCard – The department submits the assessment request.
  • Department already owns a technology, and…
    • …the technology has never been assessed. The department submits the assessment request.
    • …the technology’s use case has altered, and a re-assessment is necessary. Cloud-based solutions utilizing sensitive data are reviewed ANNUALLY or during renewal cycle. The department submits the assessment request.
    • Additional guidance for ONLINE INSTRUCTIONAL TOOLS is found: www.ecu.edu/onlinetools/
  • Department is contemplating a software purchase (department submits the assessment request)

Related Links

Software Accessibility Review Request - Complete this request to have a software purchase reviewed for accessibility based on Section 508 guidelines and W3C Content Accessibility Guidelines.

Available To

Faculty, Staff, Researchers

Get Started

What Information Do You Need?

Required information for a cloud-based solution:

  • Vendor’s geographic location or third-party data center
  • Vendor’s (or third party’s) security policy
  • Authentication process and user login URL
  • The software’s auditing capabilities
  • Username and password configuration including encryption methods
  • Data encryption details in both transit and storage
  • Your Business Continuity Plan if the software/application is unavailable
  • Hosting entity’s Disaster Recovery Plan
  • Hosting entity’s report or letter certifying a successful SSAE16 or SOC report issued by a credentialed auditing firm within the last year

Required information for a hosted, onsite solution:

  • Authentication process
  • Software’s auditing capabilities
  • Data storage location
  • Username and password configuration plus encryption methods
  • Your Business Continuity Plan if the product is unavailable

Related Policies and Guidelines

Fees

No fees are associated with this service.

 
Submit a Ticket

Details

Service ID: 11812
Created
Thu 1/21/16 3:57 PM
Modified
Fri 6/11/21 7:36 AM