Technology Security Assessment

Support

An ITCS technician will respond to support requests during regular operating hours.

 Phone: 252-328-9866 / 800-340-7081

Submit a Ticket

Overview

We Help You Choose Compliant, Compatible Technology

ITCS evaluates new and existing technology for colleges/departments to ensure compatibility with ECU’s platforms and infrastructure (network, application and environmental controls) to identify any potential security threats. This assessment also includes verification of compliance regarding Protected Health Information (HIPAA), Academic (FERPA)SSN/PII (ITPA)Credit Card Numbers (PCI), and other sensitive data types.

When is a Technology Security Assessment Necessary?

  • Department purchases a new technology
    • Requisition – Materials Management submits the assessment request.
    • ProCard – The department submits the assessment request.
  • Department already owns a technology, and…
    • …the technology has never been assessed. The department submits the assessment request.
    • …the technology’s use case has altered, and a re-assessment is necessary. Cloud-based solutions utilizing sensitive data are reviewed ANNUALLY or during renewal cycle. The department submits the assessment request.
       
  • Department is contemplating a software purchase (department submits the assessment request)

Related Links

Software Accessibility Review Request - Complete this request to have a software purchase reviewed for accessibility based on Section 508 guidelines and W3C Content Accessibility Guidelines.

Available To

Faculty, Staff, Researchers

Get Started

What Information Do You Need?

Required information for a cloud-based solution:

  • Vendor’s geographic location or third-party data center
  • Vendor’s (or third party’s) security policy
  • Authentication process and user login URL
  • The software’s auditing capabilities
  • Username and password configuration including encryption methods
  • Data encryption details in both transit and storage
  • Your Business Continuity Plan if the software/application is unavailable
  • Hosting entity’s Disaster Recovery Plan
  • Hosting entity’s report or letter certifying a successful SSAE16 or SOC report issued by a credentialed auditing firm within the last year

Required information for a hosted, onsite solution:

  • Authentication process
  • Software’s auditing capabilities
  • Data storage location
  • Username and password configuration plus encryption methods
  • Your Business Continuity Plan if the product is unavailable

Related Policies and Guidelines

Fees

No fees are associated with this service.

 
Submit a Ticket

Details

Service ID: 11812
Created
Thu 1/21/16 3:57 PM
Modified
Wed 4/3/24 10:04 AM
Service Owner
Information Security