Privacy Considerations for UNH IT Vendor Contracts
Contracts for information technology services establish important expectations and requirements and must include assurances on the appropriate levels of protection of information and privacy. The UNH Guidelines for Safeguarding Privacy When Sharing Data with Third Parties will help guide you during this process and should be used when developing, reviewing and/or updating a contract.
Contact ISS to obtain the most recent version of these guidelines
Security Assessment Review (Application Service Provider Contracts Security Questionnaire)
Technology vendors which would host UNH information on non-UNH servers must demonstrate compliance with UNH’s Application and/or Service Provider Standards by responding in writing to the appropriate security review questionnaire. Different versions of the questionnaire are available for confidential and public-only information. Vendors which provide applications that would be installed on UNH servers so that all data remains hosted at UNH are not required to undergo a security review.
To determine if a review is required, please contact ISS.
In order to facilitate a review in a timely and controlled manner, ISS recommends the UNH person or department interested in the vendor's technology services review the Security Assessment Review process document and takes the following actions:
Contact ISS to obtain the most recent version of the questionnaire
Vendor Non-Disclosure Agreement (NDA)
Technology vendors are required to complete and return an NDA prior to pre-contract negotiations with the university and/or if the vendor will be provided access to UNH data, for example, to facilitate application configuration or installation.
Contact ISS to obtain the most recent version of the NDA
Return to ISS Homepage
Article ID: 226
Created On: Mon, May 4, 2015 at 10:09 PM
Last Updated On: Wed, May 8, 2019 at 10:31 AM
Online URL: https://www.unh.edu/it/kb/article/vendor-contracts-privacy-considerations-security-review-and-nda.html