3PA (Third Party Assessment) has been created to evaluate any third party that will be providing a device, application, network connectivity, data use or data exchange at the University of Rochester / University of Rochester Medical Center and Affiliates (UR/URMC) . Any support related questions need to be escalated to University Information Technology (UIT) or 3PA@URMC.Rochester.edu.
  • Sponsor –Anyone who is engaging with a third party, who needs an Information Security Risk and Compliance review done on the engagement.
  • Third Party – An outside entity wanting to engage with UR/URMC while providing a device, application, network connectivity and/or data use/exchange.

Step 1: Logging In

Access the application at: www.rochester.edu/it/3pa

As a UR/URMC sponsor, select Continue. Use your Net ID to login.

Once logged in this will be your Sponsor dashboard.

Step 2: Creating a New Assessment

Select Create Assessment

Create Assessment Button

Section 1: Basic information on who the primary contact will be internally for the request.

Section 2: Third party contact information and a brief description of the product or service. If the third party contact is not able to complete the questionnaire they will have the ability to assign designates to complete.

Section 3: Include any pertinent documentation for Risk and Compliance to consider during the review. This can include REQ’s, system or data diagrams, quotes or PO’s.

Section 4: Answers to the Pre-Screen questions will determine the corresponding questions the third party will need to complete. The third party will have the opportunity to agree with the answers and move onto the questionnaire. The sponsor will be notified by email if the third party disagrees with the selected answers.

Step 3: Submit Assessment

Once the information has been completed, select Submit Assessment.


Once submitted, the third party contact will receive an email inviting them to enter the application and complete a questionnaire based on the information you have provided. If the third party does not complete the assessment, the request will be closed. Please work with your contact to ensure completion.