- Sponsor –Anyone who is engaging with a third party, who needs an Information Security Risk and Compliance review done on the engagement.
- Third Party – An outside entity wanting to engage with UR/URMC while providing a device, application, network connectivity and/or data use/exchange.
Step 1: Logging In
Access the application at: www.rochester.edu/it/3pa
As a UR/URMC sponsor, select Continue. Use your Net ID to login.
Once logged in this will be your Sponsor dashboard.
Step 2: Creating a New Assessment
Select Create Assessment
Section 1: Basic information on who the primary contact will be internally for the request.
Section 2: Third party contact information and a brief description of the product or service. If the third party contact is not able to complete the questionnaire they will have the ability to assign designates to complete.
Section 3: Include any pertinent documentation for Risk and Compliance to consider during the review. This can include REQ’s, system or data diagrams, quotes or PO’s.
Section 4: Answers to the Pre-Screen questions will determine the corresponding questions the third party will need to complete. The third party will have the opportunity to agree with the answers and move onto the questionnaire. The sponsor will be notified by email if the third party disagrees with the selected answers.
Step 3: Submit Assessment
Once the information has been completed, select Submit Assessment.
Once submitted, the third party contact will receive an email inviting them to enter the application and complete a questionnaire based on the information you have provided. If the third party does not complete the assessment, the request will be closed. Please work with your contact to ensure completion.