Trent University IT provides support to departments attempting to purchase software to ensure that it complies with all provisions of the handling sensitive information policy, and other information security standards. This process is designed to be simple and straightforward for both vendors and university employees.
Each vendor that stores or processes sensitive or highly sensitive information (as defined in the Handling Sensitive Information Policy) is required to complete an information security assessment. This process consists of the following steps:
- The vendor completes the Trent University Information Security Assessment Form (available from the link below) and returns it to either the university representative they've been working with, or the Information Security Officer directly. If the procurement is being arranged as part of an RFP process or through the Purchasing Department, this assessment will be coordinated with the vendor by the Purchasing Officer.
- NOTE: The University IT department considers the Educause Higher Education Cloud Vendor Assessment Tool as an equivalent assessment.
- The IT department will evaluate the responses relative to our guidelines and advise on next steps.
For reference, the security standards related to each question is outlined on the "Security Standards" link below.