Description:
Request a review of an IT-related contract or agreement to help ensure it includes appropriate security and IT compliance terms before it is signed. Available to all university departments requesting the review of IT-related contracts and agreements (including vendor contracts, DUAs, MOUs, and NDAs). This review may be requested as part of a Technology Risk Assessment or as a standalone request.
What’s reviewed:
- Data protection terms (ownership, permitted use, retention, and disposal)
- Security requirements (controls expectations, right to audit, and incident/breach notification)
- Compliance alignment (e.g., HIPAA, FERPA, PCI-DSS, and applicable university standards)
- Vendor responsibilities, subcontractors, and hosting/data location considerations
- How university data/information is handled (who owns it, how it can be used, how long it’s kept, and when it’s deleted)
What's included:
- A summary of findings and recommended revisions (as needed)
- Approval conditions or required follow-ups, plus guidance for next steps
Who can use it:
Cost:
Free
How to proceed:
- Click on the Request Contract Review button on the right to request a review of a contract or agreement. By completing this request, you can receive support for the following:
- Contract or agreement review to ensure alignment with IT security and regulatory requirements.
- Data Use Agreement or Memorandum of Understanding review to ensure compliance with data sharing and privacy requirements.
- Non-Disclosure Agreement review to protect confidential information and ensure legal and compliance considerations are addressed.
Include the following in your submission:
- A copy of the contract/agreement (or a link to the document in your system)
- Vendor and product/service name
- How the technology will be used and what university data will be collected, accessed, stored, or shared
- Relevant timeline (e.g., signature deadline)
Additional resources:
Additional resources coming soon!