This announcement applies to University of Illinois Springfield Units only.
We are excited to introduce a new questionnaire to gather crucial details about third-party systems hosting university data. When departments plan to purchase services involving third parties handling university data, they must complete the new Lightweight Risk Assessment questionnaire beforehand. The Lightweight Risk Assessment's length varies based on user responses. Certain choices trigger additional questions; for instance, if Social Security Numbers are involved, more information is required for the risk assessment. University of Illinois Springfield units should indicate their affiliation at the start to ensure the results are directed to the correct group.
As vendors increasingly shift towards hosted solutions instead of on-premise setups, the controls implemented by third-party providers become increasingly crucial for the university. Our goal is to guarantee that the external environment where university data is stored maintains security standards equivalent to those of our internal university network systems.
The Lightweight Risk Assessment can be found here: https://go.uillinois.edu/lra. A Lightweight Risk Assessment must be submitted along with all iBuy requisitions for IT services where a third party will be handling university data. A link to the Lightweight Risk Assessment will also be available on the "Instructions" tab of the iBuy Purchase Requisition Form.
Contact
If there are any questions about the questionnaire or this new process, please contact aitsesa@uillinois.edu.
