Activate an optimized version of the page designed specifically for screen readers.
Outdated browsers can expose your computer to security risks. To ensure a secure experience, we recommend updating to the latest browser version. Support for this browser version will soon be discontinued.
Vendor Security Assessment: First Steps
Please fill out this form to request a security assessment for your current or potential vendor.
Vendor Name and/or Product:
Vendor point of contact, if available:
Primary Project Affiliation
Central Administration (CADM)
Chan School of Public Health (SPH)
Division of Continuing Education (DCE)
Faculty of Arts and Sciences (FAS)
Graduate School of Design (GSD)
Graduate School of Education (GSE)
Harvard Business School (HBS)
Harvard Divinity School (HDS)
Harvard Law School (HLS)
Harvard Medical School (HMS)
Harvard School of Dental Medicine (HSDM)
Kennedy School of Government (HKS)
Paulson School of Engineering and Applied Sciences (SEAS)
Radcliffe Institute for Advanced Studies
Harvard Project Lead:
Harvard Project Sponsor:
1. What service is the vendor providing or performing for Harvard?
2. What is the business need for this project and its anticipated milestones (pilot dates, go live date, etc.)? What is the risk to Harvard if this vendor can't be used?
3. What data will this vendor be receiving from Harvard? Please describe or list the general data elements, quantity of data, and highest level of data confidentiality for this shared data. (For guidance on Harvard Security Levels, please reference
4. How and where does data flow from Harvard to the vendor and back again? (If a diagram is available, please include as an upload at the bottom of this survey)
5. What Harvard population requires access to the information/system hosted by this vendor?
6. How will this Harvard population access the hosted information/system? Through what application or channel?
7. What will this authorized Harvard population do within the hosted system? (e.g. read, modify, upload files, perform transactions related to X, etc.)
8. Who is the "business" owner of the data being shared and used for this purpose?
9. Are there any other important details not captured above that IT Security should know?
If you wish to include any supporting documentation or materials, please upload them here.
Powered by Qualtrics