Body
Effective March 30, 2026, the UIC Security & Privacy Risk Assessment questionnaire will be required for all software purchases submitted on an iBuy requisition where the third-party vendor will be hosting or have access to University data and/or network. This questionnaire collects information related to the classification of the data that will be shared with the third party as well as information to determine if there are FERPA, HIPAA, Privacy, and/or Security risks that need to be addressed.
The Security & Privacy Risk Assessment questionnaire can be accessed at go.uic.edu/risk. Please note that Business Owners will need to obtain IT security and privacy documentation from their vendor and attach those to the questionnaire. This will aid in expediting the risk assessments. If you have questions or concerns about the Security & Privacy Risk Assessment process, UIC units can reach out to security@uic.edu.