Vendor Risk Management Questionnaire

RWU is committed to protecting the personal information of the University community. In certain circumstances, RWU benefits from sharing sensitive data with outside vendors for business purposes. Payroll processing is one example of this. Although these partnerships are needed, they can lead to an increased risk of RWU data exposure. To help mitigate these risks, the University’s Written Information Security Program notes a safeguard measure (Safeguards, section 5) to evaluate vendors we share sensitive data with.

This safeguard is in the form of a comprehensive security controls and policies questionnaire each vendor must complete as a prerequisite to RWU sharing sensitive data.

Please take a moment to review the new procedure regarding vendor contracts where RWU sensitive data is shared in electronic or paper formats:

1. When considering contracting with a vendor or renewing an existing contract, have the vendor complete the VRM questionnaire before contract finalization.

2. Submit the VRM questionnaire to the RWU Information Security Officer (Allan Ramella – aramella@rwu.edu, 401-254-3167)

3. Once the Information Security Officer has reviewed and approved the questionnaire, submit the approval with the RWU Office of General Counsel Contract Review Form (https://www.rwu.edu/sites/default/files/downloads/generalcounsel/ogc_contract_review_form.pdf )

The new procedure will go into effect on Monday, November 2, 2020.

If you have any questions or concerns, please do not hesitate to contact Allan Ramella.

Thank you in advance for your cooperation and support.

Sincerely,

IT | Purchasing | OGC | Finance