Safeguarding private data through robust cybersecurity measures is something that UCLA continually works to enhance for the benefit of the university and its community. UCLA’s overall cybersecurity program works to protect the organization against breaches, fraud and other nefarious actions that can result when individuals have access to unauthorized information.
As a result, several features are being added to UCLA’s Third-Party Risk Management (TPRM) program. These features will further protect data and information that is shared with outside entities that provide products and services to the UCLA campus.
Please note that these new features do not apply to Mednet departments as TPRM assessments for those areas are handled separately by UCLA Health IT.
Specifically, the following improvements will be introduced:
- The TPRM process and all related documents (e.g., TPRM Lite, Ultra-Lite, and Full vendor forms) will be automated.
- Features such as dashboards will be implemented to provide better visibility to the requestor.
- The TPRM review team will be able to work on a submitted request simultaneously.
- User-friendly links will be added to integrate with our partners, including campus purchasing; privacy, accessibility, department and unit requestors; and associated third-party vendors.
These changes ensure that vendors are thoroughly reviewed, thus reducing cybersecurity risks. In addition, a list of approved vendors is now available online to help the community select products and/or services.
These features will be of particular interest to those at UCLA who need to use a new third-party product or service that accesses, creates, receives, maintains and/or transmits UC data; processes credit card transactions on behalf of the UC; and/or accesses any UC system(s) that must initiate the TPRM Assessment Process on behalf of the vendor.
As a reminder, new TPRM requests can be submitted through ServiceNow. Guided tours provide added help when submitting requests.
One online security breach is always one too many and we thank you for your continued vigilance when it comes to our cybersecurity efforts and learning more about TPRM at UCLA. We appreciate your partnership and support in maintaining a secure campus and enabling an efficient TPRM process.
With kind regards,
David Shaw
Chief Information Security Officer
Ernesto Carrasco
Director, Governance, Risk and Compliance
