{"id":5011,"date":"2023-10-10T10:54:29","date_gmt":"2023-10-10T14:54:29","guid":{"rendered":"https:\/\/www.trincoll.edu\/lits\/help-support\/security\/information-technology-policies-procedures\/third-party-vendor-risk-assessments\/"},"modified":"2026-03-13T13:52:41","modified_gmt":"2026-03-13T17:52:41","slug":"third-party-vendor-risk-assessments","status":"publish","type":"page","link":"https:\/\/www.trincoll.edu\/lits\/technology\/security\/governance-risk-and-compliance\/third-party-vendor-risk-assessments\/","title":{"rendered":"Architecture and Security Risk Review"},"content":{"rendered":"<h2 data-start=\"215\" data-end=\"225\">Purpose<\/h2>\n<p data-start=\"227\" data-end=\"580\">The Architecture and Security Risk Review (ASR) at Trinity College is designed to evaluate and manage risks associated with third-party vendors. This process ensures that any external entity handling Trinity College\u2019s data complies with our security and privacy standards, safeguarding the confidentiality, integrity, and availability of our information.<\/p>\n<h2 data-start=\"587\" data-end=\"604\">Why It Matters<\/h2>\n<p data-start=\"606\" data-end=\"1033\">Engaging with third-party vendors introduces potential risks to the institution&#8217;s data and information. It&#8217;s imperative to assess these risks before entering into any agreement with a vendor who will handle Trinity College data\u2014whether by using, processing, storing, or transmitting it. This review helps identify potential vulnerabilities and ensures the vendor meets the necessary security standards, protecting the institution and its data.<\/p>\n<h2 data-start=\"1040\" data-end=\"1058\">Key Definitions<\/h2>\n<ul>\n<li data-start=\"1062\" data-end=\"1259\"><strong data-start=\"1062\" data-end=\"1084\">Third-Party Vendor<\/strong>: An external company, individual, or service provider that offers products, services, or software interacting with, storing, processing, or transmitting Trinity College data.<\/li>\n<li data-start=\"1265\" data-end=\"1563\"><strong data-start=\"1265\" data-end=\"1290\">Business Unit Sponsor<\/strong>: The individual within a department or business unit who initiates the request to purchase a product, service, or software. The sponsor ensures the product aligns with the unit\u2019s goals and coordinates the procurement process, including necessary assessments and approvals.<\/li>\n<li data-start=\"1569\" data-end=\"1794\"><strong data-start=\"1569\" data-end=\"1587\">Sensitive Data<\/strong>: Any information protected by law or institutional policy due to its confidential or private nature, such as personally identifiable information (PII), financial records, medical data, and academic records.<\/li>\n<li data-start=\"1800\" data-end=\"2080\"><strong data-start=\"1800\" data-end=\"1845\">LITS IT Procurement and Business Services<\/strong>: The departments responsible for overseeing the procurement process, evaluating potential vendors, and ensuring that technology services, software, and hardware meet Trinity College\u2019s institutional standards and security requirements.<\/li>\n<\/ul>\n<p data-start=\"147\" data-end=\"387\">Having the vendor complete the Higher Education Community Vendor Assessment Tool (HECVAT) helps us review vendor security and privacy practices faster, reducing delays in reviews and implementation.<\/p>\n<p data-start=\"389\" data-end=\"493\"><a href=\"https:\/\/www.trincoll.edu\/lits\/technology\/security\/services\/third-party-vendor-risk-assessments\/higher-education-community-vendor-assessment-toolkit-hecvat\/\"><strong data-start=\"392\" data-end=\"445\">Learn how to complete and submit the HECVAT with your request<\/strong><\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Purpose The Architecture and Security Risk Review (ASR) at Trinity College is designed to evaluate and manage risks associated with third-party vendors. This process ensures that any external entity handling Trinity College\u2019s data complies with our security and privacy standards, safeguarding the confidentiality, integrity, and availability of our information. Why It Matters Engaging with third-party [&hellip;]<\/p>\n","protected":false},"author":336,"featured_media":0,"parent":11137,"menu_order":1,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"footnotes":""},"class_list":["post-5011","page","type-page","status-publish","hentry"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v24.5 (Yoast SEO v25.8) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Architecture and Security Risk Review - Library &amp; Information Technology Services<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.trincoll.edu\/lits\/technology\/security\/governance-risk-and-compliance\/third-party-vendor-risk-assessments\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Architecture and Security Risk Review\" \/>\n<meta property=\"og:description\" content=\"Purpose The Architecture and Security Risk Review (ASR) at Trinity College is designed to evaluate and manage risks associated with third-party vendors. This process ensures that any external entity handling Trinity College\u2019s data complies with our security and privacy standards, safeguarding the confidentiality, integrity, and availability of our information. Why It Matters Engaging with third-party [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.trincoll.edu\/lits\/technology\/security\/governance-risk-and-compliance\/third-party-vendor-risk-assessments\/\" \/>\n<meta property=\"og:site_name\" content=\"Library &amp; Information Technology Services\" \/>\n<meta property=\"article:modified_time\" content=\"2026-03-13T17:52:41+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.trincoll.edu\/lits\/technology\/security\/governance-risk-and-compliance\/third-party-vendor-risk-assessments\/\",\"url\":\"https:\/\/www.trincoll.edu\/lits\/technology\/security\/governance-risk-and-compliance\/third-party-vendor-risk-assessments\/\",\"name\":\"Architecture and Security Risk Review - Library &amp; Information Technology Services\",\"isPartOf\":{\"@id\":\"https:\/\/www.trincoll.edu\/lits\/#website\"},\"datePublished\":\"2023-10-10T14:54:29+00:00\",\"dateModified\":\"2026-03-13T17:52:41+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.trincoll.edu\/lits\/technology\/security\/governance-risk-and-compliance\/third-party-vendor-risk-assessments\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.trincoll.edu\/lits\/technology\/security\/governance-risk-and-compliance\/third-party-vendor-risk-assessments\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.trincoll.edu\/lits\/technology\/security\/governance-risk-and-compliance\/third-party-vendor-risk-assessments\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.trincoll.edu\/lits\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Technology\",\"item\":\"https:\/\/www.trincoll.edu\/lits\/technology\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Information Security\",\"item\":\"https:\/\/www.trincoll.edu\/lits\/technology\/security\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Governance Risk and Compliance\",\"item\":\"https:\/\/www.trincoll.edu\/lits\/technology\/security\/governance-risk-and-compliance\/\"},{\"@type\":\"ListItem\",\"position\":5,\"name\":\"Architecture and Security Risk Review\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.trincoll.edu\/lits\/#website\",\"url\":\"https:\/\/www.trincoll.edu\/lits\/\",\"name\":\"Library &amp; Information Technology Services\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.trincoll.edu\/lits\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Architecture and Security Risk Review - Library &amp; Information Technology Services","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.trincoll.edu\/lits\/technology\/security\/governance-risk-and-compliance\/third-party-vendor-risk-assessments\/","og_locale":"en_US","og_type":"article","og_title":"Architecture and Security Risk Review","og_description":"Purpose The Architecture and Security Risk Review (ASR) at Trinity College is designed to evaluate and manage risks associated with third-party vendors. This process ensures that any external entity handling Trinity College\u2019s data complies with our security and privacy standards, safeguarding the confidentiality, integrity, and availability of our information. Why It Matters Engaging with third-party [&hellip;]","og_url":"https:\/\/www.trincoll.edu\/lits\/technology\/security\/governance-risk-and-compliance\/third-party-vendor-risk-assessments\/","og_site_name":"Library &amp; Information Technology Services","article_modified_time":"2026-03-13T17:52:41+00:00","twitter_card":"summary_large_image","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.trincoll.edu\/lits\/technology\/security\/governance-risk-and-compliance\/third-party-vendor-risk-assessments\/","url":"https:\/\/www.trincoll.edu\/lits\/technology\/security\/governance-risk-and-compliance\/third-party-vendor-risk-assessments\/","name":"Architecture and Security Risk Review - Library &amp; Information Technology Services","isPartOf":{"@id":"https:\/\/www.trincoll.edu\/lits\/#website"},"datePublished":"2023-10-10T14:54:29+00:00","dateModified":"2026-03-13T17:52:41+00:00","breadcrumb":{"@id":"https:\/\/www.trincoll.edu\/lits\/technology\/security\/governance-risk-and-compliance\/third-party-vendor-risk-assessments\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.trincoll.edu\/lits\/technology\/security\/governance-risk-and-compliance\/third-party-vendor-risk-assessments\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.trincoll.edu\/lits\/technology\/security\/governance-risk-and-compliance\/third-party-vendor-risk-assessments\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.trincoll.edu\/lits\/"},{"@type":"ListItem","position":2,"name":"Technology","item":"https:\/\/www.trincoll.edu\/lits\/technology\/"},{"@type":"ListItem","position":3,"name":"Information Security","item":"https:\/\/www.trincoll.edu\/lits\/technology\/security\/"},{"@type":"ListItem","position":4,"name":"Governance Risk and Compliance","item":"https:\/\/www.trincoll.edu\/lits\/technology\/security\/governance-risk-and-compliance\/"},{"@type":"ListItem","position":5,"name":"Architecture and Security Risk Review"}]},{"@type":"WebSite","@id":"https:\/\/www.trincoll.edu\/lits\/#website","url":"https:\/\/www.trincoll.edu\/lits\/","name":"Library &amp; Information Technology Services","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.trincoll.edu\/lits\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"}]}},"_links":{"self":[{"href":"https:\/\/www.trincoll.edu\/lits\/wp-json\/wp\/v2\/pages\/5011","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.trincoll.edu\/lits\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.trincoll.edu\/lits\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.trincoll.edu\/lits\/wp-json\/wp\/v2\/users\/336"}],"replies":[{"embeddable":true,"href":"https:\/\/www.trincoll.edu\/lits\/wp-json\/wp\/v2\/comments?post=5011"}],"version-history":[{"count":2,"href":"https:\/\/www.trincoll.edu\/lits\/wp-json\/wp\/v2\/pages\/5011\/revisions"}],"predecessor-version":[{"id":11311,"href":"https:\/\/www.trincoll.edu\/lits\/wp-json\/wp\/v2\/pages\/5011\/revisions\/11311"}],"up":[{"embeddable":true,"href":"https:\/\/www.trincoll.edu\/lits\/wp-json\/wp\/v2\/pages\/11137"}],"wp:attachment":[{"href":"https:\/\/www.trincoll.edu\/lits\/wp-json\/wp\/v2\/media?parent=5011"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}