Vendor Privacy and Security Review FAQ

Why are privacy and security reviews required when working with a vendor?

The University of Connecticut relies on key partnerships with vendors to conduct business. At times, we may need to provide vendors with confidential or protected information. When this occurs, it is essential that we appropriately review vendor safeguards and business practices to help ensure information is used and protected appropriately and anticipate any potential issues.

When is a privacy and security review of a vendor triggered? 

When departments create requisitions within HuskyBuy, responses to certain questions may trigger the need for a privacy and/or security review. For example, if a department indicates that UConn will need to share personal data with a vendor to conduct business with them, UConn Privacy Officer will then launch a Privacy Impact Assessment.

Who completes privacy and security reviews? 

Privacy and Security staff work with the vendor to complete assessments. Staff then can work to analyze responses, detect and work toward resolving any privacy or security risks.

How long does it takes for privacy and security reviews to be completed? 

In general, Privacy and Security can launch review assessments within a day or two. However, completion of the assessment will largely depend on the vendor’s cooperation, and any level of risk detected. It may take a couple of weeks for appropriate reviews to be completed.

Who can I contact with questions regarding privacy or security reviews?

For security assessments, please contact:

For privacy assessments, please contact: