Services We Provide
We provide the following services system wide. If you have a local (decentralized) IT support team, you may receive security and assurance services from them.
Risk Assessments
We conduct a number of routine risk assessments at the system level to support our information security program. Many of these can be used to satisfy requirements of other regulatory or contractual compliance obligations. We are also pleased to work with program areas that need to conduct specialized risk assessments in support of the following:
-
- CJIS
- CMMC
- GDPR
- GLBA
- HIPAA
- PCI
- Other Regulations or Contractual Requirements
Security Attestations, Framework Assessments, and Posture Reviews
If you are applying for a grant or entering into a contractual relationship with a third party, they may require you to attest to certain minimum standards or to indicate adoption of a specific security framework and/or associated controls. We can work with your area to review the requirements and support your grant application or attestation request.
Contract Reviews
Whenever you're purchasing software, hardware, or services from a vendor that could result in UA data being accessible to the vendor, we will be happy to review the contract terms and conditions in advance of any agreement to ensure appropriate safeguards are documented to protect UA data and constituents.
Security Awareness Training
Information Security is everyone's responsibility, but we don't expect you to figure it out on your own. We've partnered with others or worked internally on the development of several information security-focused trainings, presentations, and handouts. Would you like a custom in-person or Zoom-based training for your program area or department? We'd be delighted to work with you to deliver something customized to meet your needs for content, available time, delivery method, and audience.
-
- General Security Awareness
- Sensitive Data Handling
- IT Risk Management
Systems and Services we Manage
-
- Multi-Factor Authentication (MFA) / Duo (request integration)
- Vulnerability Management (Internal/External)
- Web Application Scanning
- Firewalls (request change)
- Single-Sign-On (SSO) / Shibboleth (request integration)
- Enterprise Content Management / OnBase (request OnBase access)