Technology Security Assessment


We Help You Choose Compliant, Compatible Technology


ITCS evaluates new and existing software for verification of compliance regarding HIPAA,FERPA, SSN/PII, PCI, and other sensitive data types.

  • When is a Technology Security Assessment Necessary?
    Department purchases a new technology

    • Requisition – Materials Management submits the assessment request.
    • ProCard – The department submits the assessment request.
  • Department already owns a technology, and…
    • …the technology has never been assessed. The department submits the assessment request.
    • …the technology’s use case has altered, and a re-assessment is necessary. Cloud-based solutions utilizing sensitive data are reviewed ANNUALLY or during renewal cycle. The department submits the assessment request.
    • Additional guidance for ONLINE INSTRUCTIONAL TOOLS is found: www.ecu.edu/onlinetools/
  • Department is contemplating a software purchase (department submits the assessment request)

What Information Do You Need?


Required information for a cloud-based solution:

  • Vendor’s geographic location or third-party data center
  • Vendor’s (or third party’s) security policy
  • Authentication process and user login URL
  • The software’s auditing capabilities
  • Username and password configuration including encryption methods
  • Data encryption details in both transit and storage
  • Your Business Continuity Plan if the software/application is unavailable
  • Hosting entity’s Disaster Recovery Plan
  • Hosting entity’s report or letter certifying a successful SSAE16 or SOC report issued by a credentialed auditing firm within the last year

Required information for a hosted, onsite solution:

  • Authentication process
  • Software’s auditing capabilities
  • Data storage location
  • Username and password configuration plus encryption methods
  • Your Business Continuity Plan if the product is unavailable

Assessment Workflow


For information on the software assessment workflow, visit the project office website.