What's New for TPRM?

As part of the next evolution of UCLA's TPRM process, the Office of the Chief Information Security Officer (OCISO) has deployed an automated version of the Third-Party Risk Management (TPRM) process that has:

  • Digitized all TPRM related documents (e.g., TPRM Lite, Ultra-Lite, and Full vendor forms);
  • Implemented features such as dashboards to provide better visibility to the requestor; 
  • Enabled the TPRM review team to work on a submitted request simultaneously; and
  • Added user-friendly links to integrate with our partners (e.g., Campus Purchasing, Privacy, Accessibility, Department & Unit  Requestors, and Associated Third Party Vendors).

How Does This Impact Me?

Anyone at UCLA who needs to use a new third-party product or service that (A) accesses, creates, receives, maintains, and/or transmits UC data; (B) processes credit card transactions on behalf of UC; and/or (C) accesses any UC system(s) must initiate the TPRM Assessment Process on behalf of the vendor. Once the request is approved, the OCISO will discuss next steps with the vendor. If the vendor is already approved, the OCISO will notify you accordingly.

How Do I Initiate a New Vendor Request?

  1. You can submit all new TPRM requests through ServiceNow.
  2. You can use the step-by-step video to assist you in using the ServiceNow Vendor Triage.
  3. Within ServiceNow you can also use guided tours to walk you through submitting a Vendor Triage or instructional documentation.

 

"True prevention is not waiting for bad things to happen, it's preventing things from happening in the first place." ~ Don McPherson