UNM Financial Services announced the following on August 28th, 2014:
New procedures are going into effect in September involving purchases where a vendor will have access to UNM private data. Private data includes items such as Social Security Numbers, Protected Health Information (HIPAA), student grades, names & dates of birth of students/employees, credit card information, payroll or other financial information, or other data deemed sensitive or private.
Beginning 9/30/14, a new required field in all LoboMart requisitions will require the requester to alert the Purchasing department whenever a vendor will have access to UNM private data. Whenever this field is selected, Purchasing will instruct the user department to complete a Preliminary Security Review Form and submit it to the appropriate data steward (usually UNM IT or HSC Information Security). Purchasing will not be able to issue the PO until receiving an approval from the appropriate data steward.
UNM IT has posted the Preliminary Security Review Form: (Click on the UNM Preliminary Security Questionnaire at the top of this page)
In response to this requirement the Health Sciences Center is announcing a new process to standardize our IT security review of software purchases in a manner that will be make it faster and easier to understand. Purchases for software deemed to involve sensitive or private UNM data are flagged by Purchasing to require an IT security review prior to Purchasing approval. To start the process please complete and submit the UNM Preliminary Security Questionnaire found at the link above. Email the completed form to HSC-ISO@salud.unm.edu.
*Note: IT Security Analysts, please use this HSC IT Security Analyst Worksheet to document the security assessment.