How to Request a Vendor Information Security Assessment April 30, 2015

How To Request a Vendor Information Security Assessment April 30, 2015

Version 1.0

1.  While on the Partners network (or connected to the VPN), go tothe IS Service Desk home page https://partnershealthcare.service-now.com/phsess/main.do

a.  NOTE: Some individuals may be taken directly to the ServiceNow Service Automation home page. In these cases, please select“New Call” from the left-hand side and reference the information below to continue entering the ticket.

2.  Click “Open A Ticket”

3.  In the “Description” field include (you may opt to include this information in a document and attach it to the ServiceNow request):

a.  A brief introduction of the department that will be using the application;

b.  A brief explanation of the benefits to using the vendor’s application;

c.  A description of how the application is used (please include any diagrams, if available);

d.  Who will be using the system;

e.  The number of users with access to the application;

f.  Whether the system will contain or transmit ePHI, PII, PCI, intellectual property, or other Partners Confidential Data;

g.  Who will support the application;

h.  Whether the vendor will access the system remotely and, if so, please include their contact information;

i.  Whether the application can be accessed directly from the Internet without a VPN;

j.  Whether the application has any mobile components;

k.  Whether PHS Materials Management is involved in contracting and does a BAA exist; and

l.  The impact to operations if the application was not available;

4.  Click “Submit”

5.  For “Call type,” select “Request”

6.  For “Request item,” enter “Application and Service-Related Requests”

7.  Click “Update”

8.  For “Configuration Item,” enter the name of the system

9.  For “Category,” select “Other”

a.  NOTE: Depending on the selection, the“Subcategory” field may become required. Please use your best judgment on selecting something here, if required.

10.  For “Assignment Group,” enter “Vendor Risk Assessments”

11.  Click “Order Now”

12.  Click “Submit Order”

13.  Please make note of the Request Number (REQ…), the RITM number, and the Task number for tracking and follow-up purposes.