What Is The Service?
Michigan State University (MSU) requires a Service Provider Risk Assessment as part of the purchase of products or services. MSU is committed to engaging with suppliers that have the capability of providing an accessible, secure, usable, and integrated user experience.
When purchasing Information Technology (IT) , units should understand the potential impact these purchases have on the risk to the University and the potential impact to individuals with disabilities in and outside the university. These purchases must also align with the MSU Institutional Data Policy and MSU Web Accessibility Policy
The SPSA does not replace the need for performing an Application Security Risk Assessment during the implementation lifecycle of a purchased solution.
Who Is Eligible to Use It?
Procurement will submit a request for a Service Provider Risk Assessment.
How Do I Use It?
Submit an email to GRC@msu.edu with SPSA in the subject line. Preferred requests should follow this format: “SPSA Screening: Vendor Name – Product Name – Req #” or “SPSA Needed – Vendor Name – Product Name – Req #”