Vendor Risk Assessments

Overview

UC policy requires all software vendors (Suppliers) undergo thorough scrutiny to mitigate potential security risks.  ANR has implemented a Vendor Risk Assessment process to comply with this policy. The Vendor Risk Assessment process serves as a measure to identify and address potential security vulnerabilities associated with third-party software vendors.

Assessed Vendors

You can view the list of assessed vendors here

You can find detailed information about each assessed vendor, including:

Vendor Name: The name of the vendor providing the software solution.
Reassessment Date: The date when the assessment expires, indicating the need for reassessment to ensure ongoing compliance with ANR's security standards.
Assessed Data Protection Level: The level of data protection for which the vendor has been assessed (P1, P2, P3, P4, PCI, HIPAA).  You can find details on data protection levels here.
Agreement Number:  The ANR agreement number for the vendor.

Assessment Process

If the you don't find the vendor you are looking for on the list, you can open a new assessment or a reassessment here.