Skip to main content

IT Compliance Assessment

Service Description

Compliance is the act of adhering to established rules, guidelines, or specifications to align with industry and government expectations. This may include adherence to laws and regulations, sponsor-imposed contract requirements, or internal policy and procedure. A security compliance assessment will help determine the gap between your existing control environment and what is required, and subsequently help you implement controls to address these gaps. An example of when a compliance assessment might be needed is if your department processes and stores credit card information. Another example is if your research project involves sensitive data such as export-controlled information or health information.

This service will review applicable requirements, identify steps for meeting obligations, and implement necessary safeguards and countermeasures. It is relevant for new activities as well as changes to existing projects or services. Because each regulation, contract, or policy can be different, the assessment complexity will depend on the data type and requirement involved. For example, research involving export control could potentially be very complicated and require multiple resources and significant time investment.

This service can be requested by faculty or managers.

Support Contacts

IT Security Risk & Compliance
Vanderbilt Export Compliance
PCI Compliance Office (PCIO) 

Service Charges or Fees

There are currently no service charges or fees for this service. 

Requesting Service

To request service, please contact the relevant compliance office:

IT Security Risk & Compliance
Vanderbilt Export Compliance
PCI Compliance Office (PCIO)

If you are unsure or listed offices are not applicable, contact it.risk@vanderbilt.edu for guidance. 

What You Can Request

IT Compliance Assessment 

Documentation and Service Information Links

VUIT NIST 800-171 Guidance
Vanderbilt Export Compliance
PCI Compliance 

Related Services

Data Use Agreements (DUA)
Multi-factor Authentication (MFA)
Privileged Account Management (PAM)
Threat Monitoring, Detection, and Response (TMDR)
IT Security Policy Development and Lifecycle
Vulnerability and Systems Posture Assessment (VASPA)
IT Risk Assessment
IT Security Awareness and Training
IT Security Consulting 

Service

Security Policy and Compliance 

Service Category

Security