Why is SUNY Fredonia requiring this TRP?
...
Step 1. In order to complete the required Data Security Risk Assessment, please confirm the University data types that you are requesting to be used with this solution by completing a Data Security Risk Assessment Form.
Step 2. The CISO or designee will review and then reach out to you or the vendor (if needed) to obtain further information. The CISO may need to contact the vendor to obtain a Higher Education Community Vendor Assessment Tool (HECVAT) and/or SOC 2 Type 2 report if University Category 2 and 3 data is requested to be used.
...
Step 7: Software Terms and Conditions Review: The Contract Services department will conduct a review of the terms and conditions of all contracts to ensure that standard NYS contract terms are applied (e.g. Appendix A: Standard Clauses for New York State Contracts.). The Contract Services will need a copy of the software contract, multi-year agreement, Memorandum of Understanding (MoUs), or EULA (End User License Agreement) for this step of the TRP review.
...