Cybersecurity – Research Platforms and Third Parties and Suppliers to the University

As part of your research, have you created a research platform for external research participants to engage with? Or have you collaborated with third parties platforms that requires access to the University’s network, systems and information?

In all these instances these services must be assessed to understand if there are any security risks to the University.

If you have not already completed a Privacy Impact Assessment (PIA) please do so. Note: You must be logged on to the University VPN to access the Privacy Impact Assessment (PIA) page.

Once the Cybersecurity Governance team receive your PIA, they will send through a short survey to understand the platform you use or the third party and the services being provided to the University. This helps the cybersecurity team to determine the type of security assessment to perform.

Any risks or issues highlighted during this process, and remediation advice, will be included in the PIA review feedback. If a security assessment identifies a third party with excessive levels of risk, they must not be used by the University unless the risk is corrected, mitigated or accepted.

Please contact the Cybersecurity Governance team (cyber-grc@unimelb.edu.au) if you would like to find out:

• if a third party has been assessed by Cybersecurity
• more information about the Third Party Cybersecurity process