Ohio University maintains relationships with many third-party vendors, across all departmental units. Many of these vendors store, process, or transmit university data. When an information security incident occurs with a vendor, they will send a notification to the university point of contact they have on file.
Given that there are so many vendors, and the point of contact is most often a designated individual within the departmental unit, it is important that the recipient of such notices forward that information on to the information security office for further review and investigation.
If you are listed as the point of contact with a third-party vendor and receive any notices regarding a data breach or other data security related incident, be sure to forward the email to security@ohio.edu for review and investigation. To minimize disruptions related to staff changes, a group-managed email account should be used as the point of contact with third-party vendors.
For more information about managing vendor relationships from an information security perspective, please be sure to review the Information Security Standard: Third-Party Vendor Management .