IT Vendor Forms

IT Vendor Forms

Elon University requires all service providers and third-party vendors to review and agree to the relevant documents below. These agreements help protect university data and maintain the security of our systems. If applicable, these terms may be attached to vendor contracts.

Service Provider Requirements

Outlines Elon’s expectations for data security, confidentiality, and legal compliance (including FERPA, GLBA, GDPR, etc.). This document is required for any vendor that stores, processes, or transmits Elon data.

HIPAA Business Associate Agreement (BAA)

Required for vendors who access or handle Protected Health Information (PHI) on Elon’s behalf. It ensures compliance with HIPAA and the HITECH Act, including safeguards and breach notification requirements.

PCI DSS Compliance Addendum

For vendors that process, store, or transmit cardholder data. This addendum covers PCI DSS compliance, including annual reports, breach response, and data disposal.

If you have questions about these documents or your responsibilities, contact the Office of Information Security at rose@elon.edu.