Skip to Main Content

Third-Party Risk Management (TPRM) & Procurement

The TPRM process applies to all departments within UCLA Campus, UCLA Health, and the Health Sciences schools.

In many cases, purchasing goods and/or services from third-parties (suppliers/vendors, service providers, etc.) carries risks that may negatively impact UCLA. Third-party risk management (TPRM) focuses on identifying and reducing these risks. 

TPRM topics include Digital Accessibility, Information Security and Data Privacy. Due to the risks associated with these topics, specific assessments are required before many goods and/or services can be purchased.

The TPRM process is required if any of the following applies:

Transaction involves a third-party (supplier/vendor, consultant, independent contractor etc.) that will:

  • Access, create, receive, maintain and/or transmit UC data;
  • Process credit card transactions on behalf of UC
  • Access any UC system(s) or will connect to the UC system(s)
  • All equipment with software that is either hosted, on premise or embedded and will have remote access
  • All transactions that involve technology, including web applications, all software subscriptions/licenses, mobile apps, website design/development, wearable technology and kiosks.

Steps:

  1. Before requisition submission, submit the UCLA SNOW Triage Form 
  2. Users will receive an email approval notice upon approval via SNOW
  3. Attach approval notice to requisition
  4. Submit requisition to Campus Purchasing in BruinBuy*

* Make sure all other applicable transaction requirements are addressed before submitting requisitions to Campus Purchasing.

Assessment Submission Process

To learn more about TPRM, including training and updates, view the resources below: