Risk Management

The Office of Information Security (OIS) is dedicated to identifying, assessing, and mitigating risks to safeguard university data, systems, and operations. Through our risk management initiatives, we help Villanova stay secure, resilient, and compliant with industry standards and regulations.

Risk Assessments

We conduct comprehensive risk assessments to identify vulnerabilities across university systems, ensuring security controls are in place to prevent potential threats before they cause an issue. Risk assessments help ensure Villanova meets federal, state, and industry security requirements, including:

• FERPA (Student data protection)
• HIPAA (Healthcare information security)
• PCI-DSS (Credit card transaction security)
• NIST & Other Frameworks (Best practices in cybersecurity governance)

Third-Party Risk Management (TPRM)

OIS develops and enforces security policies aligned with Securitas principles to maintain a high level of cybersecurity while enabling academic and research excellence. In addition, we evaluate the security strength level of vendors and third-party partners to ensure they meet Villanova’s cybersecurity standards before accessing sensitive university data or systems. Request a third-party vendor security review here.

Why Risk Management Matters

By proactively managing risks, Villanova can continue to thrive in a secure digital environment while empowering faculty, staff, and students with the resources they need. In addition, risk management helps to:

• Prevent data breaches and cyber incidents
• Protect sensitive university and personal data
• Ensure compliance with legal and regulatory requirements
• Reduce exposure to financial and reputational damage