Service Provider Security Assessment (SPSA)
Vendor SPSA Requirement Determination
Required when a vendor:
1) receives or creates data, at any level
2) has access to or integrates with NU systems or IT environment
* Once a SPSA is completed upload the determination memo as an attachment to the record