Educause Security Discussion mailing list archives

IT Security in Purchases and Contracts

From: Eric Galyon <Eric.Galyon () CUSYS EDU>
Date: Tue, 4 Sep 2007 08:37:18 -0600

I've attempting to research Higher Education practices in extending
University IT security policies to contracts and purchases.  I'm
interested in speaking with any institution that has either:

 

1)  Created specific processes which enforce specific reviews and/or
approvals of IT security aspects prior to purchase authorization.

 

2)  Introduced specific written language into contracts, service
arrangement agreements, or RFPs requiring vendors to meet University IT
security policy requirements.

 

I'd be interested in knowing about institutions that have tackled either
of these issues; contact information would be a plus.  I'll gladly
summarize my results and post them back to this list for others.

 

Thanks,

 

Eric Galyon

Technical Security Specialist

Office of Information Security

University of Colorado

(303) 492-9419

Eric.Galyon () cusys edu

Current thread:

IT Security in Purchases and Contracts Eric Galyon (Sep 04)
- <Possible follow-ups>
- Re: IT Security in Purchases and Contracts Theresa M Rowe (Sep 04)
- Re: IT Security in Purchases and Contracts Sarah Stevens (Sep 04)
- Re: IT Security in Purchases and Contracts Sarah Stevens (Sep 04)
- Re: IT Security in Purchases and Contracts Eric Galyon (Sep 07)
- Re: IT Security in Purchases and Contracts Friedmann, Esther (Sep 10)