Educause Security Discussion mailing list archives
Re: transferring data to vendors/outsourced services
From: Theresa Rowe <rowe () OAKLAND EDU>
Date: Mon, 19 Jan 2009 17:07:43 -0500
Our process is to have the vendor respond to a questionnaire - that is posted at http://www2.oakland.edu/uts/policies.cfm#outsourcing under the paragraph *Outsourcing, Hosted Solutions and Application Service Providers* click on the word Standards. We have university staff who are engaging the contract review the Checklist document. These materials go with the contract or license to our General Counsel, who may incorporate the Standards as completed by the vendor as an exhibit to the contract. Based on the vendor's responses, some additional protections may be written into the contract by our General Counsel. Theresa Rowe On Mon, Jan 19, 2009 at 11:24 AM, Witmer, Robert <r.witmer () snhu edu> wrote:
I am looking for a policy or "checklist" to be considered for vendor/third party data transfers. The policy/checklist might include provisions for secure data transfer, the vendor's use of the information, vendor's data storage/protection of the information, etc. Also, who (management, data owner, InfoSec, other, all) has the authority/responsibility to initiate, approve and implement data transfers to third-party vendors? Thank you for your contribution. Bob Witmer r.witmer () snhu edu
-- Theresa Rowe Chief Information Officer Oakland University
Current thread:
- transferring data to vendors/outsourced services Witmer, Robert (Jan 19)
- <Possible follow-ups>
- Re: transferring data to vendors/outsourced services St Clair, Jim (Jan 19)
- Re: transferring data to vendors/outsourced services Witmer, Robert (Jan 19)
- Re: transferring data to vendors/outsourced services St Clair, Jim (Jan 19)
- Re: transferring data to vendors/outsourced services Witmer, Robert (Jan 19)
- Re: transferring data to vendors/outsourced services Theresa Rowe (Jan 19)
- Re: transferring data to vendors/outsourced services Grama, Joanna Lyn (Jan 20)