Re: Systems Acquisition and Development standard

["James C. Farr '05" <jfarr () UTICA EDU>]

Ben,  Great question
Patty,  Thank you for sharing.
I had a few things on my plate, but I just made room for this one.

James Farr
Utica College

-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Patria, Patricia
Sent: Friday, January 29, 2010 12:01 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Systems Acquisition and Development standard

Hi Ben,

For hosted applications that store sensitive data, we use the attached Third
Party Assurance Questionnaire.

For applications that reside at Bentley, we require a Functional Analysis
document to be completed
(http://www.bentley.edu/administrative-systems/policies-and-procedures.cfm),
which is reviewed by many different members of IT.

Hope that helps.

Patty


Patty Patria
Chief Information Security Administrator | Bentley University
175 Forest Street, Waltham, MA 02452 |781.891.2364

-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Ben Woelk
Sent: Friday, January 29, 2010 10:37 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Systems Acquisition and Development standard

We are drafting a systems acquisition and development standard with the goal
of ensuring that information security is considered and that proposed
purchases/development are reviewed by our office. I've found some good
resources online. Does anyone have a standard/policy/requirements document
they can share?

Thanks,
Ben Woelk
Information Security Communications and Training Specialist Rochester
Institute of Technology
151 Lomb Memorial DR
Ross 10-A204
Rochester, NY 14623

585-475-4122