Educause Security Discussion mailing list archives
security assessments for cloud based vendors
From: Alex Jalso <ACJalso () MAIL WVU EDU>
Date: Tue, 19 Jul 2016 00:37:07 +0000
Hello Everyone, I'm working to implement a security assessment procedure where cloud based vendors who are bidding on a contract must provide a current 3rd party security assessment; its current privacy policy / statement; its cyber liability insurance policy binder; and if credit cards will be processed a current Attestation of Compliance as part of its bid submission. The successful vendor will then have to annually provide updated versions of these documents. Do any of you have a similar process? If so, would you be willing to share it? Direct replies are welcome. Thanks. Alex Alex Jalso, PMP, CISM Chief Information Security Officer West Virginia University p: 304-293-4457 Information Technology Services will NEVER ask for your Social Security number, credit card number or WVU login credentials by email. DefendYourData.wvu.edu<http://defendyourdata.wvu.edu/>
Current thread:
- security assessments for cloud based vendors Alex Jalso (Jul 18)
- Re: security assessments for cloud based vendors Ruth Ginzberg (Jul 19)
- Re: security assessments for cloud based vendors Velislav K Pavlov (Jul 19)
- Re: security assessments for cloud based vendors Jim Dillon (Jul 19)
- Re: security assessments for cloud based vendors Colleen Keller (Jul 19)
- Re: security assessments for cloud based vendors Baillio, Aaron (Jul 19)
- Re: security assessments for cloud based vendors Rob Milman (Jul 19)
- Re: security assessments for cloud based vendors Baillio, Aaron (Jul 19)
- Re: security assessments for cloud based vendors Andy Hooper (Jul 19)
- Re: security assessments for cloud based vendors Baillio, Aaron (Jul 19)
- Re: security assessments for cloud based vendors Baillio, Aaron (Jul 19)
- Re: security assessments for cloud based vendors Ruth Ginzberg (Jul 19)
- <Possible follow-ups>
- Re: security assessments for cloud based vendors Hudson, Edward (Jul 19)