Educause Security Discussion mailing list archives
Re: HECVAT Tool usage
From: Rob Milman <rob.milman () SAIT CA>
Date: Wed, 31 May 2017 16:13:42 +0000
We use it prior to contract signing. Our institution has a policy in place that requires IS approval prior for any web services or applications outside our perimeter. I have had different levels of success with vendors depending on their maturity level. Most have completed the assessment without any issues, others have tried to fake it by not answering questions properly and one replied that they were not mature enough to provide us with the service levels that we were requesting. I always check the Cloud Security Alliance STAR registry for the vendor in question. That saves a lot of work up front for both parties. Regards, Rob Milman [cid:image004.png@01D18F19.9217E950] Rob Milman Security & Compliance Analyst Information Systems Southern Alberta Institute of Technology EH Crandell Building, GA 214 1301 – 16 Avenue NW, Calgary AB, T2M 0L4 (Office) 403.774.5401 (Cell) 403.606.3173 rob.milman () sait ca<mailto:rob.milman () sait ca> From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of John R. LaPrad Sent: Wednesday, May 31, 2017 9:59 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] HECVAT Tool usage We are talking about having cloud vendors fill out this assessment. I am wondering how are institutions using this document. * Are vendors requested to fill it out during the RFP stage or after selection? * Is it used to help make the purchase decision? If so, how is it quantified or scored so that responses can be compared across vendors? * What if vendors say that information is proprietary and don't answer many of the questions? Thank you for the input. John LaPrad - CISSP, CIHE Information Systems Security Manager Saginaw Valley State University 7400 Bay Rd. University Center, MI Phone: 989-964-7134 jrl () svsu edu<mailto:jrl () svsu edu>
Current thread:
- HECVAT Tool usage John R. LaPrad (May 31)
- Re: HECVAT Tool usage Brad Judy (May 31)
- Re: HECVAT Tool usage Rob Milman (May 31)
- Re: HECVAT Tool usage Ruth Ginzberg (May 31)
- Re: HECVAT Tool usage Robert Smith (May 31)
- Re: HECVAT Tool usage Escue, Charles E (May 31)
- Re: HECVAT Tool usage Flynn, Gary - flynngn (May 31)
- Re: HECVAT Tool usage Sue McGlashan (May 31)
- Re: HECVAT Tool usage Alex Jalso (May 31)
- Re: HECVAT Tool usage John R. LaPrad (Jun 12)