Educause Security Discussion mailing list archives
Re: HECVAT Tool usage
From: Sue McGlashan <sue.mcglashan () UTORONTO CA>
Date: Wed, 31 May 2017 16:54:09 +0000
Hi We have had our own questionnaire that we asked vendors to complete. This was a requirement of the RFP process – i.e. if they did not complete the questionnaire, they did not progress further. We only assess the final chosen vendor. Caveats – we have more than one campus, so not all RFPs are requiring this. We also go through a risk assessment for other vendors, if we are asked, for vendors that do not need to go through a RFP process. We are planning to start using the HECVAT, as we see the value for vendors in not completing a different questionnaire for each institution. We will add a separate document to cover parts that are missing from the HECVAT (mostly PIA questions based on our requirements), or for questions that are too US centric. So, the HECVAT will become part of the process. - and thanks again to the volunteers who put it together -- Sue McGlashan, Information Security Architect, ISEA University of Toronto 416-946-3260 From: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> on behalf of "John R. LaPrad" <jrl () SVSU EDU> Organization: Saginaw Valley State University Reply-To: "SECURITY () LISTSERV EDUCAUSE EDU" <SECURITY () LISTSERV EDUCAUSE EDU> Date: Wednesday, May 31, 2017 at 11:59 AM To: "SECURITY () LISTSERV EDUCAUSE EDU" <SECURITY () LISTSERV EDUCAUSE EDU> Subject: [SECURITY] HECVAT Tool usage We are talking about having cloud vendors fill out this assessment. I am wondering how are institutions using this document. * Are vendors requested to fill it out during the RFP stage or after selection? * Is it used to help make the purchase decision? If so, how is it quantified or scored so that responses can be compared across vendors? * What if vendors say that information is proprietary and don't answer many of the questions? Thank you for the input. John LaPrad - CISSP, CIHE Information Systems Security Manager Saginaw Valley State University 7400 Bay Rd. University Center, MI Phone: 989-964-7134 jrl () svsu edu<mailto:jrl () svsu edu>
Current thread:
- HECVAT Tool usage John R. LaPrad (May 31)
- Re: HECVAT Tool usage Brad Judy (May 31)
- Re: HECVAT Tool usage Rob Milman (May 31)
- Re: HECVAT Tool usage Ruth Ginzberg (May 31)
- Re: HECVAT Tool usage Robert Smith (May 31)
- Re: HECVAT Tool usage Escue, Charles E (May 31)
- Re: HECVAT Tool usage Flynn, Gary - flynngn (May 31)
- Re: HECVAT Tool usage Sue McGlashan (May 31)
- Re: HECVAT Tool usage Alex Jalso (May 31)
- Re: HECVAT Tool usage John R. LaPrad (Jun 12)