Educause Security Discussion mailing list archives
Re: HECVAT Tool usage
From: Alex Jalso <ACJalso () MAIL WVU EDU>
Date: Wed, 31 May 2017 19:53:31 +0000
John, At West Virginia University we require vendors to complete a security assessment prior to contract signing. The assessment is built into a Qualtrics survey then sent to vendors. Using Qualtrics allows for the collection of metrics. Below are answers to your questions. · Are vendors requested to fill it out during the RFP stage or after selection? – At WVU vendors are required to complete our security assessment process prior to contract signing. · Is it used to help make the purchase decision? Yes · If so, how is it quantified or scored so that responses can be compared across vendors? WVU’s questions were built so that metrics can be collected, e.g. vendor answers aren’t open ended but pick list based. · What if vendors say that information is proprietary and don't answer many of the questions? In this situation an NDA usually addresses the vendor’s concerns. If you have any other questions, please feel free to contact me. Alex Alex Jalso, PMP, CISM Chief Information Security and Privacy Officer Information Technology Services West Virginia University p: 304-293-4457 From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of John R. LaPrad Sent: Wednesday, May 31, 2017 11:59 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] HECVAT Tool usage We are talking about having cloud vendors fill out this assessment. I am wondering how are institutions using this document. * Are vendors requested to fill it out during the RFP stage or after selection? * Is it used to help make the purchase decision? If so, how is it quantified or scored so that responses can be compared across vendors? * What if vendors say that information is proprietary and don't answer many of the questions? Thank you for the input. John LaPrad - CISSP, CIHE Information Systems Security Manager Saginaw Valley State University 7400 Bay Rd. University Center, MI Phone: 989-964-7134 jrl () svsu edu<mailto:jrl () svsu edu>
Current thread:
- HECVAT Tool usage John R. LaPrad (May 31)
- Re: HECVAT Tool usage Brad Judy (May 31)
- Re: HECVAT Tool usage Rob Milman (May 31)
- Re: HECVAT Tool usage Ruth Ginzberg (May 31)
- Re: HECVAT Tool usage Robert Smith (May 31)
- Re: HECVAT Tool usage Escue, Charles E (May 31)
- Re: HECVAT Tool usage Flynn, Gary - flynngn (May 31)
- Re: HECVAT Tool usage Sue McGlashan (May 31)
- Re: HECVAT Tool usage Alex Jalso (May 31)
- Re: HECVAT Tool usage John R. LaPrad (Jun 12)