Educause Security Discussion mailing list archives
Re: HECVAT Security Assessment Question
From: Rob Milman <rob.milman () SAIT CA>
Date: Fri, 14 Jul 2017 18:48:10 +0000
Hi Andy, We conduct a Privacy Impact Assessment (PIA) as part of any projects that affect personal data as defined by the Freedom of Information and Protection of Privacy Act here in Alberta. I'm not sure if Ontario has similar legislation. It is not legislated for public institutions, but our Privacy Officer has asked that we complete them for transparency and to show that we have considered the risks. Regards, Rob Milman Security & Compliance Analyst Information Systems Southern Alberta Institute of Technology EH Crandell Building, GA 214 1301 – 16 Avenue NW, Calgary AB, T2M 0L4 (Office) 403.774.5401 (Cell) 403.606.3173 rob.milman () sait ca -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Andy Hooper Sent: Friday, July 14, 2017 12:16 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] HECVAT Security Assessment Question For RFPs we do two stages. All bidders complete about twenty fairly easy questions. This gives enough information for a sense of the security maturity. Once a preferred bid has been selected, we do more detailed questions during the negotiation phase. That could result in adding work items to the contract, or in the worst case, moving on to the next preference. Security has very low weight in our RFP scoring, but as long as price isn't weighted too high, then good security seems to be generally associated with good function. HECVAT doesn't have much on privacy. Are people using HECVAT doing something separate for privacy and access-to-information aspects? - Andy Hooper - IT Services - Queen's University -
Current thread:
- Re: HECVAT Security Assessment Question, (continued)
- Re: HECVAT Security Assessment Question Shelton Waggener (Jul 06)
- Re: HECVAT Security Assessment Question Mark Dieterich (Jul 06)
- Re: HECVAT Security Assessment Question Sue McGlashan (Jul 07)
- Re: HECVAT Security Assessment Question José A. Domínguez (Jul 10)
- Re: HECVAT Security Assessment Question Rob Milman (Jul 13)
- Re: HECVAT Security Assessment Question Joanna Grama (Jul 13)
- Re: HECVAT Security Assessment Question Joel McKenzie (Jul 13)
- Re: HECVAT Security Assessment Question Ruth Ginzberg (Jul 13)
- Re: HECVAT Security Assessment Question Andy Hooper (Jul 14)
- Re: HECVAT Security Assessment Question Sue McGlashan (Jul 14)
- Re: HECVAT Security Assessment Question Rob Milman (Jul 14)
- Re: HECVAT Security Assessment Question Sue McGlashan (Jul 07)
- Re: HECVAT Security Assessment Question Brad Judy (Jul 13)
- Re: HECVAT Security Assessment Question Velislav K Pavlov (Jul 13)
- Re: HECVAT Security Assessment Question Brown,Thomas (Jul 13)
- Re: HECVAT Security Assessment Question Escue, Charles E (Jul 14)
- Re: HECVAT Security Assessment Question Brown,Thomas (Jul 14)
- Re: HECVAT Security Assessment Question Davis, Kevin (Jul 19)
- Re: HECVAT Security Assessment Question Shelton Waggener (Jul 19)