Data Governance Role Based Access questions

["Menne, Michael S" <michael.menne () MNSU EDU>]

Good afternoon all,
As we continue to strengthen our third party evaluations and monitoring practices, we have started to ask more 
questions regarding role based access (AAA) rather than just security. The HECVAT has a few questions regarding AAA, 
but it is pretty light.

We would like to know more about the role based security access controls available within applications / services in 
addition to the security protections in place. We are trying to understand who has access to the data we are putting 
into these systems and how they are consuming it.

Does anyone have anything they can share that would access more about access controls as part of a vendor / software 
evaluation?

Thank you

Michael Menne, CISSP
Chief Information Security Officer
IT Solutions Information Security
Minnesota State University, Mankato
Phone:  (507) 389-5705

Shop Safe Online. Learn More.<https://link.mnsu.edu/shopsafeonline>

[cid:image001.png@01D341A0.236300E0]

Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended 
recipient(s) and may contain confidential and privileged information.  Any unauthorized review, use, disclosure or 
distribution is prohibited.  If you are not the intended recipient, please contact the sender by reply e-mail and 
destroy all copies of the original message.