Educause Security Discussion mailing list archives
Reviewing Software Vendors
From: "Harvey, Matthew" <mharvey4 () HOWARDCC EDU>
Date: Fri, 8 Nov 2019 20:11:35 +0000
Hello Team, Looking for some guidance on what good looks like for software and LTI vendors. There is plenty of assessment data (HECVAT, security questionnaire's, Privacy Policy, compliance with frameworks, etc.), but am curious if other institutions use just one of these tools, or weigh the results from each and evaluate risk based on the multiple sources. For instance, do you gather all this data and assign values and requirements such as "If compliant with ISO27001 then meets requirements", or "If score on HECVAT is lower than C, then must be GDPR compliant". We are considering an IMS Global membership as this will provide us with another assessment source (rubric), but wonder how to put these pieces together. Thanks!! Matt Harvey Cybersecurity Analyst Howard Community College ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Current thread:
- Reviewing Software Vendors Harvey, Matthew (Nov 08)