Re: HECVAT Tool with Current Vendors

[Wessam Maher <0000001fe3498f17-dmarc-request () LISTSERV EDUCAUSE EDU>]

Hi All,
We are using Whistic, it’s a cloud tool to assess vendors and generate
scores through sending the questionnaire and analyzing the answers,
accordingly we use hecvat l, ISO, GDPR and we can customize the
questionnaires to our needs



On Wed, Jan 15, 2020 at 6:30 PM Madl, Michael <michael.madl () indwes edu>
wrote:

> Hi Ron,
>
>
>
> I have been utilizing the HECVAT for 18 months now for new vendors.  I do
> plan on doing the same and think it is a good idea.  Depending on the
> results of each assessment it could determine your renewal decision for a
> specific vendor especially if they are lacking based on the results.
>
>
>
> <https://www.google.com/maps/search/4201+SOUTH+WASHINGTON+STREET+%0D%0A+MARION,+IN+46953?entry=gmail&source=g>
>
>
>
> MICHAEL MADL
>
> INFORMATION SECURITY OFFICER
>
> UNIVERSITY INFORMATION TECHNOLOGY
>
>
>
> INDIANA WESLEYAN UNIVERSITY
>
> 4201 SOUTH WASHINGTON STREET
> <https://www.google.com/maps/search/4201+SOUTH+WASHINGTON+STREET+%0D%0A+MARION,+IN+46953?entry=gmail&source=g>
>
> MARION, IN 46953
> <https://www.google.com/maps/search/4201+SOUTH+WASHINGTON+STREET+%0D%0A+MARION,+IN+46953?entry=gmail&source=g>
>
>
>
>   [image: signature_744753374] <https://twitter.com/InfosecurityIwu> [image:
> signature_1345253181] <https://www.linkedin.com/in/michaelmadl/> [image:
> signature_464874313] <michael.madl () indwes edu>
>
>      765.677.2688
>
>
>
> [image: cidimage004.jpg@01D51231.B0363E20]
>
>
>
> *DO NOT* *provide your username, password, or any personal information
> requested by any email.*
>
> *IWU WILL NEVER* *ask you for your username or password via email.*
>
> *DO NOT CLICK* *links or attachments unless you are positive the content
> is safe.*
>
>
>
> *CONFIDENTIALITY NOTICE:* *This email, including applicable attachments,
> may include legally protected information.  If you are not the intended
> recipient of this message, you may not disclose, print, copy, save, or
> disseminate this information. If you have received this email in error,
> please notify the sender by replying to this message and immediately delete
> this message.*
>
>
>
>
>
>
>
>
>
> *From: *The EDUCAUSE Security Community Group Listserv <
> SECURITY () LISTSERV EDUCAUSE EDU> on behalf of Ronald Loneker <
> rloneker () CSE EDU>
> *Reply-To: *The EDUCAUSE Security Community Group Listserv <
> SECURITY () LISTSERV EDUCAUSE EDU>
> *Date: *Monday, January 13, 2020 at 11:40 AM
> *To: *"SECURITY () LISTSERV EDUCAUSE EDU" <SECURITY () LISTSERV EDUCAUSE EDU>
> *Subject: *[SECURITY] HECVAT Tool with Current Vendors
>
>
>
> *** This message originated from outside the Indiana Wesleyan University
> email system ***
> ------------------------------
>
> Good Morning -
>
>
>
> We recently were made aware of, and decided to start using, the HECVAT
> tool with new vendors we use for future projects.
>
>
>
> I'm wondering whether we should go back to our current vendors offering
> cloud applications and have them complete the tool even though we're
> existing customers.
>
>
>
> Just asking for thoughts and whether anyone has done this before and
> gotten a lot of pushback from existing vendors.
>
>
>
> I think our IT auditors would be pleased if we have this information
> centralized.
>
>
> Ron Loneker, Jr.
> Director, IT Special Projects
> College of Saint Elizabeth
> Mahoney Library
> 2 Convent Road
> <https://www.google.com/maps/search/2+Convent+Road+%0D%0AMorristown,+NJ+07960?entry=gmail&source=g>
> Morristown, NJ
> <https://www.google.com/maps/search/2+Convent+Road+%0D%0AMorristown,+NJ+07960?entry=gmail&source=g>
> 07960
> <https://www.google.com/maps/search/2+Convent+Road+%0D%0AMorristown,+NJ+07960?entry=gmail&source=g>
>
> Phone:  973-290-4229
>
> e-mail:  rloneker () cse edu
>
>
>
> *CSE's IT department will never ask for your password, social security
> number or other personal information in an e-mail message. *
> *Please do not share any information with others!*
>
>
>
>
>
>
>
>
>
>
>
> **********
> Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription information can be found at
> https://www.educause.edu/community
>
> **********
> Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription information can be found at
> https://www.educause.edu/community
-- 
Sent from Mobile, Excuse spelling mistakes

Best Regards,

Wessam Maher CGEIT, CRISC, CISSP
Chief Information Security and Risk Officer - CISRO
Office of Information Security
The American University in Cairo
E wessam.maher () aucegypt edu •  T +2022615.3543
W www.aucegypt.edu

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community