Educause Security Discussion mailing list archives
Re: In search of SOC-1/SSAE report for Blackboard
From: "Jim A. Bole" <jbole () STEVENSON EDU>
Date: Mon, 2 Mar 2020 20:02:20 +0000
Well, I received an interesting reply from Blackboard: Since you are deployed on our SaaS platform with AWS, you can request a SOC2 report available via AWS Artifact from the account console. To be clear this was for a general AWS SOC2. I then asked for any sort of responsibility matrix or any sort of formal documentation that would serve as supporting evidence/attestation that Blackboard SaaS relies solely on AWS: Our compliance team has responded to my request, and beyond our attestation that we do use AWS exclusively for SaaS deployments, we don't have additional documentation to share. We are not subject to PCI compliance standards by nature of our business. I hope that is sufficient to satisfy your requirements. Curious to see if others find this less than satisfying... Jim Bole From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Jim A. Bole Sent: Thursday, January 30, 2020 10:34 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: In search of SOC-1/SSAE report for Blackboard This email originated from outside of Stevenson University. Use caution with links or attachments unless you know the content is safe. Thanks Mike. The term "SOC" report is often used loosely. I'm reaching out to our BB rep to see what they have. From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>> On Behalf Of Mike Nowakowski Sent: Thursday, January 30, 2020 9:12 AM To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> Subject: Re: In search of SOC-1/SSAE report for Blackboard This email originated from outside of Stevenson University. Use caution with links or attachments unless you know the content is safe. Hi Jim, SOC reports typically require an NDA to be signed, unless you looking for a SOC 3 summary those are typically available without an NDA. If you don't have the documents requested by the auditors, you should let them know you don't have them...taking it as a lesson learned, the point of the audit is to see how well your organization performed its due diligence of blackboard. Thanks, Mike Mike Nowakowski Manager, Information Systems Security Faculty of Kinesiology & Physical Education University of Toronto 55 Harbord Street 416-978-5034 https://www.kpe.utoronto.ca<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.kpe.utoronto.ca%2F&data=02%7C01%7Cjbole%40STEVENSON.EDU%7Ce3bcf68b7ae844e6bb0108d7a599d234%7C93599c7168554022bac5141d808346d1%7C0%7C0%7C637159952386696299&sdata=RwQM2QOjxfxFkDzG90k4JljS5Hm2mkzRPXq%2FG8UaBsw%3D&reserved=0> https://securitymatters.utoronto.ca<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsecuritymatters.utoronto.ca%2F&data=02%7C01%7Cjbole%40STEVENSON.EDU%7Ce3bcf68b7ae844e6bb0108d7a599d234%7C93599c7168554022bac5141d808346d1%7C0%7C0%7C637159952386706296&sdata=AEYeW5yVhM5n5Pg5%2B50zjzof3OmWMQSI%2F%2FqVNeBAyLY%3D&reserved=0> This email may contain information that is private, confidential, and / or legally privileged. It is intended for the sole use of the intended recipient(s). You must not distribute to others or allow others to review this message without the specific consent of the sender. If you are not an intended recipient, you must not review, copy or distribute this email, and you are asked to immediately notify the sender and delete this email. From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>> On Behalf Of Jim A. Bole Sent: Thursday, January 30, 2020 9:03 AM To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> Subject: [SECURITY] In search of SOC-1/SSAE report for Blackboard Colleagues, Appreciate any help. Auditors in the house today :) Jim Bole Director of Information Security Stevenson University 1525 Greenspring Valley Road Stevenson, MD, 21153-0641 jbole () stevenson edu<mailto:jbole () stevenson edu> | O: 443-334-2696 ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Cjbole%40STEVENSON.EDU%7Ce3bcf68b7ae844e6bb0108d7a599d234%7C93599c7168554022bac5141d808346d1%7C0%7C0%7C637159952386706296&sdata=7afnsBXDZE61SWREo2qvEf6stuUHN838NmKBRcmNbx4%3D&reserved=0> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Cjbole%40STEVENSON.EDU%7Ce3bcf68b7ae844e6bb0108d7a599d234%7C93599c7168554022bac5141d808346d1%7C0%7C0%7C637159952386716295&sdata=HBZZoC6m9X1WXb9vGI2rpAblP6EzME9r%2Bv5J3EDqGfY%3D&reserved=0> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Current thread:
- In search of SOC-1/SSAE report for Blackboard Jim A. Bole (Jan 30)
- Re: In search of SOC-1/SSAE report for Blackboard Mike Nowakowski (Jan 30)
- Re: In search of SOC-1/SSAE report for Blackboard Jim A. Bole (Jan 30)
- Re: In search of SOC-1/SSAE report for Blackboard Jim A. Bole (Mar 02)
- Re: In search of SOC-1/SSAE report for Blackboard Jim A. Bole (Jan 30)
- Re: In search of SOC-1/SSAE report for Blackboard Mike Nowakowski (Jan 30)