Educause Security Discussion mailing list archives
Re: Vendors, Data and Escrow (Oh my!)
From: "Basgen, Brian" <bbasgen () PIMA EDU>
Date: Mon, 24 Nov 2008 12:42:00 -0700
Hi Daniel, Sounds like great material for a risk assessment. :) How valuable is the information in the database? How vulnerable is the vendor (financially, etc)? Without getting into details, we had an instance where valuable data was held by a small vendor. An inspection of the vendor's site revealed what we had expected: the vendor did not have facilities consummate with the value of our data. When we framed the facts in these concrete terms, the only real question was how quickly a new vendor could be selected. :) ~~~~~~~~~~~~~~~~~~ Brian Basgen Information Security Pima Community College From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Sarazen, Daniel Sent: Monday, November 24, 2008 7:29 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Vendors, Data and Escrow (Oh my!) Hi All, I have a scenario and questions for you: If you had a University department that outsourced its primary database management activity to a vendor with less than 5 years of operating history and few than 20 employees, would you feel comfortable? Would you be OK with your data and the database being hosted on the vendor's servers? Would you still feel comfortable if the vendor outsourced the maintenance of that server to a 3rd party? We do have language in our contract that requires the vendor, upon termination, to provide all finished and unfinished documents, data, studies, and reports prepared by the contractor. But there is nothing that requires that the code and data be placed into escrow. Do you have any thoughts, or initial concerns? My primary concern is that the vendor could go out of business before we get the database and data. Is that a reasonable concern? Thanks, [cid:image001.gif@01C94E31.B4161580] :: Daniel Sarazen, Information Technology Auditor :: University Internal Audit :: University of Massachusetts President's Office :: 508-856-2443 :: 781-724-3377 Cell :: 508-856-8824 Fax :: Dsarazen () umassp edu<mailto:Dsarazen () umassp edu> University of Massachusetts : 333 South St. : Suite 450 : Shrewsbury, MA 01545 : www.massachusetts.edu<http://www.massachusetts.edu/>
Current thread:
- Vendors, Data and Escrow (Oh my!) Sarazen, Daniel (Nov 24)
- <Possible follow-ups>
- Re: Vendors, Data and Escrow (Oh my!) St Clair, Jim (Nov 24)
- Re: Vendors, Data and Escrow (Oh my!) Gregory N Pendergast/AC/VCU (Nov 24)
- Re: Vendors, Data and Escrow (Oh my!) Sarazen, Daniel (Nov 24)
- Re: Vendors, Data and Escrow (Oh my!) Basgen, Brian (Nov 24)