Educause Security Discussion mailing list archives
Re: Vendor Contracts
From: Willis Marti <wmarti () TAMU EDU>
Date: Wed, 18 Mar 2009 09:02:26 -0500
Daniel Bennett wrote:
I am wondering how many institutions have their vendors that require IT resources to sign an agreement of confidentiality, non-disclosure, etc? Do you provide them with a copy of the Acceptable Use Policy? PCI-DSS? HIPPA? FERPA?
We require the vendor to treat the information as we would. http://rules-saps.tamu.edu/PDFs/24.99.99.M1.22.pdf We don't proactively hand out the policies, but we will provide them on request. For the last several months we've had success getting the requirements into contracts and purchase orders. -- Cheers, Willis Marti Director & CISO Networking and Information Security Texas A&M University
Current thread:
- Vendor Contracts Daniel Bennett (Mar 17)
- <Possible follow-ups>
- Re: Vendor Contracts Willis Marti (Mar 18)
- Re: Vendor Contracts Grama, Joanna Lyn (Mar 18)