Educause Security Discussion mailing list archives

Re: Vendor Contracts

From: Willis Marti <wmarti () TAMU EDU>
Date: Wed, 18 Mar 2009 09:02:26 -0500

Daniel Bennett wrote:


I am wondering how many institutions have their vendors that require
IT resources to sign an agreement of confidentiality, non-disclosure,
etc?  Do you provide them with a copy of the Acceptable Use Policy?
PCI-DSS? HIPPA? FERPA?

We require the vendor to treat the information as  we would.
http://rules-saps.tamu.edu/PDFs/24.99.99.M1.22.pdf
We don't proactively hand out the policies, but we will provide them on
request. For the last several months we've had success getting the
requirements into contracts and purchase orders.

--
Cheers,
Willis Marti
Director & CISO
Networking and Information Security
Texas A&M University

Current thread:

Vendor Contracts Daniel Bennett (Mar 17)
- <Possible follow-ups>
- Re: Vendor Contracts Willis Marti (Mar 18)
- Re: Vendor Contracts Grama, Joanna Lyn (Mar 18)