Educause Security Discussion mailing list archives
Re: transferring data to vendors/outsourced services
From: "Witmer, Robert" <r.witmer () SNHU EDU>
Date: Mon, 19 Jan 2009 13:39:20 -0500
Excellent! Thanks Jim. From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of St Clair, Jim Sent: Monday, January 19, 2009 11:59 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] transferring data to vendors/outsourced services Hi Bob, I have attached a couple samples of some agreements I have referred to in the past that may help your scenario. These have a bit of security bent to them, but also include some specifics on data management. I would be happy to comment further off-list if you desire. Best Regards, James A. St.Clair, CISM, PMP Senior Manager Global Public Sector Grant Thornton LLP T 703-637-3078 F 703-637-4455 C 703-727-6332 E jim.stclair () gt com ________________________________ From: The EDUCAUSE Security Constituent Group Listserv [SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Witmer, Robert [r.witmer () SNHU EDU] Sent: Monday, January 19, 2009 11:39 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: transferring data to vendors/outsourced services Thanks for the response Jim. That is exactly where I am headed with the information requested. I would like to ensure the pertinent questions are covered in the contract and SLAs as they are created instead of reacting after the fact. Bob Witmer r.witmer () snhu edu From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of St Clair, Jim Sent: Monday, January 19, 2009 11:29 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] transferring data to vendors/outsourced services Bob, To what degree are all these items covered under the Contract or Service Level Agreements? All of the items you mentioned should have contractual coverage, to include ownership rights of the data and "disentanglement" if/when you need to change service providers. Best Regards, James A. St.Clair, CISM, PMP Senior Manager Global Public Sector Grant Thornton LLP T 703-637-3078 F 703-637-4455 C 703-727-6332 E jim.stclair () gt com [cid:image001.gif@01C97A3B.553733B0] The people in the independent firms of Grant Thornton International Ltd provide personalized attention and the highest quality service to public and private clients in more than 100 countries. Grant Thornton LLP is the U.S. member firm of Grant Thornton International Ltd, one of the six global audit, tax and advisory organizations. Grant Thornton International Ltd and its member firms are not a worldwide partnership, as each member firm is a separate and distinct legal entity. In the U.S., visit Grant Thornton LLP at www.GrantThornton.com<http://www.grantthornton.com/>. ________________________________ From: The EDUCAUSE Security Constituent Group Listserv [SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Witmer, Robert [r.witmer () SNHU EDU] Sent: Monday, January 19, 2009 11:24 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: transferring data to vendors/outsourced services I am looking for a policy or "checklist" to be considered for vendor/third party data transfers. The policy/checklist might include provisions for secure data transfer, the vendor's use of the information, vendor's data storage/protection of the information, etc. Also, who (management, data owner, InfoSec, other, all) has the authority/responsibility to initiate, approve and implement data transfers to third-party vendors? Thank you for your contribution. Bob Witmer r.witmer () snhu edu In accordance with applicable professional regulations, please understand that, unless expressly stated otherwise, any written advice contained in, forwarded with, or attached to this e-mail is not intended or written by Grant Thornton LLP to be used, and cannot be used, by any person for the purpose of avoiding any penalties that may be imposed under the Internal Revenue Code. ________________________________ This e-mail is intended solely for the person or entity to which it is addressed and may contain confidential and/or privileged information. Any review, dissemination, copying, printing or other use of this e-mail by persons or entities other than the addressee is prohibited. If you have received this e-mail in error, please contact the sender immediately and delete the material from any computer.
Current thread:
- transferring data to vendors/outsourced services Witmer, Robert (Jan 19)
- <Possible follow-ups>
- Re: transferring data to vendors/outsourced services St Clair, Jim (Jan 19)
- Re: transferring data to vendors/outsourced services Witmer, Robert (Jan 19)
- Re: transferring data to vendors/outsourced services St Clair, Jim (Jan 19)
- Re: transferring data to vendors/outsourced services Witmer, Robert (Jan 19)
- Re: transferring data to vendors/outsourced services Theresa Rowe (Jan 19)
- Re: transferring data to vendors/outsourced services Grama, Joanna Lyn (Jan 20)