Scoring Security Controls in an RFP

[David Grisham <dgrisham () SALUD UNM EDU>]

Healthcare has traditionally not purchased applications and systems based on their security controls.  I'm working on 
changing that here.  Has anyone set up a scoring criteria on security controls for an RFP that they would be willing to 
share?




Cheers --grish
David D. Grisham, Ph.D.,  CISM, CHSP
Manager, IT Security,
UNM Hospitals, IT Division
Suite 3131
933 Bradbury Drive, SE
Albuquerque, New Mexico 87106
Ph: (505) 272-5657 
Department FAX 272-7143, Desk Fax 272-9927
Work email:  dgrisham () salud unm edu
Adjunct Faculty, Computer Science, UNM
Academic & personal email:  dave () unm edu

The unauthorized disclosure or interception of e-mail is a federal crime.  See 18 U.S.C. Sec. 2517(4). This e-mail is 
intended only for the use of those to whom it is addressed and may contain information which is privileged, 
confidential and exempt from disclosure under the law.  If you have received this e-mail in error, do not distribute or 
copy it.  Delete it immediately and attachments, if any,  and notify me by telephone. Please do not forward or 
disseminate the information in this written document.
.