Educause Security Discussion mailing list archives
Re: security assessments for cloud based vendors
From: Colleen Keller <ckeller () EDUCAUSE EDU>
Date: Tue, 19 Jul 2016 16:07:25 +0000
Hi Alex, There are several items in the EDUCAUSE library that may be of use for you. https://library.educause.edu/resources/2014/7/it-security-questionnaireit-standards-and-requirements-questionnaire http://www.educause.edu/annual-conference/2015/cloud-service-procurement-and-contracting-lessons-internet2-net https://spaces.internet2.edu/display/2014infosecurityguide/Cloud+Computing+Security Please let me know if you have any questions, thank you. Colleen Keller Electronic Resources Librarian EDUCAUSE<http://www.educause.edu/> Uncommon Thinking for the Common Good direct: 303.939.0309 | main: 303.449.4430 | educause.edu<http://www.educause.edu/> | Twitter: @EDUCAUSEreview From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Alex Jalso Sent: Monday, July 18, 2016 6:37 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] security assessments for cloud based vendors Hello Everyone, I'm working to implement a security assessment procedure where cloud based vendors who are bidding on a contract must provide a current 3rd party security assessment; its current privacy policy / statement; its cyber liability insurance policy binder; and if credit cards will be processed a current Attestation of Compliance as part of its bid submission. The successful vendor will then have to annually provide updated versions of these documents. Do any of you have a similar process? If so, would you be willing to share it? Direct replies are welcome. Thanks. Alex Alex Jalso, PMP, CISM Chief Information Security Officer West Virginia University p: 304-293-4457 Information Technology Services will NEVER ask for your Social Security number, credit card number or WVU login credentials by email. DefendYourData.wvu.edu<http://defendyourdata.wvu.edu/>
Current thread:
- security assessments for cloud based vendors Alex Jalso (Jul 18)
- Re: security assessments for cloud based vendors Ruth Ginzberg (Jul 19)
- Re: security assessments for cloud based vendors Velislav K Pavlov (Jul 19)
- Re: security assessments for cloud based vendors Jim Dillon (Jul 19)
- Re: security assessments for cloud based vendors Colleen Keller (Jul 19)
- Re: security assessments for cloud based vendors Baillio, Aaron (Jul 19)
- Re: security assessments for cloud based vendors Rob Milman (Jul 19)
- Re: security assessments for cloud based vendors Baillio, Aaron (Jul 19)
- Re: security assessments for cloud based vendors Andy Hooper (Jul 19)
- Re: security assessments for cloud based vendors Baillio, Aaron (Jul 19)
- Re: security assessments for cloud based vendors Baillio, Aaron (Jul 19)
- Re: security assessments for cloud based vendors Ruth Ginzberg (Jul 19)
- <Possible follow-ups>
- Re: security assessments for cloud based vendors Hudson, Edward (Jul 19)