Educause Security Discussion mailing list archives
HECVAT: 26LLC and WCOnline
From: Velislav K Pavlov <VelislavPavlov () FERRIS EDU>
Date: Thu, 24 Aug 2017 16:47:45 +0000
Good afternoon, We are reviewing the WCOnline writing service by 26LLC. They provided HECVAT answers, which is great as we did not have to ask for it. Before we can finish our risk assessment, there are some outstanding considerations: * Evidence of continuous vulnerability detection and remediation capabilities * Evidence of continuous intrusion detection and prevention capabilities * The HECVAT is not accompanied by AICPA SSAE16, ISO, CSA CAIQ or related qualified third party attestation of risk assessment and adequate remediation * The vendor listed in HECVAT that they would not allow for us to engage in assessment of their infrastructure citing terms of use If you have completed risk assessment of this provider, I will appreciate sharing your experience and conclusions. Thank you. Vel Pavlov | Coordinator, IT Security M.Sc. ISM, CISSP, C|HFI, C|EH, C)PTE, Security+, CNA, MPCS, ITILv3F, A+ Big Rapids, MI 49307
Current thread:
- HECVAT: 26LLC and WCOnline Velislav K Pavlov (Aug 24)