Educause Security Discussion mailing list archives
Re: HECVAT Security Assessment Question
From: Mark Dieterich <mkd () BROWN EDU>
Date: Thu, 6 Jul 2017 18:20:15 -0400
Davidson College is adopting HECVAT/HECVAT Lite for vendor assessments.
At Brown, we are trying to move towards adopting HECVAT/HECVAT Lite for all vendor assessments as well. So far, we haven’t run into the IBM scenario yet and we had our first instance of a vendor (Workfront) who had already seen it and turned it around almost instantly, thanks for whomever forged the way for us!
Being end of fiscal year, we’ve had a large number of cloud/SaaS software purchase requests from departments
If I could derail this conversation slightly, I’d be really interested in learning what your staffing to support vendor assessments looks like. We seem to be continuously trying to play catch up with assessments and it’s taking way more time than the cycles we have allotted. A vast majority of our time seems to be tied up in chasing down information and getting people to actually respond! Although in some cases, wading through the reams of documentation from a vendor can take significant time as well. At present, our team of two part time people (very part time on paper for at least one of these anyways) seems to be consistently trying to do contract reviews and security assessments on just North of 20 contracts concurrently. I’m trying to figure out if we are just hugely inefficient, we are attempting to be too detailed in our reviews, or we are truly understaffed. Are we the only ones in this situation? Anyone have a better model? Mark
Current thread:
- Re: HECVAT Security Assessment Question Velislav K Pavlov (Jul 06)
- <Possible follow-ups>
- Re: HECVAT Security Assessment Question Sue McGlashan (Jul 06)
- Re: HECVAT Security Assessment Question Shelton Waggener (Jul 06)
- Re: HECVAT Security Assessment Question Mark Dieterich (Jul 06)
- Re: HECVAT Security Assessment Question Sue McGlashan (Jul 07)
- Re: HECVAT Security Assessment Question José A. Domínguez (Jul 10)
- Re: HECVAT Security Assessment Question Rob Milman (Jul 13)
- Re: HECVAT Security Assessment Question Joanna Grama (Jul 13)
- Re: HECVAT Security Assessment Question Joel McKenzie (Jul 13)
- Re: HECVAT Security Assessment Question Ruth Ginzberg (Jul 13)
- Re: HECVAT Security Assessment Question Andy Hooper (Jul 14)
- Re: HECVAT Security Assessment Question Sue McGlashan (Jul 14)
- Re: HECVAT Security Assessment Question Rob Milman (Jul 14)
- Re: HECVAT Security Assessment Question Sue McGlashan (Jul 07)
- Re: HECVAT Security Assessment Question Brad Judy (Jul 13)