Educause Security Discussion mailing list archives
Re: HECVAT Security Assessment Question
From: Sue McGlashan <sue.mcglashan () UTORONTO CA>
Date: Fri, 14 Jul 2017 18:42:15 +0000
Hi For RFPS, we have a pass / fail on security, and we have started asking only the final proponents to complete our questionnaire, rather than all. I agree that good security seems to be generally associated with good function. Now that we are moving towards using the HECVAT, I have a separate supplemental document that asks the privacy questions we need answered to check FIPPA (Ontario) compliance. I am happy to share, Andy. -- Sue McGlashan, Information Security Architect, ISEA University of Toronto On 2017-07-14, 2:15 PM, "The EDUCAUSE Security Constituent Group Listserv on behalf of Andy Hooper" <SECURITY () LISTSERV EDUCAUSE EDU on behalf of hooper () QUEENSU CA> wrote: For RFPs we do two stages. All bidders complete about twenty fairly easy questions. This gives enough information for a sense of the security maturity. Once a preferred bid has been selected, we do more detailed questions during the negotiation phase. That could result in adding work items to the contract, or in the worst case, moving on to the next preference. Security has very low weight in our RFP scoring, but as long as price isn't weighted too high, then good security seems to be generally associated with good function. HECVAT doesn't have much on privacy. Are people using HECVAT doing something separate for privacy and access-to-information aspects? - Andy Hooper - IT Services - Queen's University -
Current thread:
- Re: HECVAT Security Assessment Question, (continued)
- Re: HECVAT Security Assessment Question Sue McGlashan (Jul 06)
- Re: HECVAT Security Assessment Question Shelton Waggener (Jul 06)
- Re: HECVAT Security Assessment Question Mark Dieterich (Jul 06)
- Re: HECVAT Security Assessment Question Sue McGlashan (Jul 07)
- Re: HECVAT Security Assessment Question José A. DomÃnguez (Jul 10)
- Re: HECVAT Security Assessment Question Rob Milman (Jul 13)
- Re: HECVAT Security Assessment Question Joanna Grama (Jul 13)
- Re: HECVAT Security Assessment Question Joel McKenzie (Jul 13)
- Re: HECVAT Security Assessment Question Ruth Ginzberg (Jul 13)
- Re: HECVAT Security Assessment Question Andy Hooper (Jul 14)
- Re: HECVAT Security Assessment Question Sue McGlashan (Jul 14)
- Re: HECVAT Security Assessment Question Rob Milman (Jul 14)
- Re: HECVAT Security Assessment Question Sue McGlashan (Jul 07)
- Re: HECVAT Security Assessment Question Brad Judy (Jul 13)
- Re: HECVAT Security Assessment Question Velislav K Pavlov (Jul 13)
- Re: HECVAT Security Assessment Question Brown,Thomas (Jul 13)
- Re: HECVAT Security Assessment Question Escue, Charles E (Jul 14)
- Re: HECVAT Security Assessment Question Brown,Thomas (Jul 14)
- Re: HECVAT Security Assessment Question Sue McGlashan (Jul 06)
- Re: HECVAT Security Assessment Question Davis, Kevin (Jul 19)
- Re: HECVAT Security Assessment Question Shelton Waggener (Jul 19)