Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Information on Contracts with Third Parties

From: Joanna Grama <jgrama () EDUCAUSE EDU>
Date: Tue, 28 Nov 2017 18:15:38 +0000
Hi Cindy,
The Higher Education Information Security Council (HEISC) has created an Information Security 
Guide<http://www.educause.edu/security/guide> that contains a toolkit on data protection contractual language.  You may 
find some of the information in that toolkit helpful. You can access the toolkit at:  
https://spaces.internet2.edu/display/2014infosecurityguide/Data+Protection+Contractual+Language

The Information Security Guide is aligned with several industry standards to include key objectives and implementation 
guidance to assist institutions with developing effective information security programs. What makes the HEISC 
Information Security Guide so unique is that resources and content included in Guide chapters are created by higher 
education information security professionals with expertise in both information security and higher education.

I hope you find the data protection contractual language toolkit useful.  If I can be of more assistance, please do let 
me know.

Kind regards,
Joanna


Joanna Grama, JD, CISSP, CRISC, CIPT
Director of Cybersecurity and IT GRC Programs

EDUCAUSE
Uncommon Thinking for the Common Good
282 Century Place, Suite 5000, Louisville, CO 80027
direct: 720.406.6769 | cell: 720.507.5983 | jgrama () educause edu<mailto:jgrama () educause edu>

Become a Member- Everyone at your organization is an EDUCAUSE member when you join | Access discounts, resources, and 
valuable peer networks | Discover membership<https://www.educause.edu/about/discover-membership>



From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Lusby, 
Cindy (lusbyca)
Sent: Tuesday, November 28, 2017 12:47 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Information on Contracts with Third Parties

Hello,

I work as a Security Analyst for the University of Cincinnati (UC).  Here at UC, we have a contract rider that we have 
put in place for third party contracts when they require access to university data.

I would like to get some feedback from this group on if you have standard contractual language pertaining to security 
that you typically add to contracts with third parties. I am looking to improve our process and rider, and would 
greatly appreciate any feedback you may have as to what your current process is.

Thank you for any information that you can provide.

Regards,
Cindy Lusby
Information Security Analyst
IT@UC Office of Information Security | University of Cincinnati
lusbyca () uc edu<mailto:lusbyca () uc edu> | www.uc.edu/infosec<http://www.uc.edu/infosec> | 
@UC_OIS<https://twitter.com/uc_ois> on Twitter
Previous By Date Next
Previous By Thread Next

Current thread: