Educause Security Discussion mailing list archives
Securing Data in SaaS Applications
From: Cyndie Holmes <cholmes () TXSTATE EDU>
Date: Thu, 15 Feb 2018 15:02:10 -0700
The vendor completed the HECVAT and a university is purchasing a SaaS service. Now what? Trying to determine who has the responsibility for ensuring contracts or SLAs contain language that protects the institution's data. The owner (academic department or business function), procurement, IT, or Legal? Someone else? If the contract or SLA contains sufficient protection for the institution's data, who monitors the vendor for compliance with the contract or SLA data security controls? How are data security controls monitored if the contract or SLA contains no language for customer monitoring? Who monitors? Thanks
Current thread:
- Securing Data in SaaS Applications Cyndie Holmes (Feb 15)
- Re: Securing Data in SaaS Applications Ruth Ginzberg (Feb 15)
- Re: Securing Data in SaaS Applications Sue McGlashan (Feb 15)
- Re: Securing Data in SaaS Applications Santucci, Anthony (Feb 16)
- Re: Securing Data in SaaS Applications Ronald King (Feb 22)
- Re: Securing Data in SaaS Applications Ruth Ginzberg (Feb 22)
- Re: Securing Data in SaaS Applications Sue McGlashan (Feb 15)
- Re: Securing Data in SaaS Applications Holmes, Cyndie (Mar 01)
- Re: Securing Data in SaaS Applications Ruth Ginzberg (Feb 15)