Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: HECVAT alternative for On-Prem Vendors

From: Laura Raderman <lraderman () CMU EDU>
Date: Thu, 1 Nov 2018 13:39:37 +0000
There’s nothing specifically for on-prem, but you could just look at a subset of the existing questions to apply to 
on-prem.

Laura


Laura Raderman
ISO Policy & Compliance Coordinator
Carnegie Mellon University
lraderman () cmu edu


On Nov 1, 2018, at 9:26 AM, Tyler Newell <tnewell () BGSU EDU> wrote:

Community,
 
We started using the HECVAT for cloud vendor assessments a little more than a year ago and have been very happy with 
it especially when a vendor has already filled one out so we aren’t waiting to receive it back.
 
That said, we’ve had contract expirations for some of our on-premise vendors and wanted to run them through a similar 
process to properly assess their product(s). I wasn’t able to find a standardized assessment questionnaire like the 
HECVAT when it comes to on-premise, so I thought I would reach out to see if anyone had a document already created 
that they are willing to share.
 
I appreciate your time for reading this.
 
Thank you,
 
//SIGNED//
Tyler Newell, Information Security Analyst
Bowling Green State University | Information Technology Services
P: 419.372.0999 | tnewell () bgsu edu | www.bgsu.edu/infosec
 
This e-mail, including any attachments, may contain information that is protected by law as privileged and 
confidential, and is transmitted for the sole use of the intended recipient.  If you are not the intended recipient, 
you are hereby notified that any use, dissemination, copying or retention of this e-mail or the information contained 
herein is strictly prohibited.
Previous By Date Next
Previous By Thread Next

Current thread: