Educause Security Discussion mailing list archives

Re: HECVAT alternative for On-Prem Vendors

From: "Escue, Charles E" <cescue () IU EDU>
Date: Sat, 3 Nov 2018 19:25:33 +0000

I would echo what Laura said. There are a few areas where we have used the HECVAT-Lite version internally to at least 
understand the system's basic operation.

Definitely interested in what others are doing.

Thanks,
 
Charlie
 
 
Charles Escue, CISSP
Extended Information Security Manager
University Information Security Office
Institutional Assurance
cescue () iu edu
 

On 11/1/18, 09:39, "The EDUCAUSE Security Community Group Listserv on behalf of Laura Raderman" <SECURITY () LISTSERV 
EDUCAUSE EDU on behalf of lraderman () CMU EDU> wrote:

    There’s nothing specifically for on-prem, but you could just look at a subset of the existing questions to apply to 
on-prem.
    
    Laura
    
    
    Laura Raderman
    ISO Policy & Compliance Coordinator
    Carnegie Mellon University
    lraderman () cmu edu
    
    > On Nov 1, 2018, at 9:26 AM, Tyler Newell <tnewell () BGSU EDU> wrote:
    > 
    > Community,
    >  
    > We started using the HECVAT for cloud vendor assessments a little more than a year ago and have been very happy 
with it especially when a vendor has already filled one out so we aren’t waiting to receive it back.
    >  
    > That said, we’ve had contract expirations for some of our on-premise vendors and wanted to run them through a 
similar process to properly assess their product(s). I wasn’t able to find a standardized assessment questionnaire like 
the HECVAT when it comes to on-premise, so I thought I would reach out to see if anyone had a document already created 
that they are willing to share.
    >  
    > I appreciate your time for reading this.
    >  
    > Thank you,
    >  
    > //SIGNED//
    > Tyler Newell, Information Security Analyst
    > Bowling Green State University | Information Technology Services
    > P: 419.372.0999 | tnewell () bgsu edu | www.bgsu.edu/infosec
    >  
    > This e-mail, including any attachments, may contain information that is protected by law as privileged and 
confidential, and is transmitted for the sole use of the intended recipient.  If you are not the intended recipient, 
you are hereby notified that any use, dissemination, copying or retention of this e-mail or the information contained 
herein is strictly prohibited.

Attachment: smime.p7s
Description:

Current thread:

HECVAT alternative for On-Prem Vendors Tyler Newell (Nov 01)
- Re: HECVAT alternative for On-Prem Vendors Laura Raderman (Nov 01)
  - Re: HECVAT alternative for On-Prem Vendors Escue, Charles E (Nov 03)
- Re: HECVAT alternative for On-Prem Vendors Belsito, Louis D (Nov 09)
  - Re: HECVAT alternative for On-Prem Vendors randy (Nov 09)
    - Re: HECVAT alternative for On-Prem Vendors Pitt, Sharon (Nov 09)
    - Re: HECVAT alternative for On-Prem Vendors Josh Callahan (Nov 14)
    - Re: HECVAT alternative for On-Prem Vendors Nelson, Leonard Purvis (Nov 14)
    - Re: HECVAT alternative for On-Prem Vendors Hillhouse, Bob (Bob) (Nov 14)
    - Re: HECVAT alternative for On-Prem Vendors Sue Rivera (Nov 14)
    - Re: HECVAT alternative for On-Prem Vendors randy (Nov 14)
    - Re: HECVAT alternative for On-Prem Vendors Niranjan Davray (Nov 14)
    - Re: HECVAT alternative for On-Prem Vendors McNeil, Sharon Mclawhorn (Nov 19)