Re: In search of SOC-1/SSAE report for Blackboard

["Jim A. Bole" <jbole () STEVENSON EDU>]

Thanks Mike. The term "SOC" report is often used loosely. I'm reaching out to our BB rep to see what they have.

From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Mike Nowakowski
Sent: Thursday, January 30, 2020 9:12 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: In search of SOC-1/SSAE report for Blackboard

This email originated from outside of Stevenson University. Use caution with links or attachments unless you know the 
content is safe.
Hi Jim,

SOC reports typically require an NDA to be signed, unless you looking for a SOC 3 summary those are typically available 
without an NDA.

If you don't have the documents requested by the auditors, you should let them know you don't have them...taking it as 
a lesson learned, the point of the audit is to see how well your organization performed its due diligence of blackboard.

Thanks,
Mike


Mike Nowakowski
Manager, Information Systems Security
Faculty of Kinesiology & Physical Education
University of Toronto
55 Harbord Street
416-978-5034
https://www.kpe.utoronto.ca<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.kpe.utoronto.ca%2F&data=02%7C01%7Cjbole%40STEVENSON.EDU%7C0b625b23269c45377fb008d7a58fbdd1%7C93599c7168554022bac5141d808346d1%7C0%7C0%7C637159909107745328&sdata=iWzG3QY0lr1nLrCagqQXdc9%2BszRs2Rr6SeGpg5GHm3Y%3D&reserved=0>
https://securitymatters.utoronto.ca<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsecuritymatters.utoronto.ca%2F&data=02%7C01%7Cjbole%40STEVENSON.EDU%7C0b625b23269c45377fb008d7a58fbdd1%7C93599c7168554022bac5141d808346d1%7C0%7C0%7C637159909107755323&sdata=kF2k2b%2FJyE%2BDmxesNGbJrReRuHpKpVYYvYZLDyh9NmY%3D&reserved=0>

This email may contain information that is private, confidential, and / or legally privileged. It is intended for the 
sole use of the intended recipient(s). You must not distribute to others or allow others to review this message without 
the specific consent of the sender. If you are not an intended recipient, you must not review, copy or distribute this 
email, and you are asked to immediately notify the sender and delete this email.










From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV 
EDUCAUSE EDU>> On Behalf Of Jim A. Bole
Sent: Thursday, January 30, 2020 9:03 AM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: [SECURITY] In search of SOC-1/SSAE report for Blackboard

Colleagues,

Appreciate any help. Auditors in the house today :)

Jim Bole
Director of Information Security
Stevenson University
1525 Greenspring Valley Road
Stevenson, MD, 21153-0641
jbole () stevenson edu<mailto:jbole () stevenson edu> | O: 443-334-2696



**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Cjbole%40STEVENSON.EDU%7C0b625b23269c45377fb008d7a58fbdd1%7C93599c7168554022bac5141d808346d1%7C0%7C0%7C637159909107755323&sdata=%2BrmzXkNFsQh4rKC8iU03cxL4pZwLev7DaFm4ZlXHvIA%3D&reserved=0>

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community