Re: HECVAT Tool with Current Vendors

["Madl, Michael" <michael.madl () INDWES EDU>]

Hi Ron,

I have been utilizing the HECVAT for 18 months now for new vendors.  I do plan on doing the same and think it is a good 
idea.  Depending on the results of each assessment it could determine your renewal decision for a specific vendor 
especially if they are lacking based on the results.


MICHAEL MADL
INFORMATION SECURITY OFFICER
UNIVERSITY INFORMATION TECHNOLOGY

INDIANA WESLEYAN UNIVERSITY
4201 SOUTH WASHINGTON STREET
MARION, IN 46953

  [signature_744753374] <https://twitter.com/InfosecurityIwu>  [signature_1345253181] 
<https://www.linkedin.com/in/michaelmadl/>  [signature_464874313] <mailto:michael.madl () indwes edu>
     765.677.2688

[cidimage004.jpg@01D51231.B0363E20]

DO NOT provide your username, password, or any personal information requested by any email.
IWU WILL NEVER ask you for your username or password via email.
DO NOT CLICK links or attachments unless you are positive the content is safe.

CONFIDENTIALITY NOTICE: This email, including applicable attachments, may include legally protected information.  If 
you are not the intended recipient of this message, you may not disclose, print, copy, save, or disseminate this 
information. If you have received this email in error, please notify the sender by replying to this message and 
immediately delete this message.




From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> on behalf of Ronald Loneker 
<rloneker () CSE EDU>
Reply-To: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU>
Date: Monday, January 13, 2020 at 11:40 AM
To: "SECURITY () LISTSERV EDUCAUSE EDU" <SECURITY () LISTSERV EDUCAUSE EDU>
Subject: [SECURITY] HECVAT Tool with Current Vendors

** This message originated from outside the Indiana Wesleyan University email system **
________________________________
Good Morning -

We recently were made aware of, and decided to start using, the HECVAT tool with new vendors we use for future projects.

I'm wondering whether we should go back to our current vendors offering cloud applications and have them complete the 
tool even though we're existing customers.

Just asking for thoughts and whether anyone has done this before and gotten a lot of pushback from existing vendors.

I think our IT auditors would be pleased if we have this information centralized.

Ron Loneker, Jr.
Director, IT Special Projects
College of Saint Elizabeth
Mahoney Library
2 Convent Road
Morristown, NJ  07960

Phone:  973-290-4229<tel:973-290-4229>

e-mail:  rloneker () cse edu<mailto:rloneker () cse edu>


CSE's IT department will never ask for your password, social security number or other personal information in an e-mail 
message.

Please do not share any information with others!






**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community