Third Party Monitoring

["Hallinan, Mary" <Mary_Hallinan () URMC ROCHESTER EDU>]

Good Afternoon,

I'm from the University of Rochester Information Security Risk and Compliance Team. We are in the process of evaluating 
our assessment timeline and monitoring third parties. I have a few questions below for data gathering. The responses 
will be used internally through Information Security and our CISO.

*         Does your organization have a Third-Party security program?
o    If yes, in-house or outsourced?
*         Does your organization continually monitor Third-Party activities? Please describe what and how they are 
monitored?
*         How often are you doing a full Third-Party security assessment?
*         Is the ongoing monitoring of the Third-Parties centralized or dispersed to the department engaging with the 
Third-party?

Thank you for assisting in this process.

Thank you
Mary



Mary Hallinan

Risk and Compliance Analyst

University of Rochester - Information Security Office

P:  Zoom or Skype

E: Mary_Hallinan () urmc rochester edu<mailto:Mary_Hallinan () urmc rochester edu>


**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community