Educause Security Discussion mailing list archives
Third Party Monitoring
From: "Hallinan, Mary" <Mary_Hallinan () URMC ROCHESTER EDU>
Date: Tue, 24 Aug 2021 19:15:07 +0000
Good Afternoon, I'm from the University of Rochester Information Security Risk and Compliance Team. We are in the process of evaluating our assessment timeline and monitoring third parties. I have a few questions below for data gathering. The responses will be used internally through Information Security and our CISO. * Does your organization have a Third-Party security program? o If yes, in-house or outsourced? * Does your organization continually monitor Third-Party activities? Please describe what and how they are monitored? * How often are you doing a full Third-Party security assessment? * Is the ongoing monitoring of the Third-Parties centralized or dispersed to the department engaging with the Third-party? Thank you for assisting in this process. Thank you Mary Mary Hallinan Risk and Compliance Analyst University of Rochester - Information Security Office P: Zoom or Skype E: Mary_Hallinan () urmc rochester edu<mailto:Mary_Hallinan () urmc rochester edu> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Current thread:
- Third Party Monitoring Hallinan, Mary (Aug 24)
- <Possible follow-ups>
- Third Party Monitoring Hallinan, Mary (Sep 07)