Educause Security Discussion
mailing list archives
Re: IT Security in Purchases and Contracts
From: Sarah Stevens <sarah () STEVENS-TECHNOLOGIES COM>
Date: Tue, 4 Sep 2007 11:01:03 -0700
Are you the Eric Galyon from ACNS at CSU?
From: Eric Galyon [mailto:Eric.Galyon () CUSYS EDU]
Sent: Tue 9/4/2007 7:37 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] IT Security in Purchases and Contracts
I've attempting to research Higher Education practices in extending University IT security policies to contracts and
purchases. I'm interested in speaking with any institution that has either:
1) Created specific processes which enforce specific reviews and/or approvals of IT security aspects prior to purchase
2) Introduced specific written language into contracts, service arrangement agreements, or RFPs requiring vendors to
meet University IT security policy requirements.
I'd be interested in knowing about institutions that have tackled either of these issues; contact information would be
a plus. I'll gladly summarize my results and post them back to this list for others.
Technical Security Specialist
Office of Information Security
University of Colorado
Eric.Galyon () cusys edu