Home page logo
/

educause logo Educause Security Discussion mailing list archives

Re: IT Security in Purchases and Contracts
From: "Friedmann, Esther" <estherf () UMICH EDU>
Date: Mon, 10 Sep 2007 09:16:50 -0400

Hi Eric,

 

Great list! Thank you very much for sharing.  We are working on a
similar document at the University of Michigan, so this is very helpful.

 

Esther

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Esther Friedmann

Information Technology Security Services

University of Michigan

(734) 647-5357

estherf () umich edu

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

________________________________

From: Eric Galyon [mailto:Eric.Galyon () CUSYS EDU] 
Sent: Friday, September 07, 2007 6:30 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] IT Security in Purchases and Contracts

 

Earlier this week I asked for information about specific IT security
language/practices other institutions require when negotiating
agreements with third parties.  Thanks for the responses and to the
institutions with publicly available information.  As promised, my
summery is attached.  Hope it saves someone out there a few hours of
work...

 

Thanks,

 

Eric Galyon

Technical Security Specialist

Office of Information Security

University of Colorado

(303) 492-9419

Eric.Galyon () cusys edu

 

________________________________

From: Eric Galyon 
Sent: Tuesday, September 04, 2007 8:37 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: IT Security in Purchases and Contracts

 

I've attempting to research Higher Education practices in extending
University IT security policies to contracts and purchases.  I'm
interested in speaking with any institution that has either:

 

1)  Created specific processes which enforce specific reviews and/or
approvals of IT security aspects prior to purchase authorization.

 

2)  Introduced specific written language into contracts, service
arrangement agreements, or RFPs requiring vendors to meet University IT
security policy requirements.

 

I'd be interested in knowing about institutions that have tackled either
of these issues; contact information would be a plus.  I'll gladly
summarize my results and post them back to this list for others.

 

Thanks,

 

Eric Galyon

Technical Security Specialist

Office of Information Security

University of Colorado

(303) 492-9419

Eric.Galyon () cusys edu

 


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault