Home page logo

educause logo Educause Security Discussion mailing list archives

Vendors, Data and Escrow (Oh my!)
From: "Sarazen, Daniel" <dsarazen () UMASSP EDU>
Date: Mon, 24 Nov 2008 09:29:28 -0500

Hi All,

I have a scenario and questions for you:


If you had a University department that outsourced its primary database
management activity to a vendor with less than 5 years of operating
history and few than 20 employees, would you feel comfortable? Would you
be OK with your data and the database being hosted on the vendor's
servers? Would you still feel comfortable if the vendor outsourced the
maintenance of that server to a 3rd party?


We do have language in our contract that requires the vendor, upon
termination, to provide all finished and unfinished documents, data,
studies, and reports prepared by the contractor. But there is nothing
that requires that the code and data be placed into escrow. 


Do you have any thoughts, or initial concerns? My primary concern is
that the vendor could go out of business before we get the database and
data. Is that a reasonable concern? 





:: Daniel Sarazen, Information Technology Auditor
:: University Internal Audit
:: University of Massachusetts President's Office

:: 508-856-2443

:: 781-724-3377 Cell
:: 508-856-8824 Fax
:: Dsarazen () umassp edu

University of Massachusetts : 333 South St. : Suite 450 : Shrewsbury, MA
01545 : www.massachusetts.edu <http://www.massachusetts.edu/> 


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]