Educause Security Discussion mailing list archives
Re: IT Security in Purchases and Contracts
From: "Friedmann, Esther" <estherf () UMICH EDU>
Date: Mon, 10 Sep 2007 09:16:50 -0400
Hi Eric, Great list! Thank you very much for sharing. We are working on a similar document at the University of Michigan, so this is very helpful. Esther ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Esther Friedmann Information Technology Security Services University of Michigan (734) 647-5357 estherf () umich edu ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ________________________________ From: Eric Galyon [mailto:Eric.Galyon () CUSYS EDU] Sent: Friday, September 07, 2007 6:30 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] IT Security in Purchases and Contracts Earlier this week I asked for information about specific IT security language/practices other institutions require when negotiating agreements with third parties. Thanks for the responses and to the institutions with publicly available information. As promised, my summery is attached. Hope it saves someone out there a few hours of work... Thanks, Eric Galyon Technical Security Specialist Office of Information Security University of Colorado (303) 492-9419 Eric.Galyon () cusys edu ________________________________ From: Eric Galyon Sent: Tuesday, September 04, 2007 8:37 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: IT Security in Purchases and Contracts I've attempting to research Higher Education practices in extending University IT security policies to contracts and purchases. I'm interested in speaking with any institution that has either: 1) Created specific processes which enforce specific reviews and/or approvals of IT security aspects prior to purchase authorization. 2) Introduced specific written language into contracts, service arrangement agreements, or RFPs requiring vendors to meet University IT security policy requirements. I'd be interested in knowing about institutions that have tackled either of these issues; contact information would be a plus. I'll gladly summarize my results and post them back to this list for others. Thanks, Eric Galyon Technical Security Specialist Office of Information Security University of Colorado (303) 492-9419 Eric.Galyon () cusys edu
Current thread:
- IT Security in Purchases and Contracts Eric Galyon (Sep 04)
- <Possible follow-ups>
- Re: IT Security in Purchases and Contracts Theresa M Rowe (Sep 04)
- Re: IT Security in Purchases and Contracts Sarah Stevens (Sep 04)
- Re: IT Security in Purchases and Contracts Sarah Stevens (Sep 04)
- Re: IT Security in Purchases and Contracts Eric Galyon (Sep 07)
- Re: IT Security in Purchases and Contracts Friedmann, Esther (Sep 10)