Educause Security Discussion mailing list archives
Re: Systems Acquisition and Development standard
From: "Patria, Patricia" <PPatria () BENTLEY EDU>
Date: Fri, 29 Jan 2010 12:00:31 -0500
Hi Ben, For hosted applications that store sensitive data, we use the attached Third Party Assurance Questionnaire. For applications that reside at Bentley, we require a Functional Analysis document to be completed (http://www.bentley.edu/administrative-systems/policies-and-procedures.cfm), which is reviewed by many different members of IT. Hope that helps. Patty Patty Patria Chief Information Security Administrator | Bentley University 175 Forest Street, Waltham, MA 02452 |781.891.2364 -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Ben Woelk Sent: Friday, January 29, 2010 10:37 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Systems Acquisition and Development standard We are drafting a systems acquisition and development standard with the goal of ensuring that information security is considered and that proposed purchases/development are reviewed by our office. I've found some good resources online. Does anyone have a standard/policy/requirements document they can share? Thanks, Ben Woelk Information Security Communications and Training Specialist Rochester Institute of Technology 151 Lomb Memorial DR Ross 10-A204 Rochester, NY 14623 585-475-4122
Attachment:
Bentley University Third Party Assurance QuestionnaireV2.xlsx
Description: Bentley University Third Party Assurance QuestionnaireV2.xlsx
Current thread:
- Systems Acquisition and Development standard Ben Woelk (Jan 29)
- <Possible follow-ups>
- Re: Systems Acquisition and Development standard Patria, Patricia (Jan 29)
- Re: Systems Acquisition and Development standard James C. Farr '05 (Jan 29)
- Re: Systems Acquisition and Development standard Lorenz, Eva (Jan 29)
- Re: Systems Acquisition and Development standard Patria, Patricia (Jan 29)
- Re: Systems Acquisition and Development standard David Escalante (Jan 29)
- Re: Systems Acquisition and Development standard Ozzie Paez (Jan 29)