Re: Systems Acquisition and Development standard

["Patria, Patricia" <PPatria () BENTLEY EDU>]

Hi Ben,

For hosted applications that store sensitive data, we use the attached Third Party Assurance Questionnaire.

For applications that reside at Bentley, we require a Functional Analysis document to be completed 
(http://www.bentley.edu/administrative-systems/policies-and-procedures.cfm), which is reviewed by many different 
members of IT.

Hope that helps.

Patty


Patty Patria
Chief Information Security Administrator | Bentley University
175 Forest Street, Waltham, MA 02452 |781.891.2364

-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Ben Woelk
Sent: Friday, January 29, 2010 10:37 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Systems Acquisition and Development standard

We are drafting a systems acquisition and development standard with the goal of ensuring that information security is 
considered and that proposed purchases/development are reviewed by our office. I've found some good resources online. 
Does anyone have a standard/policy/requirements document they can share?

Thanks,
Ben Woelk
Information Security Communications and Training Specialist
Rochester Institute of Technology
151 Lomb Memorial DR
Ross 10-A204
Rochester, NY 14623

585-475-4122

Attachment: Bentley University Third Party Assurance QuestionnaireV2.xlsx
Description: Bentley University Third Party Assurance QuestionnaireV2.xlsx