Educause Security Discussion mailing list archives
Re: Information on Contracts with Third Parties
From: Joanna Grama <jgrama () EDUCAUSE EDU>
Date: Tue, 28 Nov 2017 18:15:38 +0000
Hi Cindy, The Higher Education Information Security Council (HEISC) has created an Information Security Guide<http://www.educause.edu/security/guide> that contains a toolkit on data protection contractual language. You may find some of the information in that toolkit helpful. You can access the toolkit at: https://spaces.internet2.edu/display/2014infosecurityguide/Data+Protection+Contractual+Language The Information Security Guide is aligned with several industry standards to include key objectives and implementation guidance to assist institutions with developing effective information security programs. What makes the HEISC Information Security Guide so unique is that resources and content included in Guide chapters are created by higher education information security professionals with expertise in both information security and higher education. I hope you find the data protection contractual language toolkit useful. If I can be of more assistance, please do let me know. Kind regards, Joanna Joanna Grama, JD, CISSP, CRISC, CIPT Director of Cybersecurity and IT GRC Programs EDUCAUSE Uncommon Thinking for the Common Good 282 Century Place, Suite 5000, Louisville, CO 80027 direct: 720.406.6769 | cell: 720.507.5983 | jgrama () educause edu<mailto:jgrama () educause edu> Become a Member- Everyone at your organization is an EDUCAUSE member when you join | Access discounts, resources, and valuable peer networks | Discover membership<https://www.educause.edu/about/discover-membership> From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Lusby, Cindy (lusbyca) Sent: Tuesday, November 28, 2017 12:47 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Information on Contracts with Third Parties Hello, I work as a Security Analyst for the University of Cincinnati (UC). Here at UC, we have a contract rider that we have put in place for third party contracts when they require access to university data. I would like to get some feedback from this group on if you have standard contractual language pertaining to security that you typically add to contracts with third parties. I am looking to improve our process and rider, and would greatly appreciate any feedback you may have as to what your current process is. Thank you for any information that you can provide. Regards, Cindy Lusby Information Security Analyst IT@UC Office of Information Security | University of Cincinnati lusbyca () uc edu<mailto:lusbyca () uc edu> | www.uc.edu/infosec<http://www.uc.edu/infosec> | @UC_OIS<https://twitter.com/uc_ois> on Twitter
Current thread:
- Information on Contracts with Third Parties Lusby, Cindy (lusbyca) (Nov 28)
- Re: Information on Contracts with Third Parties Joanna Grama (Nov 28)
- Re: Information on Contracts with Third Parties Chad Tracy (Dec 01)