Educause Security Discussion mailing list archives
Re: Salesforce and HECVAT
From: Brad Judy <brad.judy () CU EDU>
Date: Wed, 14 Nov 2018 15:21:23 +0000
I encourage anyone looking at third-party assessments to check the Cloud Security Alliance STAR registry (https://cloudsecurityalliance.org/star/registry/). This is where vendors can either self-assess or have a third-party assess their compliance to Cloud Security Alliance controls (which are at the core of HECVAT). There are hundreds of companies who have posted self-assessments or third-party assessments. In this case, SalesForce has completed a self-assessment of the Cloud Controls Matrix and posted it in the registry: https://cloudsecurityalliance.org/star/registry/salesforce-com-inc/ Brad Judy Information Security Officer Office of Information Security University of Colorado 1800 Grant Street, Suite 300 Denver, CO 80203 Office: (303) 860-4293 Fax: (303) 860-4302 www.cu.edu<http://www.cu.edu/> [cu-logo_fl] From: EDUCAUSE Listserv <SECURITY () LISTSERV EDUCAUSE EDU> on behalf of Carrie Shumaker <shumakr () UMICH EDU> Reply-To: EDUCAUSE Listserv <SECURITY () LISTSERV EDUCAUSE EDU> Date: Tuesday, November 13, 2018 at 8:15 PM To: EDUCAUSE Listserv <SECURITY () LISTSERV EDUCAUSE EDU> Subject: [SECURITY] Salesforce and HECVAT Hi all, I'm working on what data to allow into Salesforce. My two big areas of question are SSN and GLBA data (student loan data). Two questions: 1. Has anyone talked with Salesforce about completing a HECVAT, or had success with them answering a similar questionnaire? (And if so, can you share?) 2. Asked another way: would you store SSN / GLBA data in Salesforce? Why or why not? Thanks Carrie -- Carrie Shumaker Director of Information Technology, Strategy, and Operations Chief Information Officer University of Michigan - Dearborn 4901 Evergreen Road Dearborn, MI 48128 Ph: 313-593-5113 shumakr () umich edu<mailto:shumakr () umich edu> umdearborn.edu<http://umdearborn.edu> [Image removed by sender.]
Current thread:
- Salesforce and HECVAT Carrie Shumaker (Nov 13)
- Re: Salesforce and HECVAT Brad Judy (Nov 14)