Educause Security Discussion mailing list archives
Re: [EXTERNAL]Re: [SECURITY] HECVAT Tool with Current Vendors
From: Jason Fried <friedj () SUNYSUFFOLK EDU>
Date: Mon, 13 Jan 2020 17:57:25 +0000
The HECVAT or alternative materials that answer the questions of it are part of our RFP process for the past year or so. Sometimes the vendor provides existing materials that include most of policy, authentication, encryption, DC specs, and all the rest. Whatever the gap is, we circle back with them. We have had a number of vendors where we asked for at minimum the HECVAT lite, and the same day they deliver a full version questionnaire that they’ve been asked for previously. Regards, Jay -- Jason Fried College Information Security Officer Information Technology Services Suffolk County Community College Office phone: 631.451.4291 Mobile: 631.897.6064 @SuffolkITS From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Frank Barton Sent: Monday, January 13, 2020 11:51 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [EXTERNAL]Re: [SECURITY] HECVAT Tool with Current Vendors [CAUTION] - External mail. We have gotten some pushback from existing vendors - what we have started doing is really pushing it when contracts come up for renewal... this seems to get their attention. The other thing that we have mentioned is that, yes, the first time through it can be rather daunting to complete, but then keeping it up to date is pretty simple, and the form can be reused with effectively *ALL* higher education with very little re-work. Frank On Mon, Jan 13, 2020 at 11:40 AM Ronald Loneker <rloneker () cse edu<mailto:rloneker () cse edu>> wrote: Good Morning - We recently were made aware of, and decided to start using, the HECVAT tool with new vendors we use for future projects. I'm wondering whether we should go back to our current vendors offering cloud applications and have them complete the tool even though we're existing customers. Just asking for thoughts and whether anyone has done this before and gotten a lot of pushback from existing vendors. I think our IT auditors would be pleased if we have this information centralized. Ron Loneker, Jr. Director, IT Special Projects College of Saint Elizabeth Mahoney Library 2 Convent Road Morristown, NJ 07960 Phone: 973-290-4229<tel:973-290-4229> e-mail: rloneker () cse edu<mailto:rloneker () cse edu> CSE's IT department will never ask for your password, social security number or other personal information in an e-mail message. Please do not share any information with others! ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community -- Frank Barton, MBA Security+, ACMT, MCP IT Systems Administrator Husson University PGP Key Fingerprint: 0249DC644EC78D2F6B5CD2C6C94D3EDB57946437 ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Current thread:
- HECVAT Tool with Current Vendors Ronald Loneker (Jan 13)
- Re: HECVAT Tool with Current Vendors Frank Barton (Jan 13)
- Re: HECVAT Tool with Current Vendors Alexandre Adao (Jan 13)
- Re: HECVAT Tool with Current Vendors Cam Beasley (Jan 13)
- Re: [EXTERNAL]Re: [SECURITY] HECVAT Tool with Current Vendors Jason Fried (Jan 13)
- Re: HECVAT Tool with Current Vendors Dennis Bolton (Jan 22)
- Re: HECVAT Tool with Current Vendors Alexandre Adao (Jan 13)
- Re: HECVAT Tool with Current Vendors Madl, Michael (Jan 15)
- Re: HECVAT Tool with Current Vendors Wessam Maher (Jan 22)
- Re: HECVAT Tool with Current Vendors Clark Gaylord (Jan 22)
- Re: [External] Re: [SECURITY] HECVAT Tool with Current Vendors Thomas Dugas (Jan 23)
- Re: HECVAT Tool with Current Vendors Frank Barton (Jan 13)