Re: [EXTERNAL]Re: [SECURITY] HECVAT Tool with Current Vendors

[Jason Fried <friedj () SUNYSUFFOLK EDU>]

The HECVAT or alternative materials that answer the questions of it are part of our RFP process for the past year or so.

Sometimes the vendor provides existing materials that include most of policy, authentication, encryption, DC specs, and 
all the rest. Whatever the gap is, we circle back with them.

We have had a number of vendors where we asked for at minimum the HECVAT lite, and the same day they deliver a full 
version questionnaire that they’ve been asked for previously.

Regards,

Jay
--
Jason Fried
College Information Security Officer
Information Technology Services
Suffolk County Community College
Office phone: 631.451.4291
Mobile: 631.897.6064
@SuffolkITS

From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Frank Barton
Sent: Monday, January 13, 2020 11:51 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [EXTERNAL]Re: [SECURITY] HECVAT Tool with Current Vendors

[CAUTION] - External mail.
We have gotten some pushback from existing vendors - what we have started doing is really pushing it when contracts 
come up for renewal... this seems to get their attention.

The other thing that we have mentioned is that, yes, the first time through it can be rather daunting to complete, but 
then keeping it up to date is pretty simple, and the form can be reused with effectively *ALL* higher education with 
very little re-work.

Frank

On Mon, Jan 13, 2020 at 11:40 AM Ronald Loneker <rloneker () cse edu<mailto:rloneker () cse edu>> wrote:
Good Morning -

We recently were made aware of, and decided to start using, the HECVAT tool with new vendors we use for future projects.

I'm wondering whether we should go back to our current vendors offering cloud applications and have them complete the 
tool even though we're existing customers.

Just asking for thoughts and whether anyone has done this before and gotten a lot of pushback from existing vendors.

I think our IT auditors would be pleased if we have this information centralized.

Ron Loneker, Jr.
Director, IT Special Projects
College of Saint Elizabeth
Mahoney Library
2 Convent Road
Morristown, NJ  07960

Phone:  973-290-4229<tel:973-290-4229>

e-mail:  rloneker () cse edu<mailto:rloneker () cse edu>


CSE's IT department will never ask for your password, social security number or other personal information in an e-mail 
message.

Please do not share any information with others!






**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community


--
Frank Barton, MBA
Security+, ACMT, MCP
IT Systems Administrator
Husson University
PGP Key Fingerprint: 0249DC644EC78D2F6B5CD2C6C94D3EDB57946437

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community