Main Nav



Ideally, primarily this is a contractual issue. During the initial process with a vendor, there should be a requirement that the vendor meet the same security requirements that the school must meet. The vendor should ensure that those requirements are in place prior to signing the contract. Having this assessed and completed resolves many “approval” issues.  Of course, this may not help you now!


The "right answer," if there is one clear cut answer, depends on the type of applications and data that will be stored in a cloud or at an application vendor’s site (like ADP).  Regulations and requirements will apply there as well. I guess the most important question is this:  What kind of data are you planning to store?  The answer to this question would identify the pertinent regulatory requirements. I’m imagining that your institution's Internal Audit might also need to be involved.



Verna Lynch | Senior Consultant
d: 207.739.9540 |



********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at

image001.png4.9 KB