Events for all Levels and InterestsStay
Jump Start Your Career GrowthStay
Get on the Higher Ed IT MapStay
Uncommon Thinking for the Common Good™Stay
RE Hosted Systems/Applications & Legal Review/FERPA
Ideally, primarily this is a contractual issue. During the initial process with a vendor, there should be a requirement that the vendor meet the same security requirements that the school must meet. The vendor should ensure that those requirements are in place prior to signing the contract. Having this assessed and completed resolves many “approval” issues. Of course, this may not help you now!
The "right answer," if there is one clear cut answer, depends on the type of applications and data that will be stored in a cloud or at an application vendor’s site (like ADP). Regulations and requirements will apply there as well. I guess the most important question is this: What kind of data are you planning to store? The answer to this question would identify the pertinent regulatory requirements. I’m imagining that your institution's Internal Audit might also need to be involved.
Verna Lynch | Senior Consultant
d: 207.739.9540 | firstname.lastname@example.org