Do They Measure Up? Assessing the Security Posture of Third-Party Service Providers

In these days of outsourcing, SaaS, and clouds, higher education is increasingly turning to third parties to host institution-owned data to gain efficiencies and reduce cost. There are incremental risks in engaging third parties to host institutional data. Adequate security practices must be in place prior to finalizing contractual agreements. This session will introduce a general strategy and several tools already in use for prequalifying and auditing third parties, while interactively soliciting attendee feedback as to their suitability and how they can be improved.