Data Security and Privacy Agreements for Managing Vendor Risk

Selecting trustworthy and reliable vendors is essential for an institution's mission. Nevertheless, it remains an enormous challenge to coordinate an expeditious interdisciplinary review of the vendor's offer and then respond with an effective effort to make the agreement fair and clear. In 2016, the University of Washington launched an interdisciplinary initiative, led by the office of the CISO, to use a flexible pro forma Data Security and Privacy Agreement and an analytic rubric to communicate expectations to vendors. This session reviews the DSPA initial and the practical benefits that have been realized. This is a topic specific/intermediate level session.

Outcomes: Gain perspective on the challenge of educational IT procurement * Understand the design of a flexible interdisciplinary solution * Explore the practical benefits of the solution through a hands-on review and tour