Do They Measure Up? Assessing the Security Posture of Third-Party Service Providers

Tuesday, April 05 | 11:45AM–12:45PM | Travis AB/Third Level
Session Type: Professional Development, SEC11
In these days of outsourcing, SaaS, and clouds, higher education is increasingly turning to third parties to host institution-owned data to gain efficiencies and reduce cost. But how do we assess the incremental risk of engaging third parties to host our data? How can we ensure that adequate security practices are in place prior to finalizing any contractual agreement? This session will introduce a general strategy and several tools already in use for prequalifying and auditing third parties and provide a roadmap of how one institution dealt with these issues.


  • David Escalante

    Director of Computer Security, Boston College
  • Shirley Payne

    AVP for Information Security, Policy & Records (Retired), University of Virginia
  • Miguel Soldi

Resources & Downloads