Data Security and Privacy Agreements for Managing Vendor Risk

Wednesday, May 03 | 10:20AM–11:20AM | Colorado Ballroom IJ, Lower Level 2
Session Type: Breakout Session
Delivery Format: Concurrent Session
Selecting trustworthy and reliable vendors is essential for an institution's mission. Nevertheless, it remains an enormous challenge to coordinate an expeditious interdisciplinary review of the vendor's offer and then respond with an effective effort to make the agreement fair and clear. In 2016, the University of Washington launched an interdisciplinary initiative, led by the office of the CISO, to use a flexible pro forma Data Security and Privacy Agreement and an analytic rubric to communicate expectations to vendors. This session reviews the DSPA initial and the practical benefits that have been realized. This is a topic specific/intermediate level session.

Outcomes: Gain perspective on the challenge of educational IT procurement * Understand the design of a flexible interdisciplinary solution * Explore the practical benefits of the solution through a hands-on review and tour


  • William Li

    Principal Cybersecurity Advisor, University of Washington
  • Ann Nagel

    Chief Privacy Officer, University of Washington
  • Braden Vinroe

    Director, Cybersecurity Advising, University of Washington

Resources & Downloads

  • Data Security and Privacy Agreements_slides

    1 MB, pdf - Updated on 1/24/2024