Filetype Excel XLSX | Posted on 07 Jul 2022 | 3 years ago
Authentication
digital resources
188x Filetype XLSX File size 0.36 MB Source: www.clayton.edu
Sheet 1: Introduction
| Item | Default Sharing Permission | Default Sharing Audience | |
| Assessment template and discussion regarding the assessment process | OK to share | Public | |
| List of service providers assessed and contact information of service providers | OK to share | Higher education institutions only | |
| Completed assessment (vendor answers intact) | None, Opt-in by service provider only | None, unless opt-in. If a service provider opts-in, the sharing is within higher education institutions only | |
| Security report created by this Higher Education institution | None, Opt-in by service provider only | None, unless opt-in. If a service provider opts-in, the sharing is within higher education institutions only | |
| Higher Education Cloud Vendor Assessment Tool Instructions | |
| Target Audience | |
| These instructions are for vendors interested in providing the Institution with a software and/or a service. This worksheet should not be completed by a Institution entity. The purpose of this worksheet is for the vendor to submit robust security safeguard information in regards to the product (software/service) being assessed in the Institution's assessment process. | |
| Document Layout | |
| There are five main sections of the Higher Education Cloud Vendor Assessment Tool, all listed below and outlined in more detail. This document is designed to have the first two sections populated first; after the Qualifiers section is completed it can be populated in any order. Within each section, answer each question top-to-bottom. Some questions are nested and may be blocked out via formatting based on previous answers. Populating this document in the correct order will ensure that questions are not answered unnecessarily. | |
| General Information | This section is self-explanatory; product specifics and contact information. GNRL-01 through GNRL-06 should be populated by a Institution entity. GNRL-07 through GNRL-14 should be populated by the Vendor. GNRL-15 and GNRL-16 are for Institution use only. |
| Higher Education Shared Assessments Confirmation | Answers to the statements in this section will determine how this assessment may be shared within the Higher Education community. Refer to the Sharing Read Me tab for further details. |
| Documentation | Focused on external documentation, the Institution is interested in the frameworks that lead your security strategy and what has been done to certify these implementations. |
| Company Overview | This section is focused on company background, size, and business area experience. |
| Safeguards | The remainder of the document consists of various safeguards grouped generally by section. |
| In sections where vendor input is required there are only one or two columns that need modification, Vendor Answers and Additional Information, columns C and D respectively (see Figure 1 below). You will see that sometimes C and D are separate and other times are merged. If they are separate, C will be a selectable, drop-down box and any supporting information should be added to column D. If C and D are merged, the question is looking for the answer to be in narrative form. At the far right is a column titled “Guidance”. After answering questions, check this column to ensure you have submitted information/documentation to sufficiently answer the question. Use the “Additional Information” column to provide any requested details. | |
| Figure 1: | |
| Proceed to the next tab, Cloud Vendor Assessment Tool - Lite, to begin. | |
no reviews yet
Please Login to review.
