shield Harvard University
Harvard Shield
About                                
Enterprise Security Policy
Information Security & Privacy
Human Subjects
For Students
For Employees
For Registrars
Harvard Confidential Info
Working with Vendors
Protecting Conf. Info
For Existing Contracts
For New Contracts
Accepting Credit Cards
Federal and Regulatory
Glossary of Terms
FAQ's       
Reporting Security Incidents
Reporting Violations
Privacy Policy
Security Presentations
Search the Site
Working with Vendors :: For Existing Contracts
 
 

1.  If the vendor deals with specific high-risk data elements including

Social Security Numbers, Passport or Visa Numbers, or HUIDs the vendor contract must be updated to include approved data protection clauses as soon as possible.   If the vendor only deals with lower risk Harvard confidential information the contract must be updated to include approved data protection clauses when it comes up for renewal. 

2.   Schedule a conference (phone or in-person) between the UISO and the person or group responsible for the vendor's network, data and system security to review the vendor's intended approach to protecting the Harvard data. The UISO will determine if a Risk Management (RMAS) audit is required and will inform the vendor and the department contact accordingly.

3.   If required, the UISO facilitates the information security audit with RMAS and will inform the department contact of any changes that are required based on the outcome of the audit. This may necessitate a change or addition to the contract with the vendor.

4.   The UISO will periodically review progress made toward compliance; in cases of unfavorable outcome, the UISO may recommend that the final contract not be signed or be significantly amended.


 		 
 
Universities adopt serious protections after high risk laptops are stolen
Advisory on use and protection of HUID
  >> See all  
Printer Friendly Page
 Trademark Notice|Privacy Policy | © 2008 President and Fellows of Harvard College  
Supported by WDS