Navigating Risk Assessments for New Software in Higher Education

0
4
Asked By TechyNerd2023 On

Hey everyone! I'm a System Admin at a higher education institution and we're currently diving into risk assessments for potential vendors, specifically using the HECVAT from Educause. Recently, a department requested a particular software that's popular in education. We asked for a HECVAT, but the vendor filled it out and scored a whopping 0%.

Upon reviewing their answers, I was really concerned. They don't follow a security framework, don't notify us of changes affecting our security, lack compliance with accessibility standards, and have no documented info security policy or incident response plan. Their website looks pretty outdated too, which raises red flags.

I feel a lot of pressure to recommend this software, but I truly can't. The department is pushing back, claiming there's no alternative software available. They made comments like "I guess we aren't having Marching Band next year!" I'm holding my ground, but I'm wondering how to handle this kind of situation. If the administration decides to proceed despite my concerns, what can I do to mitigate risks if we have to use this software? I really dislike the political side of this office—any advice would be super helpful!

2 Answers

Answered By EduRiskGuru On

The landscape in higher education regarding these assessments is tightening up. It's worth exploring how and why the HECVAT was adopted at your institution. Ensure there's a formal framework in place and, ideally, a dedicated security team to back you up. If adjacent departments aren't on board, it can feel like you're fighting this battle alone.

Answered By SecuritySavvy98 On

It's crucial to have a policy in place for when a supplier fails the risk assessment. You should make sure your cybersecurity policy covers what to do next. If none exists, it’s high time to create one. You might also reach out to similar institutions to see how they handle this situation; sharing insights might give you more ground to stand on.

Related Questions

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.