Below are a few questions that will help YSU understand if there are any possible security concerns with interactions between a vendor system and the University’s existing infrastructure. Most vendors that interact with campus systems transmit things like grades, user information, or other personally identifiable information (PII) which requires regulatory compliance. Please take a moment to answer these questions pertaining to the vendor system; most answers are available in the accompanying documentation for the system or by asking the system’s vendor.
- Do the two systems (the vendor and YSU) exchange information between each other? If they do please explain this interaction.
- Is any of this information user names, logins, passwords, hashes, student grades, social security numbers, credit card numbers or anything identified as sensitive information according to University Guidebook Policy 3356-4-13? If so please give details about what type of information is involved.
- When this information is transmitted is it done over an encrypted connection (SSL, SFTP, etc)? Please explain.
- Does this system store any of this type of information about students or employees? If so how is it secured? Please give details.
Again thank you for your help with this matter so that the Network Security group can move assist you in moving forward with implementing this system.