Information Security Office informative training videos empower community
Have business dealings with third parties? Navigating the intricate world of contracts, agreements, and Requests for Bid/Proposal (RFB/RFP) can be a laborious task. Fortunately, the University has implemented a set of policies to streamline this process to effectively manage its financial resources.
These policies establish a framework of shared responsibility, covering acceptable terms and conditions, signature authority, and required procedures. While these documents are necessary, understanding the associated risks can be daunting.
When it comes to information security contract terms, the stakes are high. Contracts that are not carefully reviewed, negotiated, and managed can leave the University and the Information Resource Owner (IRO) vulnerable to a wide range of avoidable risks. That's why it is important to scrutinize contracts, ensuring that any potentially harmful obligations are identified and addressed before putting pen to paper.
The Information Security Office (ISO) provides a range of resources throughout the contract lifecycle to bolster the management of information security risks. One such resource is a comprehensive training session on EDGE Learning called Understanding Information Security in Agreements, designed specifically for the University community. This engaging training empowers learners with the necessary knowledge to make well-informed decisions regarding risk tolerance throughout the life cycle of agreements. It covers a range of ISO resources and services that effectively support the management of information security risks.
The ISO has recently added a new video called Business Partner Compliance. In this video, learners get a user-friendly overview of the risks tied to vendors and third parties, along with helpful guidance on when it's smart to be extra vigilant. By tapping into these resources, individuals can gain valuable insights, make well-informed decisions, and effectively mitigate potential risks.
In addition to ISO resources, the UITS Finance Administrative Services has designated a specialized team consisting of a Senior Buyer and a Software Supply Chain Manager who have extensive knowledge and experience in the intricacies of the contracting process. Their expertise enables them to offer invaluable contracting guidance to UITS departments as they contract for the University’s enterprise services.
By utilizing these helpful resources and adhering to established policies, the University strives to approach contractual agreements with diligence and attention to information security risks. This comprehensive approach not only safeguards the University's interests but also ensures responsible and secure business dealings with external parties.
The Information Security Office-Governance, Risk and Compliance (ISO-GRC) Team is available for consultation via a ServiceNow Request with IROs and Information Security Risk Managers (ISRMs) on information security risks within agreements so they can make risk-informed decisions. More information about security awareness training can be found on the ISO Communications Space.