Re: HECVAT - Vendor Refusal

[Robert Smith <Robert.Smith () UCOP EDU>]

Hello,

Good afternoon.

Seeing the interest in Jonathan's work, I thought I would share ours as well.  U Tulsa and Univ of Cal address similar 
points, but have slightly different ways of getting there.

Here is our "Data Security Appendix": 
https://www.ucop.edu/procurement-services/policies-forms/legal-forms-current/appendix-ds-8-12-2019.pdf

Here is our page for our internal Units who engage suppliers: https://security.ucop.edu/resources/contracts.html

We have some great suppliers to really understand the domain, and like many stated we have others who just do not seem 
to get it.  We are making progress in getting business partners to just drop the suppliers who show up with silly 
responses.  As we (the community) get bolder on this, then suppliers will get the message as the sales fall off.

Enjoy a jocund day,
Robert Smith, CISSP, PMP
Systemwide IT Policy Director/Security Director
Information Technology Services
University of California Office of the President
(510) 587-6244 (o)
(510) 541-8103 (m)
robert.smith () ucop edu<mailto:robert.smith () ucop edu>


**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community