ASP IT Security Standard Compliance Form

pyknicassortedSecurity

Nov 3, 2013 (3 years and 7 months ago)

51 views



ASP IT Security Standard Compliance Form

Before the services of an Application Service Provider (ASP) may be contracted the vendor must demonstrate
compliance with the requirements of the Bellevue College IT
s
ecurity
s
tandard addressing “Application Servic
e
Providers.” This form will be provided to the ASP by the college employee contracting the services

of the vendor
and will be completed before any college data may be shared with the vendor.

The ASP vendor will refer to the
full
text of the
IT security
standard when documenting compliance.
Additional pages may be used, if necessary.

Completion of this form
will not

constitute approval to share data or an agreement by the college to transfer data
to the vendor. A separate
written
data sharing
agreement m
eeting the requirements of the college’s
“Non
-
Employee Access to Bellevue College Systems and Data”
IT security standard
,

documenting the specifics of the data
to be shared, must also be completed before college data may be transferred.

Instead of duplica
ting information,
r
eference
in this form
to that

agreement may be made
if the
data
agreement
contains

the
requ
ir
ed information.



ASP
Requirements and Declarations

1.

Description of Hosted Service Environment

a.

Provide w
ritten description of the hosted service
environment
.



Vendor complies


Vendor does not comply


Vendor comments:


2.

ASP Policies

a.

Provide c
opies of security and privacy policies.


Vendor complies


Vendor does not comply


Vendor comments:


3.

Location of ASP Facilities

a.

Provide names and
locations o
f facilities
.


Vendor complies


Vendor does not comply


Vendor comments:


4.

Data Security


Vendor complies


Vendor does not comply


Vendor comments:




Use of this form is governed by the Bellevue College IT Security Standard addressing “Application Service Providers



5.

Network Security


Vendor complies


Vendor does not comply


Vendor comments:


6.

Host Security


Vendor com
plies


Vendor does not comply


Vendor comments:


7.

Configuration Management


Vendor complies


Vendor does not comply


Vendor comments:


8.

Web Security


Vendor complies


Vendor does not comply


Vendor comments:


9.

E
-
commerce Applications


Vendor complies


Vendor does not comply


Vendor comments:


10.

Banner Page


Vendor complies


Vendor does not comply


Vendor comments:


11.

Cryptography


Vendor complies


Vendor does not comply


Vendor comments:


12.

ASP Personnel


Vendor complies


Vendor does not comply


Vendor

comments:




Use of this form is governed by the Bellevue College IT Security Standard addressing “Application Service Providers



13.

Physical Security


Vendor complies


Vendor does not comply


Vendor comments:


14.

Audit Requirements


Vendor complies


Vendor does not comply


Vendor comments:


15.

Legal


Vendor complies


Vendor does not comply


Vendor comments:


16.

Notification of

Security Breaches


Vendor
agrees


Vendor does not
agree


Vendor comments:


17.

Accessible Web
-
based Tools


Vendor
complies


Vendor does not
comply


Vendor comments:


18.

Indemnification


Vendor
agrees


Vendor does not
agree


Vendor comments:




Use of this form is governed by the Bellevue College IT Security Standard addressing “Application Service Providers



Certification

The undersi gned certi fi es that the ASP vendor sati sfies the requi rements set forth i n
the Bel l evue Col l ege IT
Securi ty Standard addressi ng “Appl i cation Servi ce Provi ders”, as recorded i n
thi s
r
esponse form
, together

wi th any
addenda detai l i ng excepti ons,
modi fi cati ons or amendments approved by Bel l evue Col l ege.

Si gner warrants that he/she i s authori zed to l egal l y bi nd the ASP vendor to the terms and condi ti ons detai l ed i n the
attached
Bel l evue Col l ege
ASP IT Securi ty Standard Compl i ance
f
orm
.


Company Name
:


Authorized by:


Position:




Signature:


Date signed: