Procurement Reviews Marty Desautels, Associate Controller

Slides:

Advertisements

Similar presentations

2 1.Client protection principles 2.Principle #6 in practice 3.The client perspective 4.Participant feedback 5.Tools for improving practice 6.Conclusion.

Advertisements

PCARD TRAINING FOR CARDHOLDERS Office of Procurement & Real Property Management July 24, 2014.

©2008 Perkins Coie LLP Game Industry Roundtable Privacy Developments for the Game Industry Thomas C. Bell September 24, 2008.

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

© 2014 ACA International. All Rights Reserved. Obtaining Optimum Compliance Performance Foundational Training on ACA’s Professional Practices Management.

E B a n k i n g Information Security Guidelines ABA’s Technology Risk Management – A Strategic Approach Telephone/Webcast Briefing June 17, 2002.

Insights on the Legal Landscape for Data Privacy in Higher Education Rodney Petersen, J.D. Government Relations Officer and Security Task Force Coordinator.

Payment Card Industry (PCI) Data Security Standard (DSS) Compliance Commonwealth of Massachusetts Office of the State Comptroller March 2007.

Information Security for the Data Management Professional Micheline Casey Chief Data Officer Federal Reserve Board.

NSF CYBER-SECURITY SUMMIT: INFORMATION SECURITY CLAUSE  Influenced by recommendations from previous Cyber-Security Summit meetings, the clause was added.

Vendor Risk: Effective Management is Essential

COMPLYING WITH HIPAA BUSINESS ASSOCIATE REQUIREMENTS Quick, Cost Effective Solutions for HIPAA Compliance: Business Associate Agreements.

1 HIPAA Security Overview Centers for Medicare & Medicaid Services (CMS)

Teresa Macklin Information Security Officer 27 May, 2009 Campus-wide Information Security Activities.

HIPAA Trading Partners, Legal Relationships October 2, 2001 presented by Peter B. Goldstein, Esq. Cap Gemini Ernst & Young, US LLC.

Outsourcing Louis P. Piergeti VP, IIROC March 29, 2011.

Privacy Law for Network Administrators Steven Penney Faculty of Law University of New Brunswick.

California :: Delaware :: Florida :: New Jersey :: New York :: Pennsylvania :: Virginia :: Washington, D.C. :: 1 NEW OBLIGATIONS.

“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.

Privacy Codes of Conduct as a self- regulatory approach to cope with restrictions on transborder data flow Dr. Anja Miedbrodt Exemplified with the help.

Using Safe Harbor to Develop an Integrated, Global Assessment Approach August 20, 2008.

Managing Third Party Risk In a world fraught w/Risk Trust In the Cloud How are you Protecting Customer Data? February 26, 2014 Case Study Vincent Campitelli.

RESPONSIBLE SHREDDING Bob Johnson CEO, NAID. Compliant and secure disposition.

© John Wiley & Sons, Inc Welcome to Special Events Legal and Financial Safeguards Chapter Twelve Special Events Legal and Financial Safeguards.

April 14, A Watershed Date in HIPAA Privacy Compliance: Where Should You Be in HIPAA Security Compliance and How to Get There… John Parmigiani National.

Energize Your Workflow! ©2006 Merge eMed. All Rights Reserved User Group Meeting “Energize Your Workflow” May 7-9, Security.

2 1.Client protection principles 2.Principle #6 in practice 3.The client perspective 4.Participant feedback 5.Tools for improving practice 6.Conclusion.

Robert J. Scott. Agenda Licensing Models Perpetual vs. Subscription User vs. Device Agreement Types Microsoft Business and Services Agreement Online Subscription.

CONFIRMING ORDERS Purchasing and Accounts Payable Department 2015.

ODOT Procurement Office (OPO) Diana L. Foster Chief Procurement Officer.

Visibility. Intelligence. response Information Security: Risk Management or Business Enablement? Mike Childs Vice President Rook Security.

E-Authentication October Objectives Provide a flexible, easy to implement authentication system that meets the needs of AES and its clients. Ensure.

1 Avoiding Subsoil Disputes in Kazakhstan Yerzhan Yessimkhanov GRATA Law Firm London, 2011.

Protecting your Managed Services Practice: Are you at Risk?

Case Study: Applying Authentication Technologies as Part of a HIPAA Compliance Strategy.

Information Security Audits Lessons Learned THE LOCAL CHILD SUPPORT AGENCY PERSPECTIVE.

1 TAIEX JHA Workshop on data protection and cloud computing Data transfers to third countries and standard contractual clauses Skopje, 29 May 2014.

COBIT. The Control Objectives for Information and related Technology (COBIT) A set of best practices (framework) for information technology (IT) management.

1 HIPAA Privacy Rule Clean-Up Following Compliance Date Tracie Hanna & Emily McConkey American Republic Insurance Company.

Framework of engagement : big data for official use Roy D. Ibay AVP Regulatory PLDT – Smart.

Student Data Transparency and Security Act: What You Need to Know

Michael Wright • Chief Security Officer • Tech Lock

Information Security Incident Response Primer

PCard Sensitive and Protected Information Procedures

An Update on FERPA and Student Privacy

Payment Card Industry (PCI) Data Security Standard (DSS) Compliance

Apple Privacy Policy As of: 12 September 2016

You need a new application/functionality?

Auditing Cloud Services

Contract Review and Processing

Information Security: Risk Management or Business Enablement?

Payment Card Industry (PCI) Data Security Standard (DSS) Compliance

UNM Information Security Program (ISMS)

Institutional Privacy Challenges

UNM Enterprise Firewall

Consumer Privacy An Introduction

Payment Card Industry (PCI) Data Security Standard (DSS) Compliance

GDPR – Practical Implementation Managing contracts, procurement and relationships with suppliers Terry Brewer Chief Executive.

Office of Information Security

Model Contract for Health

Operationalizing Export Certification and Regionalization Programmes

HIPAA Security Standards Final Rule

Building a Vertical Around Regulated Industries to Increase Your Business

Principle #6 – Privacy of Client Data This presentation is made possible by the Smart Campaign Principle #6- Privacy of Client Data.

GDPR PERSONDATAFORORDNINGEN I PRAKSIS

Vendor Management The Risks to Your Business

What does that have to do with me?

Colorado “Protections For Consumer Data Privacy” Law

Schoolnet Data Protection Policies

Presentation transcript:

Procurement Reviews Marty Desautels, Associate Controller Jeff Gassaway, Information Security & Privacy Officer

Agenda What Did We Do Before? What Are We Doing Now? Why Are We Doing This? What Else Are We Doing? So … What Does Bad Look Like? The Evolving Questionnaire Where Are We Going Next?

Definition: PII/ SPI Personally Identifiable/ Protected and Sensitive Information

What Did We Do Before? CIRT and Martha Purchasing and Martha UNM is Martha-less Audit and GLBA, et. al Speaking of Which … Purchasing and Information Security & Privacy in Partnership

What Are We Doing Now? Personally Identifiable/ Sensitive and Protected Information (PII/ SPI) Contracts Agreements Business Data Sharing PCards

Why Are We Doing This? Exercise Diligence Comply with Regulatory and Contractual Requirements Prevent ID Theft

What Else Are We Doing As Part of This? Are the Privacy and Security Safeguards Sufficient for the PII/ SPI? For Third-Party Products and/ or Services that UNM Procures and/ or Implements On-Site With Local/ Locally Verifiable Safeguards For Third-Party Products and/ or Services that UNM Procures and/ or Implements that are Partially or Entirely Provided by the Third-Party with Vendor Provided Validated Safeguards

So … What Does Bad Look Like? For Example … What’s a Privacy Policy? “What do you Need our Privacy Policy to Say?” “Can You Help us Write our Privacy Policy?” But, we have SSL!? UNM has an Obligation to Verify Appropriate Safeguards are in Place and Effective Administrative Physical Technical Sometimes Vendors are just Bad

The Questionnaire* *Not to Scale

Current Workflow* *Not to Scale

Where Are We Going Next? Process Improvements Streamlining Workflows SciQuest Help.UNM FastInfo 7486 With Links to the Most Current: Procedure Questionnaires Additional Information

Preguntas?