Presentation is loading. Please wait.

Presentation is loading. Please wait.

Procurement Reviews Marty Desautels, Associate Controller

Published byUte Neumann Modified over 6 years ago

Similar presentations

Presentation on theme: "Procurement Reviews Marty Desautels, Associate Controller"— Presentation transcript:

1 Procurement Reviews Marty Desautels, Associate Controller
Jeff Gassaway, Information Security & Privacy Officer

2 Agenda What Did We Do Before? What Are We Doing Now?
Why Are We Doing This? What Else Are We Doing? So … What Does Bad Look Like? The Evolving Questionnaire Where Are We Going Next?

3 Definition: PII/ SPI Personally Identifiable/ Protected and Sensitive Information

4 What Did We Do Before? CIRT and Martha Purchasing and Martha
UNM is Martha-less Audit and GLBA, et. al Speaking of Which … Purchasing and Information Security & Privacy in Partnership

5 What Are We Doing Now? Personally Identifiable/ Sensitive and Protected Information (PII/ SPI) Contracts Agreements Business Data Sharing PCards

6 Why Are We Doing This? Exercise Diligence
Comply with Regulatory and Contractual Requirements Prevent ID Theft

7 What Else Are We Doing As Part of This?
Are the Privacy and Security Safeguards Sufficient for the PII/ SPI? For Third-Party Products and/ or Services that UNM Procures and/ or Implements On-Site With Local/ Locally Verifiable Safeguards For Third-Party Products and/ or Services that UNM Procures and/ or Implements that are Partially or Entirely Provided by the Third-Party with Vendor Provided Validated Safeguards

8 So … What Does Bad Look Like?
For Example … What’s a Privacy Policy? “What do you Need our Privacy Policy to Say?” “Can You Help us Write our Privacy Policy?” But, we have SSL!? UNM has an Obligation to Verify Appropriate Safeguards are in Place and Effective Administrative Physical Technical Sometimes Vendors are just Bad

9 The Questionnaire* *Not to Scale

10 Current Workflow* *Not to Scale

11 Where Are We Going Next? Process Improvements Streamlining Workflows
SciQuest Help.UNM FastInfo 7486 With Links to the Most Current: Procedure Questionnaires Additional Information

12 Preguntas?

Download ppt "Procurement Reviews Marty Desautels, Associate Controller"

Similar presentations

2 1.Client protection principles 2.Principle #6 in practice 3.The client perspective 4.Participant feedback 5.Tools for improving practice 6.Conclusion.

2 1.Client protection principles 2.Principle #6 in practice 3.The client perspective 4.Participant feedback 5.Tools for improving practice 6.Conclusion.
PCARD TRAINING FOR CARDHOLDERS Office of Procurement & Real Property Management July 24, 2014.

PCARD TRAINING FOR CARDHOLDERS Office of Procurement & Real Property Management July 24, 2014.
©2008 Perkins Coie LLP Game Industry Roundtable Privacy Developments for the Game Industry Thomas C. Bell September 24, 2008.

©2008 Perkins Coie LLP Game Industry Roundtable Privacy Developments for the Game Industry Thomas C. Bell September 24, 2008.
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
© 2014 ACA International. All Rights Reserved. Obtaining Optimum Compliance Performance Foundational Training on ACA’s Professional Practices Management.

© 2014 ACA International. All Rights Reserved. Obtaining Optimum Compliance Performance Foundational Training on ACA’s Professional Practices Management.
E B a n k i n g Information Security Guidelines ABA’s Technology Risk Management – A Strategic Approach Telephone/Webcast Briefing June 17, 2002.

E B a n k i n g Information Security Guidelines ABA’s Technology Risk Management – A Strategic Approach Telephone/Webcast Briefing June 17, 2002.
Insights on the Legal Landscape for Data Privacy in Higher Education Rodney Petersen, J.D. Government Relations Officer and Security Task Force Coordinator.

Insights on the Legal Landscape for Data Privacy in Higher Education Rodney Petersen, J.D. Government Relations Officer and Security Task Force Coordinator.
Payment Card Industry (PCI) Data Security Standard (DSS) Compliance Commonwealth of Massachusetts Office of the State Comptroller March 2007.

Payment Card Industry (PCI) Data Security Standard (DSS) Compliance Commonwealth of Massachusetts Office of the State Comptroller March 2007.
Information Security for the Data Management Professional Micheline Casey Chief Data Officer Federal Reserve Board.

Information Security for the Data Management Professional Micheline Casey Chief Data Officer Federal Reserve Board.
NSF CYBER-SECURITY SUMMIT: INFORMATION SECURITY CLAUSE  Influenced by recommendations from previous Cyber-Security Summit meetings, the clause was added.

NSF CYBER-SECURITY SUMMIT: INFORMATION SECURITY CLAUSE  Influenced by recommendations from previous Cyber-Security Summit meetings, the clause was added.
Vendor Risk: Effective Management is Essential

Vendor Risk: Effective Management is Essential
COMPLYING WITH HIPAA BUSINESS ASSOCIATE REQUIREMENTS Quick, Cost Effective Solutions for HIPAA Compliance: Business Associate Agreements.

COMPLYING WITH HIPAA BUSINESS ASSOCIATE REQUIREMENTS Quick, Cost Effective Solutions for HIPAA Compliance: Business Associate Agreements.
1 HIPAA Security Overview Centers for Medicare & Medicaid Services (CMS)

1 HIPAA Security Overview Centers for Medicare & Medicaid Services (CMS)
Teresa Macklin Information Security Officer 27 May, 2009 Campus-wide Information Security Activities.

Teresa Macklin Information Security Officer 27 May, 2009 Campus-wide Information Security Activities.
HIPAA Trading Partners, Legal Relationships October 2, 2001 presented by Peter B. Goldstein, Esq. Cap Gemini Ernst & Young, US LLC.

HIPAA Trading Partners, Legal Relationships October 2, 2001 presented by Peter B. Goldstein, Esq. Cap Gemini Ernst & Young, US LLC.
Outsourcing Louis P. Piergeti VP, IIROC March 29, 2011.

Outsourcing Louis P. Piergeti VP, IIROC March 29, 2011.
Privacy Law for Network Administrators Steven Penney Faculty of Law University of New Brunswick.

Privacy Law for Network Administrators Steven Penney Faculty of Law University of New Brunswick.
California :: Delaware :: Florida :: New Jersey :: New York :: Pennsylvania :: Virginia :: Washington, D.C. :: www.buchananingersoll.com 1 NEW OBLIGATIONS.

California :: Delaware :: Florida :: New Jersey :: New York :: Pennsylvania :: Virginia :: Washington, D.C. :: 1 NEW OBLIGATIONS.
“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.

“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.
Privacy Codes of Conduct as a self- regulatory approach to cope with restrictions on transborder data flow Dr. Anja Miedbrodt Exemplified with the help.

Privacy Codes of Conduct as a self- regulatory approach to cope with restrictions on transborder data flow Dr. Anja Miedbrodt Exemplified with the help.

Similar presentations

Ads by Google