Profile

Hi Seth, I saw Grammarly come up some years ago in my role at another institution. My recollection is that we denied the request on the basis that Grammarly is able to read an unnecessarily wide range of data and was not able to adequately address our corresponding security and privacy concerns. ...

Hey Thierry, Your process sounds quite similar to one that I've implemented in the past (I've since moved from the infosec/IT side of the house to the financial/procurement side, so I'm less directly involved with HECVATs and other vendor assessments at this time). The biggest risk factors in on-prem/local ...

Hi Shareatha, I don't handle these requests directly, but I've worked with a few teams that have, usually to offer policy advice. As a starting point, I'd recommend your institution agree on a standard position on different kinds of PII. Work with counsel, privacy, and data owners to determine which ...