Before a third party service provider is given access to Institute data and/or information systems, the data/system owner will provide the prospective service provider with the third party security questionnaire and will ensure that the service provider completes the questionnaire in full. Georgia Tech Cyber Security uses the EDUCAUSE Higher Education Cloud Vendor Assessment Tool for this purpose.
The owner will then provide the completed document to Cyber Security for review. Cyber Security will review the information provided in the completed document and then advise the data/system owner of any information security concerns discovered during the course of the review. The data/system owner will take this advice into consideration before allowing the potential service provider access to Institute data and/or information systems.