Middlebury Information Security Survey for Proposed Applications & Services
Product Name *
Your answer
Company Name *
Your answer
Business Contact *
Your answer
Email *
Your answer
Phone *
Your answer
Application / Service Description *
Please provide a basic overview of what the application or service is and does.
Your answer
Middlebury Contact *
Who is the contact person that you are working with at Middlebury?
Your answer
Does this application or service PROCESS, STORE, or TRANSMIT any REGULATED DATA? *
Examples of regulated data include: PII / Personally Identifiable Information, PCI / Payment Card Information, HRI / Health Records Information, FERPA / Academic Records. See https://en.wikipedia.org/wiki/Personally_identifiable_information for more information about PII or the links below for more information about other regulated data types.
If this application or service processes, stores, or transmits regulated data, is the REGULATED DATA ENCRYPTED both IN-TRANSIT and AT-REST? *
Does your solution transmit, process, or store any payment card data (PCI DATA) or redirect to a payment processor for payment card processing? *
PCI data means Payment Card Information. See https://www.pcisecuritystandards.org for more information.
If the application or service processes, stores, or transmits Academic data, is the application or service FERPA COMPLIANT? *
Academic data includes Grades and Student Financial Information. See http://www2.ed.gov/policy/gen/guid/fpco/ferpa/index.html for more information.
If the application or service processes, stores, or transmits HRI, is the application or service HIPAA / HITECH COMPLIANT? *
HRI means Health Records Information. See http://www.hhs.gov/ocr/privacy/ for more information.
Is ANTI-VIRUS software ENABLED to protect hosting and supporting systems for the application or service? *
Does the application or service leverage BEST-PRACTICE ACCESS CONTROLS? *
Examples of best-practice access controls include: strong password enforcement, multi-factor authentication, SSL/HTTPS protocols
Is client data in the application or service protected by a FORMAL DATA BACKUP & RECOVERY PROGRAM? *
Is client data in the application or service governed by FORMAL PRIVACY & SECURITY POLICIES? *
Is client data in the application or service protected by a FORMAL BREACH NOTIFICATION POLICY? *
Submit
Never submit passwords through Google Forms.
This form was created inside of Middlebury. Report Abuse - Terms of Service