Middlebury Information Security Survey for Proposed Applications & Services
* Required
Product Name
*
Your answer
Company Name
*
Your answer
Business Contact
*
Your answer
Email
*
Your answer
Phone
*
Your answer
Application / Service Description
*
Please provide a basic overview of what the application or service is and does.
Your answer
Middlebury Contact
*
Who is the contact person that you are working with at Middlebury?
Your answer
Does this application or service PROCESS, STORE, or TRANSMIT any REGULATED DATA?
*
Examples of regulated data include: PII / Personally Identifiable Information, PCI / Payment Card Information, HRI / Health Records Information, FERPA / Academic Records. See
https://en.wikipedia.org/wiki/Personally_identifiable_information
for more information about PII or the links below for more information about other regulated data types.
Yes
No
If this application or service processes, stores, or transmits regulated data, is the REGULATED DATA ENCRYPTED both IN-TRANSIT and AT-REST?
*
Yes
No
N/A
Does your solution transmit, process, or store any payment card data (PCI DATA) or redirect to a payment processor for payment card processing?
*
PCI data means Payment Card Information. See
https://www.pcisecuritystandards.org
for more information.
Yes
No
If the application or service processes, stores, or transmits Academic data, is the application or service FERPA COMPLIANT?
*
Academic data includes Grades and Student Financial Information. See
http://www2.ed.gov/policy/gen/guid/fpco/ferpa/index.html
for more information.
Yes
No
N/A
If the application or service processes, stores, or transmits HRI, is the application or service HIPAA / HITECH COMPLIANT?
*
HRI means Health Records Information. See
http://www.hhs.gov/ocr/privacy/
for more information.
Yes
No
N/A
Is ANTI-VIRUS software ENABLED to protect hosting and supporting systems for the application or service?
*
Yes
No
Does the application or service leverage BEST-PRACTICE ACCESS CONTROLS?
*
Examples of best-practice access controls include: strong password enforcement, multi-factor authentication, SSL/HTTPS protocols
Yes
No
Is client data in the application or service protected by a FORMAL DATA BACKUP & RECOVERY PROGRAM?
*
Yes
No
Is client data in the application or service governed by FORMAL PRIVACY & SECURITY POLICIES?
*
Yes
No
Is client data in the application or service protected by a FORMAL BREACH NOTIFICATION POLICY?
*
Yes
No
Submit
Page 1 of 1
Never submit passwords through Google Forms.
This form was created inside of Middlebury.
Report Abuse
Forms
