If you're managing projects or technology procurements, we encourage you to reach out to us early in the process. We can help you estimate how complex the security considerations will be for your project and may have information about products that have good security practices or have known problems.
We consult on projects related to:
- Technology procurement (all types of hardware and software)
- New system or process implementation
- Software /Forms development
Vendor reviews are often conducted as part of the purchasing process. It typically involves gathering information from vendors about their compliance with information security standards.
Some of the questions we'll ask during a vendor review include:
- Who will be using this software?
- What type of data will be accessed or stored in this software?
- Does the vendor have a SOC II Type 2 certification?
Privacy impact assessments (PIAs) are usually done in partnership with Camosun's Privacy Office.
A PIA is a risk management review process used to identify and manage privacy risks. PIAs help us determine what information we collect, access, and store during projects and service operations. PIAs help us protect personal information for all Camosun users. We can guide you through the PIA process for technology-related projects and services.
Security threat and risk assessments (STRAs) are the most formal type of security review and usually take the longest to complete.
An STRA is used to determine whether computing devices and software applications meet formal security standards.
An STRA can be part of a project, a major system or a software application deployment, or an operational process. You can also request one-time or scheduled automated scans.
If you need a STRA, we will:
- develop an assessment scope, plan and schedule
- conduct the assessment, which includes:
- reviewing security plans, documentation and controls
- vulnerability scans
- performing threat analysis
- identifying risks
- make risk mitigation recommendations
- provide a report with results and recommendations.