The roles that are typically involved in participating with a vendor security assessment include the following:
Resource Owner or Proprietor | Campus unit representative who has overall responsibility for the application (e.g., budgeting and resource allocation). |
Implementation Project Manager | Unit member responsible for the roll-out of the application or service, including (but not limited to) vendor selection, contract specifications, configuration, process-flow design, personnel training, etc. |
UC Buyer | Representative in the UC Procurement department responsible for the vendor contract negotiation. |
Vendor Representative | Staff member of the service provider responsible for completing the Vendor Security Assessment Questionnaire. Ideally, this person is affiliated with the IT department and is knowledgable regarding the vendor's security framework. Often times, the person in this role is a Sales or Customer Support Representative who facilitates communication between the vendor's IT staff and the ISO Assessor. |
ISO Assessor | A member of the ISO analysts team assigned as the primary assessor responsible for the engagement with the unit. |