Requirements for requesting access to 3rd party app
PLEASE READ THIS BEFORE SUBMITTING THE REQUEST!
Before we can review your request for access and/or approval to set up an application on our network, please obtain a SOC2 Audit Report from the vendor, and have the attached HECVAT form filled out by both the Requestor and the Vendor. This will apply to all applications, especially ones that collect Personally Identifiable Information (PII) data.
Here is additional info on what SOC2 is:
The Service Organization Control (SOC) compliance guides organizations on best practices on the storage, processes, and the transmission of customer (student) data. The criteria and controls are defined by the reporting controls. Assessment is based on the following:
Privacy: This category evaluates the organization's controls for the collection, use, retention, disclosure, and disposal of personal information in accordance with the organization's privacy notice, regulatory requirements, and commitments to customers.
Confidentiality: It concerns the protection of sensitive information from unauthorized access, disclosure, or use. It assesses the organization's controls related to data privacy.
Processing Integrity: This category evaluates the completeness, accuracy, timeliness, and validity of data processing, ensuring that data is processed correctly and as intended.
Security: This category focuses on the protection of information systems against unauthorized access, unauthorized disclosure, and potential damage.
Availability: It assesses the availability of the organization's systems, infrastructure, and services, ensuring they are reliable and accessible for operation as agreed upon or required.
Finally, the SOC 2 audit reveals the organization's controls and processes; assesses their design and effectiveness; and issues a report detailing the findings. The report can be shared with customers, like SDCCD, to provide assurance about the organization's commitment to protecting customer (student) data and meeting relevant security and privacy requirements.
These changes are to help SDCCD ensure the security of our various stakeholders.
Use Request for Access to 3rd Party App once you have the information collected.