- From: "Jackson, D'Ann" <address@concealed>
- To: "address@concealed" <address@concealed>
- Subject: [devel@sympa] SYmpa - Security Documentation Request
- Date: Fri, 16 May 2025 19:25:32 +0000
Hello,
I do realize the Sympa is open-source. I still wanted to reach out to ask if there is any security documentation that can be provided for Sympa.
I am emailing to request security documentation for our state-required risk assessment of Sympa, Since we are a public university, we must follow Texas regulations, ensuring your company has adequate security controls in place. I am requesting that your organization
complete the attached Higher Education Community Vendor Assessment Tool (HECVAT) and provide security documentation that shows you have the necessary security controls implemented to ensure our system will remain protected. More information on the HECVAT can
be found at
https://library.educause.edu/resources/2020/4/higher-education-community-vendor-assessment-toolkit.
I appreciate your assistance.
In lieu of completing the HECVAT, any certification report such as a SOC 2 Type 2 or ISO 27001 from a third-party auditor will suffice. Also, Texas Government Code requires that I verify you are conducting vulnerability scans and penetration tests prior to
us using your service so any type of high-level executive summary you may provide is appreciated.
SA-9 External Information System Services - The state organization requires that providers of external information system services employ adequate
security controls in accordance with these standards and monitors security control compliance.
Sec. 2054.516. DATA SECURITY PLAN FOR ONLINE AND MOBILE APPLICATIONS. (a) Each state agency implementing an Internet website or mobile application that processes any sensitive personal or personally identifiable information or confidential information
must … subject the website or application to a vulnerability and penetration test and address any vulnerability identified in the test.
Please let me know if you have any questions. And, thank you in advance for any security documentation you can provide.
Best Regards,
D’ANN JACKSON
Senior Information Security Analyst
I.T. Solutions
P: 940-898-3262
Service Desk: 940-898-3971 |
address@concealed
![]()
This message contains information which
may be confidential and privileged. Unless you are the addressee (or authorized to receive for the addressee), you may not use, copy or disclose to anyone the message or any information contained in the message. If you have received the message in error, please
advise the sender by reply e-mail and delete the message.
Attachment:
hecvat306 (1).xlsx
Description: hecvat306 (1).xlsx
-
[devel@sympa] SYmpa - Security Documentation Request,
Jackson, D'Ann, 05/16/2025
Archive powered by MHonArc 2.6.19+.