Institutional IT security requirements

[Lindsay Wittwer]

Hi all,

As part of building our born digital processing program I'm trying to get approval to install BitCurator; however, our university IT and purchasing departments have put in place stringent risk assessment for all third party software and services.

To kick off the process I need to identify the name and email of someone associated with BitCurator to complete our IT security questionnaire. Could anyone point me to someone who would be able to answer something like this?

Additionally, I was wondering if any other users have had to navigate risk assessment/security review of BitCurator at their institutions and might have any advice on what worked well for them? URochester is a tiny R1 with a massive medical center, so the main concern of those involved in the risk assessment appears to be oriented around secure handling on PHI with a proven fundamental lack of understanding of library/archives systems.

Thanks so much for any and all assistance with this!

Best,

Lindsay 

Lindsay Wittwer (she/her)

Assistant Director for Collections

Rare Books, Special Collections, and Preservation

University of Rochester