Question CHNG-14

Do you have an implemented system configuration management process? (e.g.,secure "gold" images, etc.)

Standard Guidance

EDUCAUSE provides no guidance here

Answering "NO"

Describe how system configuration management is currently handled in your environment.

Answering "YES"

Summarize your implemented system configuration management precess.

Reason for Question

Hardware lifecycles and continuous software updates creates an always-changing landscape in information technology. The focus of this question is the integrity of a vendor's infrastructure. Mismanagement of system configurations can lead to breakdowns in layers of security.

Follow-Up Inquiries

It is expected that vendors should have robust documentation when it comes to configuration management. Vague answers to this question should be met with concern. Inquire about the device management tools in use, system lifecycles, complexity of systems, etc., and evaluate the response in the context of company capabilities (see Company Background section).

HECVAT Pro Advice

[Add expert insights and best practices]

Implementation Tips

[Add practical steps for SME SaaS vendors]

FAQ

[Add common questions related to this HECVAT item]

Resources

[Add links to relevant articles or tools]