Application Service Providers

Attached is a memo that is making its way through the state system. This memo pertains to services that are provided and hosted by a third party, known in the industry as Application Service Providers or ASPs. The concern raised here is that ASP services are being purchased throughout the system without IT (in our case, TSS) oversight. The risk is that although these ASPs may be providing a great service, they may not be taking sufficient steps to insure that our data is sufficiently secured. In the event of a security breech the college may be liable for notifying individuals whose data has been compromised.  Depending on the number of people impacted the costs could run into the millions. The college would also likely be the target of lawsuits and damage claims, not to mention the damage to the reputation of Shoreline Community College. What this means to you is that TSS must approve any and all data services, even if hosted by a third party. I am personally involved in a state wide committee that is developing contract language to limit the risks and potential liability of such endeavors with ASPs.