< Internet2 NET+ FAQ Categories
5. SERVICE VALIDATION & CONTRACT TERMS
5.1 What are the key steps of the service validation process?
The key steps of the service validation process include: functional validation; comprehensive security assessment; federated identity integration; network integration and testing; and completion of a business and customer agreement. The sponsor and all other schools participating in the Service Validation process work very closely on all of these steps.
5.2 Does the NET+ service comply with FERPA or HIPAA/HITECH or [other applicable legislation]?
Compliance with laws applicable to higher education is part of all service negotiations. All services include contractual provisions relating to FERPA. Some service providers also agree to provisions and sign Business Associate Agreements under HIPAA/HITECH. Other laws also may be specifically called out contractually. State schools that are subject to specific state laws that feel they are not covered by the NET+ business agreement or customer agreement should discuss these with NET+ staff so that appropriate addenda can be made.
5.3 What does NET+ do to ensure that services are secure?
A thorough security assessment is one of the components of the Service Validation phase for any NET+ Service. The Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM) has been identified by Internet2 as its preferred framework for systematically evaluating the cyber security of Internet2 NET+ cloud-based services.
The CSA CCM helps standardize the security assessment process for cloud-based service providers by covering virtually all relevant security areas in a systematic way in a relatively compact spreadsheet, keyed and cross-referenced to common security frameworks such as COBIT, ISO 27001, NIST SP800-53 R3, etc.
5.4 What keeps a service from being available on its expected date?
A number of factors can delay the availability of a service. Some of the reasons for delays are industry staff turnover, complex legal negotiations, technical challenges, and time required for a service provider to meet the requirements of the NET+ program.