Hi Andy,
It has been 3-4 years since the last time, and it was sniffer logs, dumps, and traces - full end to end to resolve a critical remote printer issue for law enforcement. We redacted what could be redacted - Ip addresses were replaced with literals, e.g. C-IP-addr1, for customer IP address 1, and so on. We were careful to replace with meaningful substitutions, so as not to complicate the troubleshooting efforts, while not revealing anything that our customer wasn't okay with. The problem print was traced, sniffed, and dumps were taken. We also had the vendors id the individuals who would be working the problem and everybody signed non-disclosure agreements. The root cause of the problem was found and corrected within about a week. For your situation, I would suggest that you begin with the requirements of law (if any) that cover your data and your situation. It sure sounds like it would come under HIPPA, so I did a quick Google search for ' what is Tricare data'. Breaches require free credit monitoring, and it is covered by HIPPA - according to some of the search results. HTH, Linda ----- Original Message ----- From: "Andy White" <awh...@metlife.com> To: IBM-MAIN@bama.ua.edu Sent: Wednesday, June 6, 2012 9:57:19 AM Subject: Dumps to vendors with sensitive data We recently have a DOD (Department of Defense) account on our systems. Question if you are sending a dump to a vendor e.g. IBM and there might be a slight change it has user data stored in common storage. Do you have a DOD approved person within IBM you send the dump to? Or an assigned group to your account that deals with GSA/DOD type of issues? We haven't sent any dumps to a vendor since taking on this new work but wanted to know how other companies handle this? Andy S. White The information contained in this message may be CONFIDENTIAL and is for the intended addressee only. Any unauthorized use, dissemination of the information, or copying of this message is prohibited. If you are not the intended addressee, please notify the sender immediately and delete this message. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
