Higher Education Community Vendor Assessment Toolkit (HECVAT)
Information technology-based services and solutions must be appropriately assessed for managing the risks to the confidentiality, integrity, and availability of sensitive data and systems. To that end, 海角社区 has adopted Educause鈥檚 Higher Education Community Vendor Assessment Toolkit (HECVAT) as part of its Vendor Risk Management process.
The HECVAT attempts to generalize higher education information security and data protection questions for consistency and ease of use. Use of the HECVAT:
- Helps higher education institutions ensure that information technology-based services and solutions are appropriately assessed for security and privacy needs, including some that are unique to higher education.
- Allows a consistent, easily-adopted methodology for campuses wishing to reduce costs through cloud services without increasing risks.
- Reduces the burden that information technology providers face in responding to requests for security assessments from higher education institutions.
Vendors should seriously consider the benefits of hosting their HECVAT on REN-ISAC鈥檚 . Once completed, HECVATs can be shared with any that uses them.
HECVAT Assessment Forms
The Data Classification Level of information stored, transmitted, or used by an application or service determines the specific HECVAT to be completed by a vendor.
| Level 1 data off-premise: | HECVAT Full |
| Level 1 data on-premise: | HECVAT Full |
| Level 2 data off-premise: | HECVAT Full |
| Level 2 data on-premise: | HECVAT Lite |