Service Overview
How secure is the product and vendor I'm considering? Before the College purchases any information technology (IT) solution, we require that potential vendors complete a Higher Education Community Vendor Assessment Toolkit (HECVAT) questionnaire, (or similar security attestation), to assess their security practices before being entrusted with sensitive College information.
Available To
Staff - Budget managers or purchasing decision makers.
Is a Security Assessment Required?
A vendor & solution security assessment is required in MOST but not ALL cases. It's best to assume that an assessment is required unless an authorized IT staff member has told you in writing it is not required. A few questions when consider when determining applicability:
- Does the software handle or process sensitive information? (e.g., PI, PHI)
- Does the software need to comply with industry standards or regulations? (e.g., PIPEDA, PCI, etc.)
- Does the software integrate with existing systems or services (e.g., single sign-on (SSO), APIs, databases)?
- Is the software critical to business operations?
- If software is on-premises, does it require Internet connectivity?
Getting Started
Click the [ Request Security Assessment ] button and complete the form to initiate the process.
Additional Information
Higher Education Community Vendor Assessment Toolkit (HECVAT) is a tool provided by the EDUCAUSE community. Additional industry security reports and attestations can also be accepted in lieu of the appropriate HECVAT questionnaire. These include: