Specifications include, but are not limited to: It is anticipated that the HECVAT will be revised over time to account for changes in services provisioning and the information security and data protection needs of higher education institutions. The Higher Education Community Vendor Assessment Toolkit: ● Helps higher education institutions ensure that vendor services are appropriately assessed for security and privacy needs, including some that are unique to higher education ● Allows a consistent, easily-adopted methodology for campuses wishing to reduce costs through vendor services without increasing risks ● Reduces the burden that service providers face in responding to requests for security assessments from higher education institutions The Higher Education Community Vendor Assessment Toolkit is a suite of tools built around the original HECVAT (known now as HECVAT - Full) to allow institutions to adopt, implement, and maintain a consistent risk/security assessment program. Tools include: ● HECVAT - Triage: Used to initiate risk/security assessment requests - review to determine assessment requirements ● HECVAT - Full: Robust questionnaire used to assess the most critical data sharing engagements ● HECVAT - Lite: A lightweight questionnaire used to expedite process ● HECVAT - On-Premise: Unique questionnaire used to evaluate on-premise appliances and software The HECVAT (and Toolkit) was created by the Higher Education Information Security Council Shared Assessments Working Group. Its purpose is to provide a starting point for the assessment of vendor provided services and resources. Over time, the Shared Assessments Working Group hopes to create a framework that will establish a community resource where institutions and cloud services providers will share completed Higher Education Cloud Vendor Assessment Tool assessments.
