The Higher Education Community Vendor Assessment Tool, or HECVAT, is a questionnaire tool intended to help higher education institutions assess their vendor risk. The HECVAT was created by EDUCAUSE's Higher Education Information Security Council (HEISC) in collaboration with Internet2 and the REN-ISAC.
Higher Education Community Vendor Assessment Tool
Questions?
ATTENTION: Our "request a HECVAT form" is temporarily unavailable. We are working to remedy the situation.
All other vendor or client HECVAT questions should be directed to HECVAT@educause.edu.
The Higher Education Community Vendor Assessment Tool (HECVAT) attempts to generalize higher education information security and data protection questions and issues regarding cloud services for consistency and ease of use. You can freely use either version of the tool -- the original robust version or the lightweight version. Use of HECVAT:
Helps higher education institutions ensure that cloud services are appropriately assessed for security and privacy needs, including some that are unique to higher education
Allows a consistent, easily-adopted methodology for campuses wishing to reduce costs through cloud services without increasing risks
Reduces the burden that cloud service providers face in responding to requests for security assessments from higher education institutions