1 year ago

The HECVAT (https://library.educause.edu/resources/2020/4/higher-education-community-vendor-assessment-toolkit) is a security assessment framework in the https://www.upguard.com/blog/security-questionnaire that’s specifically designed for higher education institutions to https://www.upguard.com/blog/manage-third-party-risk. https://www.upguard.com/blog/hecvat attempts to standardize higher education https://www.upguard.com/blog/information-security and data protection requirements for cloud service providers and third-party solutions, specifically for their consistency, compatibility, and ease of use.

HECVAT aims to: ensure the protection of sensitive data and the https://www.upguard.com/blog/personally-identifiable-information-pii of constituents; ensure that data protection and data management procedures implemented by the vendors are up to standards; ensure that the entity has a well-documented Business Continuity Plan (BCP); ensure that there’s a Disaster Recovery Plan (DRP) in place; reduce costs for cloud services without increasing https://www.upguard.com/blog/cybersecurity-risk; help with reducing the burden that cloud service providers face when responding to requests for security assessment from higher education institutions.

HECVAT, originally the Higher Education Cloud Vendor Assessment Tool, was created in response to the https://www.upguard.com/blog/cyber-threat-landscape surrounding higher education. Since gaining a wider scope outside higher education, HECVAT was renamed the Higher Education Community Vendor Assessment Tool, better reflecting its purpose beyond the cloud.