Educause Security Discussion mailing list archives

Re: HECVAT Security Assessment Question

From: "Davis, Kevin" <kedavis () DAVIDSON EDU>
Date: Wed, 28 Jun 2017 14:13:59 +0000

Hi Joanna,

I’ll take this opportunity to raise a tangential question on HECVAT!

Davidson College is adopting HECVAT/HECVAT Lite for vendor assessments.  Being end of fiscal year, we’ve had a large 
number of cloud/SaaS software purchase requests from departments and have been evaluating several small/midsize vendors 
and encouraging them to follow HECVAT.

One question we’re getting is what other schools are using HECVAT, since for many smaller vendors this is the first 
they’re hearing about it.  Is there a list of what schools have adopted?  The more schools we can share that have 
bought in, the better the compliance…

Kevin

--
Kevin Davis
Deputy CIO & Director, Core Services
Davidson College ITS

(704) 894-2405 (office) | (980) 319-8538 (mobile)


From: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV 
EDUCAUSE EDU>> on behalf of Joanna Grama <jgrama () EDUCAUSE EDU<mailto:jgrama () EDUCAUSE EDU>>
Reply-To: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () 
LISTSERV EDUCAUSE EDU>>
Date: Wednesday, June 28, 2017 at 10:02 AM
To: "SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>" <SECURITY () LISTSERV EDUCAUSE 
EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>>
Subject: [SECURITY] HECVAT Security Assessment Question

Good morning list mates:

We have received an email from a member looking to see if:

1)      If any institution has a completed HECVAT for Microsoft Office 365/OneDrive, Box and ServiceNow

2)      If the vendor’s responses for that completed HECVAT allowed sharing with other higher education institutions

If the answers to the above questions are “yes,” could you contact me off list please?  We have a member that would 
like to speak with you about your experiences.

Kind regards,
Joanna

Joanna Grama, JD, CISSP, CRISC, CIPT
Director of Cybersecurity and IT GRC Programs

EDUCAUSE
Uncommon Thinking for the Common Good
282 Century Place, Suite 5000, Louisville, CO 80027
direct: 720.406.6769 | cell: 720.507.5983 | jgrama () educause edu<mailto:jgrama () educause edu>

Attend the EDUCAUSE Metrics 
Mania!<https://events.educause.edu/webinar/2017/metrics-mania-using-metrics-to-bolster-your-higher-education-information-security-program>
 online seminar, August 9, 2017.

Current thread:

HECVAT Security Assessment Question Joanna Grama (Jun 28)
- <Possible follow-ups>
- Re: HECVAT Security Assessment Question Davis, Kevin (Jun 28)
  - Re: HECVAT Security Assessment Question Joanna Grama (Jun 28)