Educause Security Discussion mailing list archives
Re: HECVAT Security Assessment Question
From: "Davis, Kevin" <kedavis () DAVIDSON EDU>
Date: Wed, 28 Jun 2017 14:13:59 +0000
Hi Joanna, I’ll take this opportunity to raise a tangential question on HECVAT! Davidson College is adopting HECVAT/HECVAT Lite for vendor assessments. Being end of fiscal year, we’ve had a large number of cloud/SaaS software purchase requests from departments and have been evaluating several small/midsize vendors and encouraging them to follow HECVAT. One question we’re getting is what other schools are using HECVAT, since for many smaller vendors this is the first they’re hearing about it. Is there a list of what schools have adopted? The more schools we can share that have bought in, the better the compliance… Kevin -- Kevin Davis Deputy CIO & Director, Core Services Davidson College ITS (704) 894-2405 (office) | (980) 319-8538 (mobile) From: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>> on behalf of Joanna Grama <jgrama () EDUCAUSE EDU<mailto:jgrama () EDUCAUSE EDU>> Reply-To: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>> Date: Wednesday, June 28, 2017 at 10:02 AM To: "SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>" <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>> Subject: [SECURITY] HECVAT Security Assessment Question Good morning list mates: We have received an email from a member looking to see if: 1) If any institution has a completed HECVAT for Microsoft Office 365/OneDrive, Box and ServiceNow 2) If the vendor’s responses for that completed HECVAT allowed sharing with other higher education institutions If the answers to the above questions are “yes,” could you contact me off list please? We have a member that would like to speak with you about your experiences. Kind regards, Joanna Joanna Grama, JD, CISSP, CRISC, CIPT Director of Cybersecurity and IT GRC Programs EDUCAUSE Uncommon Thinking for the Common Good 282 Century Place, Suite 5000, Louisville, CO 80027 direct: 720.406.6769 | cell: 720.507.5983 | jgrama () educause edu<mailto:jgrama () educause edu> Attend the EDUCAUSE Metrics Mania!<https://events.educause.edu/webinar/2017/metrics-mania-using-metrics-to-bolster-your-higher-education-information-security-program> online seminar, August 9, 2017.
Current thread:
- HECVAT Security Assessment Question Joanna Grama (Jun 28)
- <Possible follow-ups>
- Re: HECVAT Security Assessment Question Davis, Kevin (Jun 28)
- Re: HECVAT Security Assessment Question Joanna Grama (Jun 28)