Educause Security Discussion mailing list archives
Re: HECVAT Users List
From: Tom Horton <horton () CORNELL EDU>
Date: Tue, 27 Feb 2018 14:54:30 +0000
At Cornell we adopted the HECVAT early on and have been using it ever since. For the RFP process, we included the Lite version for vendors to fill out during the initial phase of the RFP. When the process narrows down the selection of vendors to 1 or 2, we'll send along the full version of the HECVAT for completion. We've had a handful of vendors balk at the idea of filling out the HECVAT but for the most part, companies who are on the ball have no issues completing it. -Tom Tom Horton Assistant Director of Identity Management and Security Engineering Cornell University IT Security Office 120 Maple Ave. 607-255-7582 ________________________________ From: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> on behalf of Washburn, Ian <ian () IU EDU> Sent: Tuesday, February 27, 2018 9:42:22 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] HECVAT Users List IU has been using the HECVAT as our primary questionnaire since its release. We require it when a full assessment is required and rarely use the HECVAT lite except when approved by our Data Stewards. We haven't had many vendors refuse to fill it out but, our team is well trained in the sales pitch that comes along with this lengthy form. :) I've added our institution to the list. Ian Washburn GSEC, GMOB, GISP Systems Risk Mitigation Manager University Information Security Office Public Safety and Institutional Assurance Indiana Univeristy 812-855-7262 ian () iu edu -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () listserv educause edu] On Behalf Of Laura Raderman Sent: Monday, February 26, 2018 12:21 PM To: SECURITY () listserv educause edu Subject: Re: [SECURITY] HECVAT Users List We’re accepting the HECVAT (full or lite), but we supplement with non-security questions as well. Laura Raderman ISO Policy & Compliance Coordinator Carnegie Mellon University lraderman () cmu edu
On Wed, Feb 21, 2018 at 1:20 PM, Allen, Jon <Jon_Allen () baylor edu> wrote: Hello! The 2019 Higher Education Cloud Vendor Assessment Tool (HECVAT) working group is devoting effort to getting the word out about institutional HECVAT adoption. We want to create a list of institutions that are using the HECVAT to publish on the HECVAT web page (https://library.educause.edu/resources/2016/10/higher-education-cloud-vendor-assessment-tool). The purpose of this list is two-fold: First, to demonstrate HECVAT adoption at higher education institutions (so that vendors will want to participate in completing a HECVAT). Second, to provide a list of HECVAT references (so that institutions can contact their peers with HECVAT questions). If you are interested in being listed on the webpage in this manner, please fill out this form. Institutional names only (not contact information) will be listed on the webpage. If you would like your institution to be listed in this way, please complete our form: https://goo.gl/forms/BJlson23HVDMy1Q63 Thanks, _________________________________ Jon Allen, CISSP, EnCE Assistant Vice President & Chief Information Security Officer Baylor University 254.710.4793 <image001.png> www.baylor.edu/bearaware<http://www.baylor.edu/bearaware>
Current thread:
- Re: HECVAT Users List, (continued)
- Re: HECVAT Users List Steven W Andariese (Mar 20)
- Re: HECVAT Users List Hart, Michael (Mar 01)
- Re: HECVAT Users List Alan Bowen (Feb 22)
- Re: HECVAT Users List Ronald King (Feb 22)
- Re: HECVAT Users List Josh Callahan (Feb 22)
- Re: HECVAT Users List Steven W Andariese (Feb 22)
- Re: HECVAT Users List Mark Dieterich (Feb 23)
- Re: HECVAT Users List Laura Raderman (Feb 26)
- Re: HECVAT Users List Washburn, Ian (Feb 27)
- Re: HECVAT Users List Tom Horton (Feb 27)