Educause Security Discussion mailing list archives
Re: Why the HECVAT?
From: Josh Boon <educauseedu () JOSHBOON COM>
Date: Tue, 5 Jan 2021 09:47:17 -0600
I'd like to put in a vote working as a consultant for vendors for having an up-to-date HECVAT. We've had institutions send over their own assessment and with a few checks we were able to use our HECVAT in place saving everyone time in procurement process. It would be nice to see a template IT addendum for contracting too but I recognize that may not work due to jurisdiction, insurance, etc. -- Josh Boon ( he/him/they/them) | [ http://joshboon.com/ | joshboon.com ] 719.298.2246 | alwayscurious () joshboon com From: "Brian Kelly" <bkelly () EDUCAUSE EDU> To: "SECURITY" <SECURITY () LISTSERV EDUCAUSE EDU> Sent: Tuesday, January 5, 2021 9:49:21 AM Subject: [SECURITY] Why the HECVAT? A post yesterday mentioned a vendor that “ refused to update their HECVAT (they were using an incredibly old version)” … eventually walking away. Why should solution providers complete the HECVAT? Once completed, you can provide your assessment to multiple institutions and streamline procurement processes with your higher ed clients. The HECVAT was created by the Higher Education Information Security Council ( [ https://www.educause.edu/focus-areas-and-initiatives/policy-and-security/cybersecurity-program/about-heisc | HEISC ] ) Shared Assessments Working Group, in collaboration with Internet2 and REN-ISAC. For more information or questions, email us at [ mailto:HECVAT-WG () EDUCAUSE edu | HECVAT-WG () EDUCAUSE edu ] Who Uses the HECVAT? Join the coalition of [ https://docs.google.com/document/d/1ACX6fly0c3gPm_KA9bMZ2xJ8BKHrEFryuBD08NC_7BM/edit?usp=sharing | 100+ colleges and universities ] and [ https://www.ren-isac.net/hecvat/cbi.html | 30+ solution providers ] who use the HECVAT to reduce risk and save time and money. An active HECVAT Users Community Group - This community group provides campuses with a forum to share information, best practices, and strategies for using the Higher Education Community Vendor Assessment Toolkit (HECVAT). Members of this group are encouraged to pose questions to their peers and suggest potential updates, corrections, and modifications to the HECVAT. [ https://www.educause.edu/community/hecvat-users-community-group | https://www.educause.edu/community/hecvat-users-community-group ] The HECVAT Tools The most current versions are linked below. [ https://library.educause.edu/resources/2020/4/higher-education-community-vendor-assessment-toolkit | https://library.educause.edu/resources/2020/4/higher-education-community-vendor-assessment-toolkit ] Brian Brian Kelly, CISSP, CISM, CEH Director, [ https://www.educause.edu/focus-areas-and-initiatives/policy-and-security/cybersecurity-program | Cybersecurity Program ] [ mailto:bkelly () educause edu | bkelly () educause edu ] EDUCAUSE Uncommon Thinking for the Common Good Follow [ https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.linkedin.com%2Fshowcase%2Fhigher-education-information-security-council-heisc-%2F&data=02%7C01%7C%7C7197d41189e4414981ae08d69dc9670a%7Cdd4b037fe626495db0170cc0f7dddb37%7C0%7C0%7C636869885680898966&sdata=%2FYvU%2BLTYHbPmcyL1AoksiKTSdMeFQ93qASFmTp8Emmo%3D&reserved=0 | HEISC on LinkedIn ] | Twitter: @HEISCouncil direct: 475.449.6440 | [ http://www.educause.edu/ | educause.edu ] 1150 18th Street, NW, Suite 900 Washington, DC 20036 ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at [ https://www.educause.edu/community | https://www.educause.edu/community ] ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Current thread:
- Why the HECVAT? Brian Kelly (Jan 05)
- Re: Why the HECVAT? Josh Boon (Jan 05)