Re: Why the HECVAT?

[Josh Boon <educauseedu () JOSHBOON COM>]

I'd like to put in a vote working as a consultant for vendors for having an up-to-date HECVAT. We've had institutions 
send over their own assessment and with a few checks we were able to use our HECVAT in place saving everyone time in 
procurement process. 

It would be nice to see a template IT addendum for contracting too but I recognize that may not work due to 
jurisdiction, insurance, etc. 

-- 
Josh Boon ( he/him/they/them) | [ http://joshboon.com/ | joshboon.com ] 
719.298.2246 | alwayscurious () joshboon com 



From: "Brian Kelly" <bkelly () EDUCAUSE EDU> 
To: "SECURITY" <SECURITY () LISTSERV EDUCAUSE EDU> 
Sent: Tuesday, January 5, 2021 9:49:21 AM 
Subject: [SECURITY] Why the HECVAT? 



A post yesterday mentioned a vendor that “ refused to update their HECVAT (they were using an incredibly old version)” 
… eventually walking away. 



Why should solution providers complete the HECVAT? 

Once completed, you can provide your assessment to multiple institutions and streamline procurement processes with your 
higher ed clients. 



The HECVAT was created by the Higher Education Information Security Council ( [ 
https://www.educause.edu/focus-areas-and-initiatives/policy-and-security/cybersecurity-program/about-heisc | HEISC ] ) 
Shared Assessments Working Group, in collaboration with Internet2 and REN-ISAC. 

For more information or questions, email us at [ mailto:HECVAT-WG () EDUCAUSE edu | HECVAT-WG () EDUCAUSE edu ] 



Who Uses the HECVAT? 

Join the coalition of [ 
https://docs.google.com/document/d/1ACX6fly0c3gPm_KA9bMZ2xJ8BKHrEFryuBD08NC_7BM/edit?usp=sharing | 100+ colleges and 
universities ] and [ https://www.ren-isac.net/hecvat/cbi.html | 30+
 solution providers ] who use the HECVAT to reduce risk and save time and money. 



An active HECVAT Users Community Group - 

This community group provides campuses with a forum to share information, best practices, and strategies for using the 
Higher Education Community Vendor Assessment Toolkit (HECVAT). Members of this group are encouraged to pose questions 
to their peers and suggest potential updates, corrections, and modifications to the HECVAT. 

[ https://www.educause.edu/community/hecvat-users-community-group | 
https://www.educause.edu/community/hecvat-users-community-group ] 



The HECVAT Tools 

The most current versions are linked below. 

[ https://library.educause.edu/resources/2020/4/higher-education-community-vendor-assessment-toolkit | 
https://library.educause.edu/resources/2020/4/higher-education-community-vendor-assessment-toolkit ] 



Brian 



Brian Kelly, CISSP, CISM, CEH 

Director, [ https://www.educause.edu/focus-areas-and-initiatives/policy-and-security/cybersecurity-program | 
Cybersecurity Program ] 

[ mailto:bkelly () educause edu | bkelly () educause edu ] 

EDUCAUSE 
Uncommon Thinking for the Common Good 

Follow [ 
https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.linkedin.com%2Fshowcase%2Fhigher-education-information-security-council-heisc-%2F&data=02%7C01%7C%7C7197d41189e4414981ae08d69dc9670a%7Cdd4b037fe626495db0170cc0f7dddb37%7C0%7C0%7C636869885680898966&sdata=%2FYvU%2BLTYHbPmcyL1AoksiKTSdMeFQ93qASFmTp8Emmo%3D&reserved=0
 | HEISC
 on LinkedIn ] | Twitter: @HEISCouncil 


direct: 475.449.6440 | [ http://www.educause.edu/ | educause.edu ] 

1150 18th Street, NW, Suite 900 Washington, DC 20036 














********** 
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at [ https://www.educause.edu/community | https://www.educause.edu/community 
] 


**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community