Educause Security Discussion mailing list archives

Re: HECVAT Users List

From: "Brian T. Huntley" <bhuntley () CLARKSON EDU>
Date: Thu, 22 Feb 2018 06:41:10 -0500

We started using the HECVAT late in 2017 as well.

We've incorporated it into the purchasing process, so a PO cannot be issued
until we're satisfied with the responses.  This gets us in at the ground
floor for new contracts and enables us to insert ourselves in renewals of
existing contracts.

So far, we've had occasion for three vendors to do it.  Based on the type
of data we were sharing with them, the Lite version seemed most
appropriate.  One vendor already had one done, the other two had never
heard of it and took a couple of weeks to complete it but didn't really
complain about the process.

None of them were willing to have their completed HECVAT's nor their
willingness to provide a completed HECVAT shared.

Brian



Brian T. Huntley, CISSP
Director of Network Services and Information Security
Office of Information Technology
Clarkson University
315.268.6723

On Wed, Feb 21, 2018 at 8:46 PM, Ken Connelly <ken.connelly () uni edu> wrote:

In general, are you (collective you, not just Mark) using the full-blown
HECVAT or the HECVAT Lite?

- ken

On 2/21/18 4:29 PM, Mark Dieterich wrote:

We've been telling vendors that EDU customers are adopting this, but
haven't had a sense of how widespread the adoption has been. I got the
green light have Brown listed, so we will be adding our name to the list.

When this first came about, there was discussion on developing a
sharing platform where completed HECVATS or the fact that a vendor has
filled out a HECVAT, depending on their wishes, could be listed. Are
there any developments with this? I think we actually have one vendor
who indicated we could share and a few that gave us permission to list
them, it would be great if we could actually do something with these.

Thanks,

Mark

On Wed, Feb 21, 2018 at 1:20 PM, Allen, Jon <Jon_Allen () baylor edu
<mailto:Jon_Allen () baylor edu>> wrote:

    Hello!



    The 2019 Higher Education Cloud Vendor Assessment Tool (HECVAT)
    working group is devoting effort to getting the word out about
    institutional HECVAT adoption.  We want to create a list of
    institutions that are using the HECVAT to publish on the HECVAT
    web page
    (https://library.educause.edu/resources/2016/10/higher-

education-cloud-vendor-assessment-tool<https://na01.
safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.
google.com%2Furl%3Fq%3Dhttps%3A%2F%2Flibrary.educause.edu%
2Fresources%2F2016%2F10%2Fhigher-education-cloud-
vendor-assessment-tool%26sa%3DD%26ust%3D1519160086542000%26usg%
3DAFQjCNHtq6sVc7M6Yijyrp-FyIIhP7-g3A&data=01%7C01%
7Cjon_allen%40baylor.edu%7C2f31c9f2ae8048feb12908d5789c6998%
7C22d2fb35256a459bbcf4dc23d42dc0a4%7C1&sdata=xWyOTuLEnGCCgx273bRaeoOn%
2FF5jzLxFimJ28wRO8BQ%3D&reserved=0>).

    The purpose of this list is two-fold: First, to demonstrate HECVAT
    adoption at higher education institutions (so that vendors will
    want to participate in completing a HECVAT). Second, to provide a
    list of HECVAT references (so that institutions can contact their
    peers with HECVAT questions). If you are interested in being
    listed on the webpage in this manner, please fill out this form.
    Institutional names only (not contact information) will be listed
    on the webpage.



    If you would like your institution to be listed in this way,
    please complete our form:



    https://goo.gl/forms/BJlson23HVDMy1Q63<https://

na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgoo.gl%2Fforms%
2FBJlson23HVDMy1Q63&data=01%7C01%7Cjon_allen%40baylor.edu%
7C2f31c9f2ae8048feb12908d5789c6998%7C22d2fb35256a459bbcf4dc23d42d
c0a4%7C1&sdata=BjbsQBbg%2FPZVtOhlWIHMTXXOSHq1TTzBXwqVNMfqoQk%3D&reserved=0





    Thanks,* *

    * *

    *_________________________________*

    *Jon Allen, CISSP, EnCE *

    *Assistant Vice President & *

    *Chief Information Security Officer*

    *Baylor University *

    *254.710.4793 <tel:%28254%29%20710-4793>*

    * *

    /Users/jon_allen/Library/Containers/com.microsoft.

Outlook/Data/Library/Caches/Signatures/signature_1325000890


    /        //www.baylor.edu/bearaware/<http://www.baylor.edu/bearaware


--
- Ken
=================================================================
Ken Connelly                       Director, Information Security
Information Security Officer          University of Northern Iowa
email: Ken.Connelly () uni edu   p: (319) 273-5850 f: (319) 273-7373

Any request to divulge your UNI password via e-mail is fraudulent!

Current thread:

HECVAT Users List Allen, Jon (Feb 21)
- Re: HECVAT Users List Mark Dieterich (Feb 21)
  - Re: HECVAT Users List Joanna Grama (Feb 21)
    - Re: HECVAT Users List Alan Bowen (Feb 21)
    - Re: HECVAT Users List Brown,Thomas (Feb 21)
  - Re: HECVAT Users List Ken Connelly (Feb 21)
    - Re: HECVAT Users List Brian T. Huntley (Feb 22)
    - Re: HECVAT Users List Sue McGlashan (Feb 22)
    - Re: HECVAT Users List Gregg, Christopher S. (Feb 22)
    - Re: HECVAT Users List Theresa Rowe (Feb 28)
    - Re: HECVAT Users List Penn, Blake C (Mar 01)
    - Re: HECVAT Users List Theresa Rowe (Mar 01)
    - Re: HECVAT Users List Ronald King (Mar 12)
    - Re: HECVAT Users List Steven W Andariese (Mar 20)
    - Re: HECVAT Users List Hart, Michael (Mar 01)
    - Re: HECVAT Users List Alan Bowen (Feb 22)
    - Re: HECVAT Users List Ronald King (Feb 22)

(Thread continues...)