What is the HECVAT?
For Colleges and Universities—The HECVAT is a questionnaire framework specifically designed for higher education to measure vendor risk. Before you purchase a third-party solution, ask the solution provider to complete a HECVAT tool to confirm that information, data, and cybersecurity policies are in place to protect your sensitive institutional information and constituents' PII.
For Solution Providers—Complete the assessment tool and share it in the Cloud Broker Index. Once completed, your assessment can be used by multiple institutions to streamline procurement processes with your higher ed clients.
Who Uses the HECVAT?
The HECVAT Tools
The most current versions are linked below. Click on a tool to view the version number. See the Change Log in each spreadsheet to view earlier versions.
"The HECVAT is an example of how increasing collaboration across higher education institutions and organizations can facilitate advances in security risk management and streamline procurement processes."
—Nick Lewis, Program Manager, Security and Identity, Internet2
- HECVAT Lite v2.11 to v3.0 migration document
- HECVAT Full v2.11 to v3.0 migration document
- HECVAT 3.0 Launches … to Outer Space?
- Trusted CI's HECVAT Guidance
- Campus Experiences Using HECVAT
- Save Time and Boost Credibility with the HECVAT: Insights for Service Providers and Corporate Partners
- HECVAT: Building a VRM Process in Higher Ed
- EDUCAUSE Cybersecurity Program
- Moving the HECVAT from Cloud to Community
- Higher Ed Cyber Assessment Tool Moves into New Phase
- What's Next for HECVAT: Version 2 Changes and Improvements