HECVAT
Cal Poly, along with the entire CSU system, uses the Higher Education Community Vendor Assessment Tool (HECVAT) developed by EDUCAUSE to evaluate potential risk to campus systems and data. The HECVAT is required for both on-campus and off-campus technology assessments, including cloud service providers, on-campus IoT devices, and other vendor-supplied tools or services.
Using the HECVAT helps ensure consistent, thorough security reviews and offers benefits to both the university and vendors. Vendors can complete the HECVAT once and share it with any institution that accepts it, reducing the need for multiple assessments. As more institutions adopt the HECVAT, the review process becomes faster and more efficient. For vendors without an existing security framework, the HECVAT also serves as a helpful starting point.
For more information, visit EDUCAUSE's HECVAT website. To access the form directly, see the HECVAT download page.