Quick References

HECVAT

Cal Poly, along with the entire CSU system, uses the Higher Education Community Vendor Assessment Tool (HECVAT) developed by EDUCAUSE to evaluate potential risk to campus systems and data. The HECVAT is required for both on-campus and off-campus technology assessments, including cloud service providers, on-campus IoT devices, and other vendor-supplied tools or services.

 

Using the HECVAT helps ensure consistent, thorough security reviews and offers benefits to both the university and vendors. Vendors can complete the HECVAT once and share it with any institution that accepts it, reducing the need for multiple assessments. As more institutions adopt the HECVAT, the review process becomes faster and more efficient. For vendors without an existing security framework, the HECVAT also serves as a helpful starting point.

 

For more information, visit EDUCAUSE's HECVAT website. To access the form directly, see the HECVAT download page.

Related Content

Security Tips

Five Steps to Staying Secure - SANS (PDF)

Best Practices

10 Best Pactices

Our 10 Best Pactices

Contact Us

Contact Information Security at 756-7000

Contacts

Did you know?

Stay Safe Online Tips