The Higher Education Community Vendor Assessment Tool (HECVAT) was created by the Higher Education Information Security Council (HEISC) Shared Assessments Working Group, in collaboration with Internet2 and REN-ISAC.
The HECVAT tool is used to measure a 3rd party vendor’s compliance level to ensure that cybersecurity policies are in place to protect students/faculty/staff Personally identifiable information (PII) and sensitive Institutional information.
HECVAT enables a consistent, easily-adopted methodology for Higher Ed organizations wishing to reduce costs through cloud services without increasing risks.