- Knowledge Base
- Computing and Technology
- Information Security
The Higher Education Community Vendor Assessment Toolkit (HECVAT) is a standardized questionnaire created by and for the higher education community. It helps institutions like ours assess how well potential vendors (especially technology service providers) meet our requirements for cybersecurity, data privacy, and compliance with laws like FERPA. The HECVAT facilitates a thorough risk review by providing a detailed checklist that vendors fill out to give us a picture of their security practices.
- Knowledge Base
- Computing and Technology
- Information Security
This guide is designed for departments considering or using external vendors for services involving payment card information. It highlights the need for assessing the Payment Card Industry Data Security Standard (PCI DSS). The guide covers key terms such as HECVAT, PCI DSS, SAQ, AOC, and SOC 2 Type II Report, providing simple explanations for each. It also includes a draft email template to help collect the necessary documentation from vendors.