HECVAT Huddle: Streamlining Vendor Security Risk Assessments

Wednesday, November 01 | 12:45pm - 1:45pm ET | Exhibit Hall A-C, 200 Level
Session Type: Poster Session
Delivery Format: Poster Session
This session will share information about the Higher Education Cloud Vendor Assessment Tool (HECVAT), which was created by the HEISC Shared Assessments Working Group. The purpose of the HECVAT is to provide a starting point for the assessment of third-party provided cloud services and resources. Both cloud providers and cloud consumers are wasting precious time creating, responding, and reviewing risk assessment documents. The HECVAT attempts to generalize higher ed information security and data protection questions regarding cloud services for consistency and ease of use, leading to gained efficiencies for both higher ed institutions and cloud service providers.

Outcomes: Learn what the HECVAT is and how it can save time in assessing the security of cloud services * Run through a demo of the toolkit * Find out which institutions are already using it and how it's working for them


  • Joanna Grama

    Director of Cybersecurity and IT GRC Programs, EDUCAUSE
  • Kim Milford

    Executive Director, REN-ISAC, Indiana University