The Community Broker Index (CBI) provides an up-to-date list of vendors who are willing to share their completed HECVAT. Security assessors at colleges and universities can utilize the posted assessment, saving time for both security assessors and service providers.
The CBI is also building a list of vendors/SPs who have incorporated HECVAT into their cloud, third party, or vendor risk management tool or services.
If you’d like to have your company added or see a vendor added to either list, please contact us and provide us with the vendor name, product name, and contact information.
Information regarding HECVAT participation is provided to HECVAT users for the goal of accurately assessing the security and privacy of third party and cloud services in good faith with no explicit or implied guarantees or warranties. The participating provider is responsible for maintaining the accuracy of the information to the best of their ability.
A security risk assessment is but one part of an institution's procurement process. Action taken by institutions based on the completed HECVAT questionnaires must be informed by local technical expertise and applied as appropriate to the local technical, functional, and cultural environments." Participating service providers and the REN-ISAC, its sponsoring organizations, and members accept no responsibility for negative impacts of any sort that results from local actions taken on information supplied through the HECVAT process outlined herein.
HECVAT participation is not intended to introduce a legal liability on participants or on the REN-ISAC organization, its host and sponsoring organizations, or officers.