Save time and effort with the Community Broker Index (CBI). The CBI enableshigher education security assessors to easily research and evaluate the security offerings of current and prospective service providers. The index is aconsistently updated list of vendors willing to shared completed HECVAT assessments, including a secondary list of vendors who have incorporated HECVAT into their cloud, third party, or vendor risk management tool or services.
The HECVAT and CBI were created by the Higher Education Information Security Council (HEISC) Shared Assessments Working Group, in collaboration with Internet2 and REN-ISAC.
Want your company added to the index? Want to suggest a vendor to add to the index? Please email the REN-ISAC HECVAT liaison with the vendor and product name and contact information.
Information regarding HECVAT participation is provided to HECVAT users for the goal of accurately assessing the security and privacy of third party and cloud services in good faith with no explicit or implied guarantees or warranties. The participating provider is responsible for maintaining the accuracy of the information to the best of their ability.
A security risk assessment is but one part of an institution's procurement process. Action taken by institutions based on the completed HECVAT questionnaires must be informed by local technical expertise and applied as appropriate to the local technical, functional, and cultural environments. Participating service providers and the REN-ISAC, its sponsoring organizations, and members accept no responsibility for negative impacts of any sort that results from local actions taken on information supplied through the HECVAT process outlined herein.
HECVAT participation is not intended to introduce a legal liability on participants or on the REN-ISAC organization, its host and sponsoring organizations, or officers.