The Cloud Broker Index provides an up-to-date index of vendors who are willing to share their completed HECVAT (many more vendors have been using HECVAT than are listed below).  If a vendor is listed in the CBI, security assessors at colleges and universities can utilize the posted assessment, saving time for both security assessors and service providers.  If you’d like to see a vendor added to the Index, or if you have feedback, please contact us at HECVAT at REN-ISAC dot NET and provide us with the vendor, the product, and contact information.

All completed assessments shown here have been provided to us by the vendor.  If you wish to provide a completed assessment, there are four ways to do so, depending on how you would like it accessed.

1.  Public:  Hosted here, linked here:  Send the completed assessment to us at HECVAT at REN-ISAC dot NET and we'll post it here
2.  Public:You host, we link here:  Host the completed assessment somewhere on your site, and send the link for us to post here
3.  Semi-public You host, we link here: Host the completed assessment behind your paywall, and send the link and information for us to post here
4.  Private:  You control, we link here:  Keep the completed assessment private, and send us instructions on how people can request it (perhaps a MAILTO: link)

We are working on other methods, so stay tuned.

VendorProduct AssessedDate of AssessmentVendor Site
Aviso RetentionAviso Enterprise Student Success Platform6/4/2018https://avisoretention.com
BoxBox storage9/21/2017https://box.com
Casino Vision, Inc.VALT (Video Audio Learning Tool3/4/2018http://www.cvisecurity.com
Concept 3DConcept 3D5/11/2018https://www.concept3D.com
Cocentric SkyBadgr for Canvas LTI9/17/2018https://www.concentricsky.com
Code 42 Software Code 428/08/2018https://core.42.com
Degree AnalyticsEnGauge4/10/2018https://degreeanalytics.com
Ivy.ai, IncIvy.ai, Inc12/10/2018https://ivy.ai.com
MaxientConduct Manager4/17/2018https://maxient.com
Sona SystemsParticipant Pool Management Software5/8/2018https://www.sona-systems.com
SymplicityCareer Services Manager6/4/2018https://symplicity.com
Information regarding HECVAT participation is provided to HECVAT users for the goal of accurately assessing the security and privacy of third party and cloud services in good faith with no explicit or implied guarantees or warranties.  The participating provider is responsible for maintaining the accuracy of the information to the best of their ability.  

A security risk assessment is but one part of an institution's procurement process.  Action taken by institutions based on the completed HECVAT questionnaires must be informed by local technical expertise and applied as appropriate to the local technical, functional, and cultural environments." Participating service providers and the REN-ISAC, its sponsoring organizations, and members accept no responsibility for negative impacts of any sort that results from local actions taken on information supplied through the HECVAT process outlined herein.

HECVAT participation is not intended to introduce a legal liability on participants or on the REN-ISAC organization, its host and sponsoring organizations, or officers.