HECVAT CBI

The Cloud Broker Index (CBI) provides an up-to-date list of vendors who are willing to share their completed HECVAT. Security assessors at colleges and universities can utilize the posted assessment, saving time for both security assessors and service providers.

The CBI is also building a list of vendors/SPs who have incorporated HECVAT into their cloud, third party, or vendor risk management tool or services.

If you’d like to have your company added or see a vendor added to either list, please contact us and provide us with the vendor name, product name, and contact information.

All completed assessments shown here have been provided to us by the vendor.

Vendor	Product Assessed	Date of Assessment	Vendor Site
Astrum U	Astrum U	8/12/2019	https://www.astrumu.com
Aviso Retention	Aviso Enterprise Student Success Platform	6/4/2018	https://avisoretention.com
Box	Box Cloud Content Management	3/06/2019	https://box.com
Casino Vision, Inc.	VALT (Video Audio Learning Tool	3/4/2018	https://www.cvisecurity.com
Choice Entertainment Technologies	Choice CRM	3/31/2019	https://choiceticketing.com
Cocentric Sky	Badgr for Canvas LTI	9/17/2018	https://www.concentricsky.com
Code 42 Software	Code 42	8/08/2018	https://core.42.com
Concept 3D	Concept 3D	5/11/2018	https://www.concept3D.com
Degree Analytics	EnGauge	4/10/2018	https://degreeanalytics.com
Exxat, LLC	STEPS	6/26/2019	http://exxat.com
Google	Google Cloud Platform	5/1/2019	https://edu.google.com/higher-ed-solutions/
Google	G Suite	5/1/2019	https://edu.google.com/higher-ed-solutions/
Ivy.ai, Inc	Ivy.ai, Inc	12/10/2018	https://ivy.ai.com
Kivuto	Kivuto Cloud	4/1/2019	https://kivuto.com
LastPass	LastPass Enterprise	4/19/2019	https://www.lastpass.com/education
Maxient	Conduct Manager	4/17/2018	https://maxient.com
Ovrture, Inc.	Ovrture	6/1/2019	https://ovrture.com/security/
Proctorio	Proctorio	4/1/2018	https://proctorio.com
Prophix	Prophix Budgeting, Forecasting, and Financial Reporting Solution	3/29/2019	https://www.prophix.com/industry-higher-education/
Sona Systems	Participant Pool Management Software	5/8/2018	https://www.sona-systems.com
Symplicity	Accommodate	6/4/2018	https://symplicity.com
Symplicity	Advocate	6/4/2018	https://symplicity.com
Symplicity	Career Services Manager	6/4/2018	https://symplicity.com
Symplicity	Horizons	6/4/2018	https://symplicity.com
Symplicity	Insight	6/4/2018	https://symplicity.com
Symplicity	Residence	6/4/2018	https://symplicity.com
Wasabi Technologies	Wasabi Hot Cloud Storage	2/28/2019	https://wasabi.com/

If you wish to provide a completed assessment, there are four ways to do so, depending on how you would like it accessed.

1.  Public:  Hosted here, linked here:  Send the completed assessment to us at HECVAT at REN-ISAC dot NET and we'll post it here
2.  Public:You host, we link here:  Host the completed assessment somewhere on your site, and send the link for us to post here
3.  Semi-public:  You host, we link here: Host the completed assessment behind your firescreen, and send the link and information for us to post here
4.  Private:  You control, we link here:  Keep the completed assessment private, and send us instructions on how people can request it (Mach Form)

Vendor	Product Name	Date of Inclusion	Vendor Site
Advantiv Solutions	DecisionDirector for HECVAT	October 30, 2018	https://advantiv.com
GreyCastle Security	GreyCastle Vendor Risk Management	April 17, 2017	https://greycastlesecurity.com/company/
Privva	Privva VSA	June 1, 2019	https://privva.com
ProcessBolt	ProcessBolt	May 1, 2019	https://processbolt.com/hecvat/
Salty Cloud, PBC	Isora	May 8, 2019	https://saltycloud.com
Swivl, Inc	Swivl Cloud	March 1, 2019	https://cloud.swivl.com
ThirdPartyTrust	ThirdPartyTrust	April 1, 2019	https://thirdpartytrust.com
Whistic	OnePlatform	May 9, 2019	https://whistic.com

Information regarding HECVAT participation is provided to HECVAT users for the goal of accurately assessing the security and privacy of third party and cloud services in good faith with no explicit or implied guarantees or warranties. The participating provider is responsible for maintaining the accuracy of the information to the best of their ability.

A security risk assessment is but one part of an institution's procurement process. Action taken by institutions based on the completed HECVAT questionnaires must be informed by local technical expertise and applied as appropriate to the local technical, functional, and cultural environments." Participating service providers and the REN-ISAC, its sponsoring organizations, and members accept no responsibility for negative impacts of any sort that results from local actions taken on information supplied through the HECVAT process outlined herein.

HECVAT participation is not intended to introduce a legal liability on participants or on the REN-ISAC organization, its host and sponsoring organizations, or officers.

HECVAT CBI

Completed Assessments

Share Your HECVAT

Vendors Using HECVAT in their Products

REN-ISAC social media channels

Research & Education Networks Information Sharing & Analysis Center