Question CONS-05
Has the consultant received training on (sensitive, HIPAA, PCI, etc.) data handling?
Weight | 25 |
High Risk | No |
Required | No |
Compliant Answer | Yes |
Standard Guidance
EDUCAUSE provides no guidance here
Answering "NO"
EDUCAUSE provides no guidance here
Answering "YES"
EDUCAUSE provides no guidance here
Reason for Question
Consultants are often used to implement, maintain, fix, and assessment technology environments. In these cases, third-party consultants have access to institutional data, and appropriate access, whether remote or onsite, must be protected during the consulting engagement.
Follow-Up Inquiries
Follow-up inquiries will be institution/implementation specific.
HECVAT Pro Advice
[Add expert insights and best practices]
Implementation Tips
[Add practical steps for SME SaaS vendors]
FAQ
[Add common questions related to this HECVAT item]
Resources
[Add links to relevant articles or tools]