Documentation
HECVAT Full v3.0.6
Data
DATA-23

Question DATA-23

Does your staff (or third party) have access to institutional data (e.g., financial, PHI or other sensitive information) through any means?

Weight20
High RiskNo
RequiredYes
Compliant AnswerYes

Standard Guidance

EDUCAUSE provides no guidance here

Answering "NO"

EDUCAUSE provides no guidance here

Answering "YES"

Summarize what access staff (or third parties) have to institutional data.

Reason for Question

Confidentiality is the focus of this question. Based on the capabilities of vendor administrators, the institution may require additional safeguards to protect the confidentiality of data stored by/shared with a vendor (e.g., additional layer of encryption, etc.).

Follow-Up Inquiries

If institutional data is visible by the vendor's system administrators, follow up with the vendor to understand the scope of visibility, process/procedure that administrators follow, and use cases when administrators are allowed to access (view) institutional data.

HECVAT Pro Advice

[Add expert insights and best practices]

Implementation Tips

[Add practical steps for SME SaaS vendors]

FAQ

[Add common questions related to this HECVAT item]

Resources

[Add links to relevant articles or tools]