Question DCTR-01
Does the hosting provider have a SOC 2 Type 2 report available?
| Weight | 20 |
| High Risk | No |
| Required | No |
| Compliant Answer | Yes |
Standard Guidance
EDUCAUSE provides no guidance here
Answering "NO"
EDUCAUSE provides no guidance here
Answering "YES"
Obtain the report if possible and add it to your submission.
Reason for Question
This question is relative to the response above. Understanding the ownership structure of the facility that will host institutional data is important for setting availability expectations and ensure proper contract terms are in place to protect the institution due to use of third parties. If a vendor uses a third-party vendor to provide data center solutions, having that vendor's SOC 2 Type 2 provides additional insight. The ability to assess these "forth-party" vendors is based on your institution's resources. The vendor is responsible for providing this information; ensure that they handle their vendors properly.
Follow-Up Inquiries
Follow-up inquiries for additional vendor's SOC 2 Type 2 reports will be institution/implementation specific.
HECVAT Pro Advice
[Add expert insights and best practices]
Implementation Tips
[Add practical steps for SME SaaS vendors]
FAQ
[Add common questions related to this HECVAT item]
Resources
[Add links to relevant articles or tools]