Question PPPR-01
Can you share the organization chart, mission statement, and policies for your information security unit?
Weight | 20 |
High Risk | No |
Required | Yes |
Compliant Answer | Yes |
Standard Guidance
EDUCAUSE provides no guidance here
Answering "NO"
Provide a brief summary for this response.
Answering "YES"
Provide links to these documents in Additional Information or attach them with your submission.
Reason for Question
Understanding the security program size (and capabilities) of a vendor has a significant impact on their ability to respond effectively to a security incident. Vendors will share organizational charts and additional documentation of their security program, if needed. The point of this question is to verify vendor security program maturity or confirm other findings and/or assessments.
Follow-Up Inquiries
Vague responses to this question should be investigated further. Vendors unwilling to share additional supporting documentation decrease the trust established with other responses.
HECVAT Pro Advice
[Add expert insights and best practices]
Implementation Tips
[Add practical steps for SME SaaS vendors]
FAQ
[Add common questions related to this HECVAT item]
Resources
[Add links to relevant articles or tools]