Question PPPR-06
Will you comply with applicable breach notification laws?
| Weight | 15 |
| High Risk | No |
| Required | Yes |
| Compliant Answer | Yes |
Standard Guidance
EDUCAUSE provides no guidance here
Answering "NO"
Summarize why you will not comple with applicable breach notification laws.
Answering "YES"
State how quickly the institution will be notified of a data breach or security incident.
Reason for Question
This is a general inquiry to determine if the vendor is well-versed in applicable laws and regulations that apply in the institution's region of business operation.
Follow-Up Inquiries
If a vendor is vague in their response, follow up with direct questions about doing business in your state/region/country and any laws that are pertinent to the institution.
HECVAT Pro Advice
[Add expert insights and best practices]
Implementation Tips
[Add practical steps for SME SaaS vendors]
FAQ
[Add common questions related to this HECVAT item]
Resources
[Add links to relevant articles or tools]