Question COMP-06
Will data regulated by PCI DSS reside in the vended product?
| Weight | 40 |
| High Risk | Yes |
| Required | Yes |
| Compliant Answer | No |
Standard Guidance
EDUCAUSE provides no guidance here
Answering "NO"
EDUCAUSE provides no guidance here
Answering "YES"
You should be completing the Full HECVAT, not the Lite.
Reason for Question
Responses to this question may indicate the presence of PCI DSS regulated data in the vended product.
Follow-Up Inquiries
Determine if the HECVAT Lite is appropriate for assessing products hosting and/or interacting with PCI DSS regulated data. HECVAT Full may be more appropriate, depending on your risk tolerance and use case.
HECVAT Pro Advice
[Add expert insights and best practices]
Implementation Tips
[Add practical steps for SME SaaS vendors]
FAQ
[Add common questions related to this HECVAT item]
Resources
[Add links to relevant articles or tools]