Question HLDA-01

Does the environment provide for dedicated single-tenant capabilities? If not, describe how your product or environment separates data from different customers (e.g., logically, physically, single tenancy, multi-tenancy).

Standard Guidance

EDUCAUSE provides no guidance here

Answering "NO"

Describe your plan to separate institutional data from that of other customers.

Answering "YES"

Describe or provide a reference to how institution data is separated from that of other customers.

Reason for Question

A vendor's response to this question can reveal a system's infrastructure quickly. Off-point responses are common here, so general follow-up is often needed. Understanding how a vendor segments its customers data (or doesn't) affects various other controls, including network settings, use of encryption, access controls, etc. A vendor's response here will influence potential follow-up inquiries for other HECVAT questions.

Follow-Up Inquiries

Based on the vendor's response, ask the vendor to appropriately summarize how their environment/strategy is implemented and what compensating controls they have in place to ensure appropriate levels of confidentiality and integrity.

HECVAT Pro Advice

[Add expert insights and best practices]

Implementation Tips

[Add practical steps for SME SaaS vendors]

FAQ

[Add common questions related to this HECVAT item]

Resources

[Add links to relevant articles or tools]