Question HLDA-07
Does your staff (or third party) have access to institutional data (e.g., financial, PHI or other sensitive information) within the application/system?
| Weight | 40 |
| High Risk | Yes |
| Required | Yes |
| Compliant Answer | No |
Standard Guidance
EDUCAUSE provides no guidance here
Answering "NO"
EDUCAUSE provides no guidance here
Answering "YES"
Summarize what access staff (or third parties) have to institutional data.
Reason for Question
Confidentiality is the focus of this question. Based on the capabilities of vendor administrators, the institution may require additional safeguards to protect the confidentiality of data stored by/shared with a vendor (e.g., additional layer of encryption, etc.).
Follow-Up Inquiries
If institutional data is visible by the vendor's system administrators, follow up with the vendor to understand the scope of visibility, process/procedure that administrators follow, and use cases when administrators are allowed to access (view) institutional data.
HECVAT Pro Advice
[Add expert insights and best practices]
Implementation Tips
[Add practical steps for SME SaaS vendors]
FAQ
[Add common questions related to this HECVAT item]
Resources
[Add links to relevant articles or tools]