Documentation
HECVAT Lite v3.0.6
Documentation
DOCU-07

Question DOCU-07

Does your organization have a data privacy policy?

Weight20
High RiskNo
RequiredYes
Compliant AnswerYes

Standard Guidance

EDUCAUSE provides no guidance here

Answering "NO"

Describe your plans to create a data privacy policy.

Answering "YES"

Provide your data privacy document (or a valid link to it) upon submission.

Reason for Question

Managing and protecting institutional data is the reason organizations perform security and risk assessments. Privacy policies outline how vendors will obtain, use, share, and protect institutional data and, as such, should be robust in its language. Beware of vaguely worded privacy policies.

Follow-Up Inquiries

Inquire about any privacy language the vendor may have. It may not be ideal, but there may be something available to assess or enough to have your legal counsel or policy/privacy professionals review.

HECVAT Pro Advice

[Add expert insights and best practices]

Implementation Tips

[Add practical steps for SME SaaS vendors]

FAQ

[Add common questions related to this HECVAT item]

Resources

[Add links to relevant articles or tools]