Question DOCU-07
Does your organization have a data privacy policy?
| Weight | 20 |
| High Risk | No |
| Required | Yes |
| Compliant Answer | Yes |
Standard Guidance
EDUCAUSE provides no guidance here
Answering "NO"
Describe your plans to create a data privacy policy.
Answering "YES"
Provide your data privacy document (or a valid link to it) upon submission.
Reason for Question
Managing and protecting institutional data is the reason organizations perform security and risk assessments. Privacy policies outline how vendors will obtain, use, share, and protect institutional data and, as such, should be robust in its language. Beware of vaguely worded privacy policies.
Follow-Up Inquiries
Inquire about any privacy language the vendor may have. It may not be ideal, but there may be something available to assess or enough to have your legal counsel or policy/privacy professionals review.
HECVAT Pro Advice
[Add expert insights and best practices]
Implementation Tips
[Add practical steps for SME SaaS vendors]
FAQ
[Add common questions related to this HECVAT item]
Resources
[Add links to relevant articles or tools]