Question COMP-04

Have you had a significant breach in the past five years?

Standard Guidance

EDUCAUSE provides no guidance here

Answering "NO"

EDUCAUSE provides no guidance here

Answering "YES"

Provide a detailed summary of the breach.

Reason for Question

We want transparency from the vendor, and an honest answer to this question, regardless of the response, is a good step in building trust.

Follow-Up Inquiries

If a vendor says "No," it is taken at face value. If you organization is capable of conducting reconnaissance, it is encouraged. If a vendor has experienced a breach, evaluate the circumstance of the incident and what the vendor has done in response to the breach.

HECVAT Pro Advice

[Add expert insights and best practices]

Implementation Tips

[Add practical steps for SME SaaS vendors]

FAQ

[Add common questions related to this HECVAT item]

Resources

[Add links to relevant articles or tools]