Question COMP-07

Use this area to share information about your architecture that will assist those who are assessing your company data security program.

Standard Guidance

Share any details that would help information security analysts assess your product. Give examples of "suggested or required implementation architecture" or perhaps how all the moving pieces work together (i.e., database, middleware, etc.).

Answering "NO"

EDUCAUSE provides no guidance here

Answering "YES"

EDUCAUSE provides no guidance here

Reason for Question

For the 20% that HECVAT may not cover, this gives the vendor a chance to support their other responses. Beware when this area is populated with sales hype or other non-relevant information. Thorough documentation, supporting evidence, and/or robust responses go a long way in building trust in this assessment process.

Follow-Up Inquiries

This is a freebie to help the vendor state their "case." If a vendor does not add anything here (or it is just sales stuff), we can assume it was filled out by a sales engineer and questions will be evaluated with higher scrutiny.

HECVAT Pro Advice

[Add expert insights and best practices]

Implementation Tips

[Add practical steps for SME SaaS vendors]

FAQ

[Add common questions related to this HECVAT item]

Resources

[Add links to relevant articles or tools]