Question OPDB-02
Do you currently use encryption in your database(s)?
| Weight | 40 |
| High Risk | Yes |
| Required | Yes |
| Compliant Answer | Yes |
Standard Guidance
EDUCAUSE provides no guidance here
Answering "NO"
Describe plans to implement encryption in your database(s).
Answering "YES"
Describe how encryption is leveraged in your database(s).
Reason for Question
Confidentiality is the focus of this question. Vendor responses to this question should be well-supported. Ensure that the vendor provides sufficient supporting documentation, as needed, to ensure that the vendor properly implements encryption in their database(s).
Follow-Up Inquiries
Dismissive or vague responses should be met with concern. Follow-up questions can include the reasoning behind not using encryption, recommendations for best-practice implementation (i.e., think diagrams), and/or any timeline for implementing this capability in the software/product/service.
HECVAT Pro Advice
[Add expert insights and best practices]
Implementation Tips
[Add practical steps for SME SaaS vendors]
FAQ
[Add common questions related to this HECVAT item]
Resources
[Add links to relevant articles or tools]