Question DOCU-02
Do you conform with a specific industry standard security framework? (e.g., NIST Cybersecurity Framework, ISO 27001, etc.)
| Weight | 10 |
| High Risk | No |
| Required | Yes |
| Compliant Answer | Yes |
Standard Guidance
EDUCAUSE provides no guidance here
Answering "NO"
Describe any plans to conform to an industry standard security framework.
Answering "YES"
Provide documentation on how your organization conforms to each framework and indicate current certification levels, where appropriate.
Reason for Question
Many vendors have populated a CAIQ or at least a self-assessment. Although lacking in some areas important to higher education, these documents are useful for supplemental assessment.
Follow-Up Inquiries
Follow-up inquiries for CSA content will be institution/implementation specific.
HECVAT Pro Advice
[Add expert insights and best practices]
Implementation Tips
[Add practical steps for SME SaaS vendors]
FAQ
[Add common questions related to this HECVAT item]
Resources
[Add links to relevant articles or tools]