Documentation
HECVAT-onprem-v3.0.5
Documentation
DOCU-04

Question DOCU-04

Does your organization have a data privacy policy?

Weight25
High RiskYes
RequiredYes
Compliant AnswerYes

Standard Guidance

EDUCAUSE provides no guidance here

Answering "NO"

Describe your plans to provide a data privacy document.

Answering "YES"

Provide your data privacy document (or a valid link to it) upon submission.

Reason for Question

The details of the standard are not the focus here: it is the fact that a vendor builds their environment around a standard and that they continually evaluate and assess their security programs.

Follow-Up Inquiries

In an ideal world, a vendor will conform to an industry framework that is adopted by an institution. When this synergy does not exist, the interpretation of the vendor's responses must be interpreted in the context of the institution's environment. Follow-up inquires for industry frameworks (and levels of adoption) will be institution/implementation specific.

HECVAT Pro Advice

[Add expert insights and best practices]

Implementation Tips

[Add practical steps for SME SaaS vendors]

FAQ

[Add common questions related to this HECVAT item]

Resources

[Add links to relevant articles or tools]