Question DOCU-04
Does your organization have a data privacy policy?
| Weight | 25 |
| High Risk | Yes |
| Required | Yes |
| Compliant Answer | Yes |
Standard Guidance
EDUCAUSE provides no guidance here
Answering "NO"
Describe your plans to provide a data privacy document.
Answering "YES"
Provide your data privacy document (or a valid link to it) upon submission.
Reason for Question
The details of the standard are not the focus here: it is the fact that a vendor builds their environment around a standard and that they continually evaluate and assess their security programs.
Follow-Up Inquiries
In an ideal world, a vendor will conform to an industry framework that is adopted by an institution. When this synergy does not exist, the interpretation of the vendor's responses must be interpreted in the context of the institution's environment. Follow-up inquires for industry frameworks (and levels of adoption) will be institution/implementation specific.
HECVAT Pro Advice
[Add expert insights and best practices]
Implementation Tips
[Add practical steps for SME SaaS vendors]
FAQ
[Add common questions related to this HECVAT item]
Resources
[Add links to relevant articles or tools]