Question DOCU-06
Describe or provide a reference to your Disaster Recovery Plan (DRP).
| Weight | 20 |
| High Risk | No |
| Required | Yes |
| Compliant Answer | Yes |
Standard Guidance
Provide a valid URL to your current DRP or submit it along with this fully populated HECVAT.
Answering "NO"
Provide a valid URL to your current DRP or submit it along with this fully populated HECVAT.
Answering "YES"
Provide a valid URL to your current DRP or submit it along with this fully populated HECVAT.
Reason for Question
Managing and protecting institution data is the reason organizations perform security and risk assessments. Privacy policies outline how vendors will obtain, use, share, and protect institutional data and as such, should be robust in its language. Beware of vaguely worded privacy policies.
Follow-Up Inquiries
Inquire about any privacy language the vendor may have. It may not be ideal but there may be something available to assess or enough to have your legal counsel or policy/privacy professionals review.
HECVAT Pro Advice
[Add expert insights and best practices]
Implementation Tips
[Add practical steps for SME SaaS vendors]
FAQ
[Add common questions related to this HECVAT item]
Resources
[Add links to relevant articles or tools]