Documentation
HECVAT-onprem-v3.0.5
Policies, Procedures, and Processes
OPPP-01

Question OPPP-01

Can you share the organization chart, mission statement, and policies for your information security unit?

Weight20
High RiskNo
RequiredYes
Compliant AnswerYes

Standard Guidance

EDUCAUSE provides no guidance here

Answering "NO"

Provide a brief summary for this response.

Answering "YES"

Provide a links to these documents in Additional Information or attach them with your submission.

Reason for Question

Understanding the security program size (and capabilities) of a vendor has a significant impact on their ability to respond effectively to a security incident. Vendors will share organizational charts and additional documentation of their security program, if needed. The point of this question is to verify vendor security program maturity or confirm other findings and/or assessments.

Follow-Up Inquiries

Vague responses to this question should be investigated further. Vendors unwilling to share additional supporting documentation decrease the trust established with other responses.

HECVAT Pro Advice

[Add expert insights and best practices]

Implementation Tips

[Add practical steps for SME SaaS vendors]

FAQ

[Add common questions related to this HECVAT item]

Resources

[Add links to relevant articles or tools]