Re: Qualtrics HECVAT

[Elizabeth Shannon <eshann () KSU EDU>]

We are interested as well, but also would be interested if anyone has performed a security assessment of Qualtrics. 
Kansas State has used Qualtrics for a number of years and there seems to be trend of using the product for non-survey 
uses. For example, one of our departments would like to use it for scholarship applications.

--
Elizabeth Shannon, CIPT
Kansas State University
Information Security and Compliance
785.532.2540


From: "security () listserv educause edu" <SECURITY () LISTSERV EDUCAUSE EDU> on behalf of "Washburn, Ian" <ian () IU 
EDU>
Reply-To: "security () listserv educause edu" <SECURITY () LISTSERV EDUCAUSE EDU>
Date: Tuesday, September 11, 2018 at 8:15 AM
To: "security () listserv educause edu" <SECURITY () LISTSERV EDUCAUSE EDU>
Subject: Re: [SECURITY] Qualtrics HECVAT

No but we are interested if they have marked it for sharing as we have a request for assessment for that product.


Ian Washburn
Systems Risk Mitigation Manager
University Information Security Office
Indiana Univeristy | 812-855-7262 | ian () iu edu<mailto:ian () iu edu>
he/him/his



From: The EDUCAUSE Security Constituent Group Listserv <SECURITY () listserv educause edu> On Behalf Of Dale Lee
Sent: Monday, September 10, 2018 4:40 PM
To: SECURITY () listserv educause edu
Subject: [External] [SECURITY] Qualtrics HECVAT

This message was sent from a non-IU address. Please exercise caution when clicking links or opening attachments from 
external sources.
Has anyone received a completed HECVAT from Qualtrics?

The team I’m working with didn’t have a completed HECVAT and suggested I check with other Qualtrics Higher Ed Customers.

If your Qualtrics HECVAT was provided without permission to share, perhaps I can point my Qualtrics team to your 
Qualtrics team.

Thanks in advance.

-
Dale Lee
Director of Information Security and Projects
California Baptist University