Educause Security Discussion mailing list archives

Re: HECVAT help

From: Vince Bonura <vbonura () FORDHAM EDU>
Date: Mon, 13 Sep 2021 20:51:59 +0000

George,

Your post is timely! I just attended a HECVAT Working Group meeting and wanted to ask a related question.

I joined the workgroup with hopes of gaining an understanding of the HECVAT and how it should be used. While I know the 
basic concept, I am just now reading my first vendor completed HECVAT that I received last Thursday.

The question I wanted to ask is: What’s the comparison between a SOC2, Type 2 and the HECVAT?

I originally requested a SOC2, Type 2 report from the vendor and received one dated 6/30/20. When I asked for a current 
copy, I was told that they completed a HECVAT and would supply that. The HECVAT I received from the vendor is dated 
6/22/20.

My assumption is that an outdated HECVAT is no better than an outdated SOC2, Type 2.

Does everyone agree?

Thank you.

Vince Bonura
IT Risk Analyst

Fordham University
(718) 817-1875

From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> on behalf of Viegas, George 
<viegas () CHAPMAN EDU>
Date: Monday, September 13, 2021 at 4:38 PM
To: SECURITY () LISTSERV EDUCAUSE EDU <SECURITY () LISTSERV EDUCAUSE EDU>
Subject: [SECURITY] HECVAT help
Hi Brian,

I’m looking for resources to help understand how to read the HECVAT, specifically how to know what is a fully completed 
submission v/s an incomplete. The EDUCAUSE HECVAT webpage did not have resources to help me read and use a HECVAT. 
Could you please help me find the right resource?

Thanks,

-George

George Viegas, CIPP-US, CISSP, CISA
Chief Information Security Officer/Privacy Champion
Chapman University, Orange CA
viegas () chapman edu/ 714-744-7979<mailto:viegas () chapman edu/%20714-744-7979>
Secure your Chapman Account today @ 2fa.chapman.edu !




**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.educause.edu_community&d=DwMFAg&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=Nk8cCINtlhG31-Ffb7ODxRPQfUwqyHQCQ2enNUcj0Vc&m=W_Azyw64JNH4aaeAC7Tmd2Ga8nHTEyfLtiAlQHgWYLI&s=6WXhTghqS_VlwkAhMTD3CCgBCeaR4FSWo-KqScNBeOA&e=>

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Current thread:

HECVAT help Viegas, George (Sep 13)
- Re: HECVAT help Vince Bonura (Sep 13)
  - Re: HECVAT help Christian Schreiber (Sep 13)
    - Re: HECVAT help Vince Bonura (Sep 13)
    - Re: HECVAT help Christian Schreiber (Sep 13)
    - Re: HECVAT help Shane Kroening (Sep 14)