All Software as a Service (SaaS), otherwise referred to as “Cloud”, solutions used for Montclair State University related business must have their cybersecurity practices reviewed and approved by Information Technology.
Approval must be obtained prior to the completion of a Contract Approval Sign-off or purchase process.
This is required irregardless of whether or not:
- The service is being used to transfer, process, or store any University related data
- The service is provided for free or at cost
The IT Information Security team is responsible for performing these reviews and have adopted the EDUCAUSE Higher Education Community Vendor Assessment Toolkit (HECVAT).
One advantage of the HECVAT is that many popular higher education service providers/vendors may have already completed the form. To see if a provider/vendor you are interested in has completed a HECVAT, check the REN-ISAC HECVAT Community Broker Index.
IMPORTANT INSTRUCTIONS
1) SUBMITTING A REQUISITION for initial purchase or renewal, please DO NOT send the completed forms to the information security team via email. The Workday requisition process for all SaaS/Cloud software purchases will require you to upload the forms as part of the requisition submission process.
PLEASE NOTE that all review requests typically take 10 -15 business days, so please plan accordingly!
2) EVALUATING VENDOR SOLUTIONS and want to have a vendor’s HECVAT reviewed prior to a purchasing decision/requisition submission, please e-mail the two completed forms below to sec-official@kongtiao11.com. Be sure to include a note that you are looking for a “pre-purchase assessment” and any context you can provide regarding requesting the assessment.
PLEASE NOTE that all review requests outside of the requisition process typically take 15 – 30 business days, so please plan accordingly!