Log In
Book a Demo
Log In
Book a Demo

COMPLIANCE

The Higher Education Community Vendor Assessment Toolkit (HECVAT) is a comprehensive framework designed to help schools, universities and other educational insitutions evaluate the data security and privacy practices of third-party vendors. Developed by The Higher Education Information Security Council (HEISC), in conjunction with the Shared Assessments Working Group, EDUCAUSEInternet2, and the Research & Education Networks Information Sharing & Analysis Center (REN-ISAC), HECVAT helps educational institutions streamline the vendor assessment process and ensure that they are partnering with vendors that adhere to the highest standards of data protection.

By leveraging HECVAT, educational institutions can efficiently identify potential risks, protect sensitive data, and maintain compliance with relevant regulations and industry best practices.

Download Stackle's HECVAT Lite Response

Supporting Documentation

Logging Policy
v2026.02.25
Policies Security
16/03/2026
GDPR Policy
v2026.02.16
Policies
16/03/2026
HLPP-02
Application Security Policy
v2026.01.30
Policies
16/03/2026
HLDC-04
Physical Security Overview
v2026.02.24
Datacenter
16/03/2026
HLTP-03
Vendor and Third-Party Security Policy
v2023.04.14
Policies Security Third Party
16/03/2026
HLPP-02
Security Awareness and Training Policy
v2026.02.19
Networking Policies Security
16/03/2026
HLPP-01
Risk Management Policy
v2026.03.03
Company Policies
16/03/2026
HLAP-03
Remote Access Policy
v2023.04.14
Networking Policies Security
16/03/2026
HLPP-01
Organisation Strucutre
v2026.02.27
Company Policies
16/03/2026
HLPP-01
Network Security Policy
v2025.11.16
Networking Policies Security
16/03/2026
HLPP-01
Mission Statement
v2023.04.13
Company Policies
16/03/2026
HLPP-01
Information Security Policy
v2026.01.26
Data Policies Security
16/03/2026
HLPP-01
Encryption Policy
v2025.04.14
Data Policies
16/03/2026
HLPP-01
Data Classification and Handling Policy
v2026.03.01
Data Policies
16/03/2026
HLPP-01
Access Control Policy
v2026.02.24
Policies Security
16/03/2026
HLPP-01
Acceptable Use Policy
v2026.02.28
Policies
16/03/2026
HLIH-01
Incident Response Plan
v2026.02.12
Incident Handling
16/03/2026
HLSY-05
Security Risk Mitigation and Patch Management Policy
v2026.02.24
Systems
16/03/2026
ITAC-05
Accessibility Training – Content
v2026.03.04
IT Accessibility
16/03/2026
ITAC-05
Accessibility Training – Assessment
v0.9
IT Accessibility
16/03/2026
ITAC-07
Accessibility in the Development Lifecycle
v2026.03.04
IT Accessibility
16/03/2026
DOCU-10
Disaster Recovery Plan
v2026.02.26
Company Incident Handling
16/03/2026
DOCU-08
Employee Onboarding Checklist
v2026.03.04
Company
16/03/2026
DOCU-08
Employee Offboarding Checklist
v2026.03.04
Company
16/03/2026
DOCU-08
Employee Handbook
v2026.03.03
Company
16/03/2026
DOCU-11
Change Management Process
v2026.02.25
Company
16/03/2026
DOCU-09
Business Continuity Plan
v2026.03.01
Company
16/03/2026