HECVAT
Greetings
As part of our due diligence process and in accordance with Georgia Tech’s BPM 3.4.4 requirements, we are requesting someone's assistance in providing documentation to support your organization’s security compliance. Based on the nature of the data your services may access or process, please provide one or more of the following assessment reports or certifications:
Primary Documents (choose one):
ISO 27001 or ISO 27002 Certification (valid and not expired), OR
SOC 2 Type 2 Report (issued within the last 3 years), OR
Completed HECVAT (Higher Education Community Vendor Assessment Tool):
HECVAT Full v3.02
HECVAT Lite v3.02
Note: A SOC 2 Type 2 or ISO 27001 certification is preferred as it may expedite the review process.
Additional Requirements (if applicable):
Depending on the type of data involved, please also provide the following:
HIPAA Data: HIPAA BAA agreement plus one Primary Document
FERPA / Student Data: One Primary Document
PII / Employee Data: One Primary Document
GDPR / China Data: One Primary Document plus Offshore Data Attestation Questionnaire
Research Data (General, Protected, or CUI): One Primary Document plus Research Reference Number (if applicable)
For CUI: Product must be FedRAMP GCCH version
As part of our due diligence process and in accordance with Georgia Tech’s BPM 3.4.4 requirements, we are requesting someone's assistance in providing documentation to support your organization’s security compliance. Based on the nature of the data your services may access or process, please provide one or more of the following assessment reports or certifications:
Primary Documents (choose one):
ISO 27001 or ISO 27002 Certification (valid and not expired), OR
SOC 2 Type 2 Report (issued within the last 3 years), OR
Completed HECVAT (Higher Education Community Vendor Assessment Tool):
HECVAT Full v3.02
HECVAT Lite v3.02
Note: A SOC 2 Type 2 or ISO 27001 certification is preferred as it may expedite the review process.
Additional Requirements (if applicable):
Depending on the type of data involved, please also provide the following:
HIPAA Data: HIPAA BAA agreement plus one Primary Document
FERPA / Student Data: One Primary Document
PII / Employee Data: One Primary Document
GDPR / China Data: One Primary Document plus Offshore Data Attestation Questionnaire
Research Data (General, Protected, or CUI): One Primary Document plus Research Reference Number (if applicable)
For CUI: Product must be FedRAMP GCCH version