Get Started
Get Started
Isora Lite
Unleash the HECVAT
Retire the spreadsheet and focus on the third-party vendor risk insights that matter most with Isora Lite from SaltyCloud. 100% free to EDU.
Join with InCommon Request Account
Trusted by established higher education institutions
How it works
Start scaling your third-party security risk management (TPSRM) program in no time
Signup with InCommon

Easily signup with the InCommon Federation. Not a member? Request a manual account provision.

Assess third-parties

Send HECVAT questionnaire assessments to third-party vendors with a single, secure link

Share HECVATs

Access existing HECVAT assessments in the community database and share your own

Create scorecard reports

Identify critical risks, compare vendor scores, and inform your procurement process

Before, we were managing compliance with spreadsheets: it was costly, unscalable, and untrustworthy. Isora GRC makes it easier to prove compliance and manage risks across our large, complex campus.

Cam Beasley, Chief Information Security Officer

The University of Texas at Austin
Frequently Asked Questions
How can we help?
Find the answers you need here, or chat with us.
Ask a Question
What is the HECVAT?

The Higher Education Community Vendor Assessment Toolkit (HECVAT) is a standardized questionnaire developed by the Higher Education Information Security Council (HEISC) to streamline the process of evaluating and assessing the data security and privacy capabilities of third-party vendors within the higher education sector.

Our latest content
Stay ahead of the curve with cutting-edge articles from our research team on a diverse range of topics exploring the ever-changing world of governance, risk, and compliance.
GLBA Compliance in Higher Education, 2024 Complete Guide

This Complete Guide explores the basics and infosec compliance checklist for the GLBA Safeguards Rule in higher education.

Learn More
Article GLBA Higher Education NIST 800-171
HECVAT v3.05—What’s Changed?

Analyzing changes in HECVAT v3.05 for higher education infosec teams evaluating vendors. Includes text tweaks, logic shifts, and errors.

Learn More
Article HECVAT
Webinar: Enterprise-Wide Information Security Risk Assessments at UChicago

Discover how The University of Chicago Information Assurance team designed, launched, and scaled their enterprise-wide information security risk...

Request Access
Webinar Cyber Resilience Higher Education ISRM NIST CSF
Cyber Resilience in Higher Education, 2024 Guidebook

Modern higher education institutions face a unique mix of cybersecurity and regulatory compliance challenges. Today, striking the right balance all...

Request a Copy
Guidebook Cyber Resilience Higher Education
How to Build a Risk-Based Infosec Program in Higher Education, Complete Guide

Discover the key steps to building a risk-based infosec risk management program in higher ed for regulatory compliance and cyber resilience.

Learn More
Article Higher Education ISRM
EDUCAUSE CPPC 2022: Highlights

SaltyCloud attended the 2022 EDUCAUSE Cybersecurity and Privacy Professionals Conference (CPPC and did a lot. These are our highlights

Learn More
Article Conferences Higher Education
View All Articles
Get Started
Manage assessments
confidently with
collaborative GRC tooling
Get Started
Woot!
We got your request. Hang on tight and we'll get back to you!
Thanks!
You successfully subscribed to our newsletter
Get a Demo
We'll walk you through the platform, discuss pricing, and answer any technical questions.
Chat with Sales
Not ready for a demo? No problem. We're happy to answer any questions!
Request a Copy
We'll send you an email with the PDF.