Pricing Contact Sales Book a Demo
Pricing Contact Sales Book a Demo
Newsroom
Newsroom

Isora GRC introduces HECVAT Uploader to eliminate spreadsheet busywork in vendor risk reviews

SaltyCloud Research Team

Updated Jul 21, 2025 Read Time 2 min

New one-click importer turns completed HECVAT spreadsheets into scored, auditable vendor questionnaires inside Isora GRC.

AUSTIN, TEXAS — July 21, 2025 — Isora GRC, the #1 GRC platform for higher-education information security teams, today introduced HECVAT Uploader, a built-in capability that ingests completed HECVAT spreadsheets, maps every answer to the correct question, and auto-calculates scores and evidence so analysts can move directly to review. The feature links results to the vendor record and publishes gaps to the shared risk register.

The Higher Education Community Vendor Assessment Toolkit is the sector’s standard questionnaire for evaluating third-party security, privacy, and accessibility practices. In 2025 the HECVAT team consolidated the prior Full, Lite, and On-Premise versions into a single file with expanded privacy and AI coverage, which many vendors still return as Excel spreadsheets.

“Security teams told us their time disappears into copying and reconciling HECVAT spreadsheets. The HECVAT Uploader cuts straight to the work that matters: validating evidence, recording risks, and making go or no-go decisions,” said Andrew Scheifele, CEO & Co-Founder at SaltyCloud.

Early customer feedback reflects faster throughput and fewer vendor follow-ups. A security lead at a private liberal arts college reported that the uploader “lets us collect much more from vendors without the email back-and-forth.” Teams at two Midwestern universities highlighted simpler handoffs and measurable time saved across annual renewals.

How HECVAT Uploader works

  • Upload a completed HECVAT spreadsheet in the supported format. The importer extracts responses and maps them to Isora’s questionnaire structure.
  • Score and attach evidence automatically. Isora calculates section and overall scores and preserves the vendor’s files for audit.
  • Link to the vendor record so product details, data classifications, contracts, and contacts stay in one place.
  • Publish findings to the collaborative risk register with owners and due dates to ensure closure.

Why it matters for higher-ed security teams

  • Eliminates manual entry. Most HECVATs arrive as Excel workbooks that are hard to normalize across versions. HECVAT Uploader removes copy-paste work and reduces errors.
  • Accelerates procurement. Analysts spend time assessing risk rather than reformatting data, which shortens review cycles for campus buyers.
  • Keeps everything together. Assessments, evidence, risks, and reports live in one platform that was built for assessments, inventories, risk registers, and reporting.
  • Ready for HECVAT 4. Supports the consolidated HECVAT format introduced in 2025 while accommodating legacy responses institutions still receive.

Availability

The HECVAT Uploader is available today to all Isora GRC customers. For details or a live walkthrough, contact SaltyCloud.

About Isora GRC

Isora GRC is the GRC Assessment Platform built for security teams to move faster and work together. Streamline assessments, manage risks, and keep full visibility across vendors and assets in one intuitive platform. Trusted by leading organizations, Isora replaces spreadsheets and legacy GRC platforms with workflows that drive adoption, stronger compliance, and real accountability.

Media Contact

Eddie Gonzalez
Head of Product & Marketing, SaltyCloud, PBC
howdy@saltycloud.com
1401 Lavaca St, Suite #41401, Austin, TX 78701

Stay ahead of the curve
Get insightful guides, original research, regulatory updates, and novel solutions delivered straight to your inbox.
Let’s Chat
Streamline every step of your org’s security GRC workflows
Book a Demo
Woot!
We got your request. Hang on tight and we'll get back to you!
Thanks!
You successfully subscribed to our newsletter