Trusted by established higher education institutions
How it works
Start scaling your third-party security risk management (TPSRM) program in no time
Signup with InCommon
Easily signup with the InCommon Federation. Not a member? Request a manual account provision.
Assess third-parties
Send HECVAT questionnaire assessments to third-party vendors with a single, secure link
Share HECVATs
Access existing HECVAT assessments in the community database and share your own
Create scorecard reports
Identify critical risks, compare vendor scores, and inform your procurement process
Before, we were managing compliance with spreadsheets: it was costly, unscalable, and untrustworthy. Isora GRC makes it easier to prove compliance and manage risks across our large, complex campus.
The Higher Education Community Vendor Assessment Toolkit (HECVAT) is a standardized questionnaire developed by the Higher Education Information Security Council (HEISC) to streamline the process of evaluating and assessing the data security and privacy capabilities of third-party vendors within the higher education sector.
Our latest content
Stay ahead of the curve with cutting-edge articles from our research team on a diverse range of topics exploring the ever-changing world of governance, risk, and compliance.
Learn how NSPM-33 impacts research institutions and explore compliance strategies, including cybersecurity, export controls, and disclosure requirements.