When Northwestern University engages a third-party service provider, the Information Security Office (ISO) is tasked with evaluating the service provider’s information security controls by conducting a Service Provider Security Assessment (SPSA). To streamline the process, we use an information security questionnaire based on the latest Higher Education Community Vendor Assessment Toolkit (HECVAT) Lite questionnaire via a vendor portal. More information on HECVAT can be found at https://library.educause.edu/resources/2020/4/higher-education-community-vendor-assessment-toolkit.
Please provide the information requested so we can assess the need for an SPSA and create an assessment on the SPSA portal if necessary. The provided vendor respondent will receive an email from a member of the ISO containing a link to the questionnaire with further instructions. This link can be shared with others in your company so that they may assist in the completion of the questionnaire. Some questions may require comments and/or supporting documentation. If the vendor has already completed the latest version of HECVAT Lite, we can accept the document and import it into our portal.
Available to
Cost
N/A
How to Request Service
Click the "Request Service" button to the right.