Request a Demo
Request a Demo
Isora Lite
Unleash the HECVAT
Retire the spreadsheet and focus on the third-party vendor risk insights that matter most with Isora Lite from SaltyCloud. 100% free to EDU.
Join with InCommon Request Account
Trusted by established higher education institutions
How it works
Start scaling your third-party security risk management (TPSRM) program in no time
Signup with InCommon

Easily signup with the InCommon Federation. Not a member? Request a manual account provision.

Assess third-parties

Send HECVAT questionnaire assessments to third-party vendors with a single, secure link

Share HECVATs

Access existing HECVAT assessments in the community database and share your own

Create scorecard reports

Identify critical risks, compare vendor scores, and inform your procurement process

Before, we were managing compliance with spreadsheets: it was costly, unscalable, and untrustworthy. Isora GRC makes it easier to prove compliance and manage risks across our large, complex campus.

Cam Beasley, Chief Information Security Officer

The University of Texas at Austin
Frequently Asked Questions
How can we help?
Find the answers you need here, or chat with us.
Contact Sales
What is the HECVAT?

The Higher Education Community Vendor Assessment Toolkit (HECVAT) is a standardized questionnaire developed by the Higher Education Information Security Council (HEISC) to streamline the process of evaluating and assessing the data security and privacy capabilities of third-party vendors within the higher education sector.

Our latest content
Stay ahead of the curve with cutting-edge articles from our research team on a diverse range of topics exploring the ever-changing world of governance, risk, and compliance.
Understanding NSPM-33, Complete Guide

Learn how NSPM-33 impacts research institutions and explore compliance strategies, including cybersecurity, export controls, and disclosure requirements.

Learn More
Article Higher Education NSPM-33 Regulations
GLBA Compliance in Higher Education, 2024 Complete Guide

This Complete Guide explores the basics and infosec compliance checklist for the GLBA Safeguards Rule in higher education.

Learn More
Article GLBA Higher Education NIST 800-171
HECVAT v3.05—What’s Changed?

Analyzing changes in HECVAT v3.05 for higher education infosec teams evaluating vendors. Includes text tweaks, logic shifts, and errors.

Learn More
Article HECVAT
How to Build a Risk-Based Infosec Program in Higher Education, Complete Guide

Discover the key steps to building a risk-based infosec risk management program in higher ed for regulatory compliance and cyber resilience.

Learn More
Article Higher Education ISRM
Establishing a VRM Program with the HECVAT: Complete Guide

Learn how to establish a successful vendor risk management (VRM) program at a higher education institution using the HECVAT.

Learn More
Article HECVAT Higher Education VRM
Understanding the Campus Cybersecurity Program by the Department of Education

A closer look at the Department of Education's Federal Student Aid Office's (FSA) Campus Cybersecurity Program.

Learn More
Article Higher Education Regulations
View All Articles
Get Started
Manage assessments
confidently with a
collaborative GRC platform
Request a Demo
Woot!
We got your request. Hang on tight and we'll get back to you!
Thanks!
You successfully subscribed to our newsletter