Profile

Scott May

My Content

1 to 3 of 3 total

RE: Assuming risk form when no HECVAT/Soc2 available?

Posted By Scott May 07-20-2023 09:07:00 AM
Found In Egroup: HECVAT Users \ view thread

We have gone to a path of doing a Security Assessment which details how a vendor is better or worse than if we were handling data within locally managed systems. Part of that report might includes any recommendations to make the vendor compliant or contract changes and sharing vulnerability reports, ...

RE: Assuming risk form when no HECVAT/Soc2 available?

Posted By Scott May 07-20-2023 09:06:32 AM
Found In Library: HECVAT Users

RE: HECVAT vs SOC 2 report?

Posted By Scott May 06-15-2023 07:00:23 AM
Found In Egroup: HECVAT Users \ view thread

We don't see a lot of resistance, but vendors try to be efficient and submit old and outdated HECVATs. We require one completed in the last 12 months and it must be a version 3 HECVAT. I find half the vendors will heavily reference the SOC 2 Type 2 or even offer access via an NDA. If they do either, ...

Scott May

Edit My Profile

Scott May

My Content

RE: Assuming risk form when no HECVAT/Soc2 available?

RE: Assuming risk form when no HECVAT/Soc2 available?

RE: HECVAT vs SOC 2 report?

Community Groups

Working Groups

Mentoring

Volunteering

About Connect