Why Security Reviews Matter 

As a researcher or professor at Missouri S&T, you understand the critical role that data security plays in our academic and research endeavors. Given our university’s receipt of federal funding for research, it is imperative that we adhere to stringent security protocols. Security reviews ensure that all systems, applications, and devices comply with federal regulations, safeguarding our sensitive data, research findings, and intellectual property. A security breach could not only compromise this data but also jeopardize our federal funding and the university’s reputation. 

The Role of HECVAT 

The Higher Education Community Vendor Assessment Toolkit (HECVAT) is a standardized questionnaire designed to evaluate the security practices of third-party vendors. This is particularly important for Missouri S&T for several reasons: 

• Data Protection: HECVAT ensures that vendors handling our data have robust security measures in place to protect sensitive information. 

• Compliance: It aligns with various cybersecurity frameworks and regulations, ensuring that vendors meet the necessary compliance requirements. 

• Risk Management: By assessing potential risks associated with third-party vendors, HECVAT helps us mitigate security threats before they become issues. 

When is HECVAT Required? 

HECVAT is typically required when Missouri S&T plans to engage with a new vendor or renew contracts with existing vendors, especially those that will handle sensitive or regulated data. This includes products involving artificial intelligence, cloud service providers, software vendors, and any third-party services that will interact with our IT infrastructure and not operate or store data locally. 

IT Reviews for Research Instrumentation 

Since today’s research instrumentation are often integrated with technology, such as specialized hardware and software used in scientific studies, they often require an IT review for several reasons: 

• Security Compliance: Ensuring that the instrumentation complies with university and federal security standards. 

• Data Integrity: Protecting the integrity and confidentiality of research data collected and processed by these instruments. 

• Operational Continuity: Preventing disruptions in research activities by identifying and mitigating potential IT-related issues.