Last updated: 9 January 2024

At Grasple we understand the paramount importance of data security. That’s why we have taken rigorous steps to ensure that your data is safeguarded at every level of our operations. We are fully GDPR compliant and undergo an audit following the NOREA Privacy Control Framework. Another step we took to ensure data security, is completing the HECVAT questionnaire. We completed the questionnaire to streamline the procurement processes with higher education clients and to give the institution a baseline verification of our cybersecurity controls, policies and procedures. 

What is HECVAT?

The Higher Education Cloud Vendor Assessment Toolkit (HECVAT) is a collection of security assessment questionnaire templates specifically designed to measure third-party risk for higher education institutions. Depending on which HECVAT assessment is used, a completed HECVAT can give both academic institutions and their solution providers a better understanding of the risks they face. 

Our commitment to security

For Grasple as a third-party vendor, HECVAT is a way to demonstrate to higher education institutions that we have the appropriate information security, data privacy, and cybersecurity policies in place to protect their sensitive information and their constituents’ PII. At Grasple, we take security seriously. We understand that trust is the foundation of any successful partnership, and completing the HECVAT questionnaire is one of the many steps we have taken to keep your data secure. 

HECVAT compliance

HECVAT offers multiple tools to accommodate the unique cybersecurity risk management requirements of different educational institutions and third-party service providers. Grasple completed the HECVAT Lite assessment, this tool is a more concise version of HECVAT. This risk assessment is suitable for vendors that do not process critical data. Information on this is available upon request via support@grasple.com

Questions and feedback
Regarding questions or feedback related to the HECVAT, you can contact us: