UMass is committed to delivering world-class education and groundbreaking research while protecting the data of our students, staff, faculty, and researchers. As our campuses become increasingly digital and interconnected, we must balance innovation with security and transparency - especially as artificial intelligence becomes embedded in more tools we use every day.
To strengthen our approach, UMass requires all suppliers with AI or machine learning products to complete a HECVAT assessment. The EDUCAUSE Higher Education Community Vendor Assessment Toolkit, or HECVAT, is an industry-standard security evaluation tool tailored to higher education. We use it to assess how AI-enabled solutions handle data security, transparency, and compliance. This requirement applies to any product or service with AI or machine learning components, including natural language processing (NLP), computer vision, predictive analytics, and similar technologies.
When Will You Need a HECVAT
Today, nearly every modern software product, from simple productivity tools to complex research platforms, features an embedded AI component. In many cases, our buyers and faculty may not even be aware that these features exist or how they process their data.
The HECVAT is designed to streamline the assessment process for both suppliers and UMass. From a procurement perspective, the HECVAT is designed to be a win-win.
For Suppliers:
- Eliminates repetitive security questionnaires from multiple departments.
- Uses an industry-standard assessment tailored to higher education needs.
- Provides a single, comprehensive response to security inquiries.
For UMass:
- Creates a standardized, objective dataset for faster reviews.
- Allows our Procurement and Information Security teams to expedite contract approval.
- Reduces administrative delays and accelerates the path to purchase.
You will be asked to submit your HECVAT when UMass initiates a purchase request, contract negotiation, or RFP for your AI-enabled product or service. At that time, provide your completed copy to help expedite our review
How to Prepare
The HECVAT is one of the ways UMass ensures that AI and machine learning solutions meet our data security and compliance standards.
We encourage suppliers with AI or machine learning products to proactively maintain a completed HECVAT. By having this assessment ready before UMass requests it, you can respond quickly when procurement begins, which accelerates the entire contract process. Maintaining a completed assessment on file demonstrates that your organization prioritizes data privacy and security and is prepared to meet higher education regulatory requirements.
The first step is to download and keep the latest version of the form from the EDUCAUSE Higher Education Community Vendor Assessment Toolkit page. The assessment is straightforward - it asks about your data practices, security measures, and how your AI features work. When UMass requests your HECVAT, simply provide your completed copy.
We look forward to continuing our partnership and working together to maintain a secure and resilient learning environment within UMass.
Questions about HECVAT requirements or our procurement process? Reach out to the UPST team at A&Fsupport@umassp.edu.
Return to the UMass Supplier Newsletter homepage