Documentation
HECVAT Lite v3.0.6
Business Continuity Plan
HLSY-03

Question HLSY-03

Are your systems and applications scanned for vulnerabilities [that are then remediated] prior to new releases?

Weight10
High RiskNo
RequiredYes
Compliant AnswerYes

Standard Guidance

EDUCAUSE provides no guidance here

Answering "NO"

Describe plans to implement application vulnerability scanning [and remediation] prior to release.

Answering "YES"

Provide a brief description.

Reason for Question

Modern technologies allow for rapid deployment of features and with them, come changes to an established code environment. The focus of this question is to verify a vendor's practice of regression testing their code and verifying that previously nonexistent risks are not introduced into a known, secured environment.

Follow-Up Inquiries

Ask if there are plans to implement these processes. Ask the vendor to summarize their decision behind not scanning their applications for vulnerabilities prior to release.

HECVAT Pro Advice

[Add expert insights and best practices]

Implementation Tips

[Add practical steps for SME SaaS vendors]

FAQ

[Add common questions related to this HECVAT item]

Resources

[Add links to relevant articles or tools]