Request edit access
Middlebury Information Security Survey for Canvas LTIs
We ask all potential vendors providing Canvas LTI options to complete our Security Survey. This survey is required prior to acceptance and implementation.
* Required
Educause HECVAT Survey
If you have completed the Educause HEVCAT Survey, you may send a copy to
dlinq@middlebury.edu
in lieu of providing links to statements and policies. Note that you will still need to complete this survey.
Product Name
*
Your answer
Company Name
*
Your answer
Business Contact
*
Your answer
Email
*
Your answer
Phone
*
Your answer
Application / Service Description
*
Please provide a basic overview of what the application or service is and does.
Your answer
Middlebury Contact
*
Who is the contact person that you are working with at Middlebury?
Your answer
Does this application or service PROCESS, STORE, or TRANSMIT any REGULATED DATA?
*
Examples of regulated data include: PII / Personally Identifiable Information, PCI / Payment Card Information, HRI / Health Records Information, FERPA / Academic Records. See
https://en.wikipedia.org/wiki/Personally_identifiable_information
for more information about PII or the links below for more information about other regulated data types.
Yes
No
If this application or service processes, stores, or transmits regulated data, is the REGULATED DATA ENCRYPTED both IN-TRANSIT and AT-REST?
*
Yes
No
N/A
Does your solution transmit, process, or store any payment card data (PCI DATA) or redirect to a payment processor for payment card processing?
*
PCI data means Payment Card Information. See
https://www.pcisecuritystandards.org
for more information.
Yes
No
If the application or service processes, stores, or transmits Academic data, is the application or service FERPA COMPLIANT?
*
Academic data includes Grades and Student Financial Information. See
http://www2.ed.gov/policy/gen/guid/fpco/ferpa/index.html
for more information.
Yes
No
N/A
Please provide a link to your FERPA COMPLIANCE STATEMENT if you answered "Yes" to the question above.
Your answer
Does your solution meet W3C WCAG 2.1 GUIDELINES?
*
https://www.w3.org/WAI/standards-guidelines/wcag/
Yes
No
If the application or service processes, stores, or transmits HRI, is the application or service HIPAA / HITECH COMPLIANT?
*
HRI means Health Records Information. See
http://www.hhs.gov/ocr/privacy/
for more information.
Yes
No
N/A
Please provide a link to your HIPAA/HITECH COMPLIANCE STATEMENT if you answered "Yes" to the question above.
Your answer
Is ANTI-VIRUS software ENABLED to protect hosting and supporting systems for the application or service?
*
Yes
No
Does the LTI leverage BEST-PRACTICE ACCESS CONTROLS?
*
Examples of regulated data include: PII / Personally Identifiable Information, PCI / Payment Card Information, HRI / Health Records Information, FERPA / Academic Records. See
https://en.wikipedia.org/wiki/Personally_identifiable_information
for more information about PII or the links below for more information about other regulated data types.
Yes
No
Is client data in the application or service protected by a FORMAL DATA BACKUP & RECOVERY PROGRAM?
*
Yes
No
What CANVAS LTI PRIVACY LEVEL does your LTI use?
*
Annonymous
Name Only
Email Only
Name and Email Only
Public
Is client data in the application or service governed by FORMAL PRIVACY & SECURITY POLICIES?
*
Yes
No
Please provide a link to your PRIVACY & SECURITY POLICIES if you answered "Yes" to the question above.
Your answer
Please provide a link to your LTI TERMS OF USE.
*
Your answer
If you have a separate TERMS OF USE for your service, please provide a link.
Your answer
Is client data in the application or service protected by a FORMAL BREACH NOTIFICATION POLICY?
*
Yes
No
Please provide a link to your BREACH NOTIFICATION POLICY if you answered "Yes" to the question above.
Your answer
Submit
Page 1 of 1
Never submit passwords through Google Forms.
This form was created inside of Middlebury.
Report Abuse
Forms
