Request edit access
Middlebury Information Security Survey for Canvas LTIs
We ask all potential vendors providing Canvas LTI options to complete our Security Survey. This survey is required prior to acceptance and implementation.
Educause HECVAT Survey
If you have completed the Educause HEVCAT Survey, you may send a copy to dlinq@middlebury.edu in lieu of providing links to statements and policies. Note that you will still need to complete this survey.
Product Name *
Your answer
Company Name *
Your answer
Business Contact *
Your answer
Email *
Your answer
Phone *
Your answer
Application / Service Description *
Please provide a basic overview of what the application or service is and does.
Your answer
Middlebury Contact *
Who is the contact person that you are working with at Middlebury?
Your answer
Does this application or service PROCESS, STORE, or TRANSMIT any REGULATED DATA? *
Examples of regulated data include: PII / Personally Identifiable Information, PCI / Payment Card Information, HRI / Health Records Information, FERPA / Academic Records. See https://en.wikipedia.org/wiki/Personally_identifiable_information for more information about PII or the links below for more information about other regulated data types.
If this application or service processes, stores, or transmits regulated data, is the REGULATED DATA ENCRYPTED both IN-TRANSIT and AT-REST? *
Does your solution transmit, process, or store any payment card data (PCI DATA) or redirect to a payment processor for payment card processing? *
PCI data means Payment Card Information. See https://www.pcisecuritystandards.org for more information.
If the application or service processes, stores, or transmits Academic data, is the application or service FERPA COMPLIANT? *
Academic data includes Grades and Student Financial Information. See http://www2.ed.gov/policy/gen/guid/fpco/ferpa/index.html for more information.
Please provide a link to your FERPA COMPLIANCE STATEMENT if you answered "Yes" to the question above.
Your answer
Does your solution meet W3C WCAG 2.1 GUIDELINES? *
If the application or service processes, stores, or transmits HRI, is the application or service HIPAA / HITECH COMPLIANT? *
HRI means Health Records Information. See http://www.hhs.gov/ocr/privacy/ for more information.
Please provide a link to your HIPAA/HITECH COMPLIANCE STATEMENT if you answered "Yes" to the question above.
Your answer
Is ANTI-VIRUS software ENABLED to protect hosting and supporting systems for the application or service? *
Does the LTI leverage BEST-PRACTICE ACCESS CONTROLS? *
Examples of regulated data include: PII / Personally Identifiable Information, PCI / Payment Card Information, HRI / Health Records Information, FERPA / Academic Records. See https://en.wikipedia.org/wiki/Personally_identifiable_information for more information about PII or the links below for more information about other regulated data types.
Is client data in the application or service protected by a FORMAL DATA BACKUP & RECOVERY PROGRAM? *
What CANVAS LTI PRIVACY LEVEL does your LTI use? *
Is client data in the application or service governed by FORMAL PRIVACY & SECURITY POLICIES? *
Please provide a link to your PRIVACY & SECURITY POLICIES if you answered "Yes" to the question above.
Your answer
Please provide a link to your LTI TERMS OF USE. *
Your answer
If you have a separate TERMS OF USE for your service, please provide a link.
Your answer
Is client data in the application or service protected by a FORMAL BREACH NOTIFICATION POLICY? *
Please provide a link to your BREACH NOTIFICATION POLICY if you answered "Yes" to the question above.
Your answer
Submit
Never submit passwords through Google Forms.
This form was created inside of Middlebury. Report Abuse