GNRL-03

Solution Description

Explanation

The 'Solution Description' question in the HECVAT (Higher Education Community Vendor Assessment Toolkit) is asking for a comprehensive overview of your product or service. This question serves as an introduction to your solution, helping the assessors understand what your product does, how it works, and its core functionality. Why it's being asked: 1. To establish context for the rest of the security assessment 2. To help assessors understand the scope and nature of the solution they're evaluating 3. To identify potential security concerns based on the solution's functionality 4. To determine which subsequent questions are most relevant to your specific solution This question is foundational because security requirements and risks vary significantly depending on the type of solution (e.g., a cloud-based learning management system has different security considerations than an on-premises research data processing tool). When answering this question, you should: - Be clear and concise but comprehensive - Describe the core functionality and purpose of your solution - Mention deployment models (cloud, on-premises, hybrid) - Note key technical components and technologies used - Highlight any aspects that involve sensitive data processing - Mention integration points with other systems if relevant - Include information about user roles and access patterns Avoid using excessive marketing language or technical jargon without explanation, as the goal is to provide a clear understanding of what your solution does from a functional perspective.

Example Responses

Example Response 1

SecureLearn is a cloud-based learning management system (LMS) that enables educational institutions to deliver online courses, manage student enrollments, and track academic progress The solution is hosted on AWS infrastructure in the US-East region and consists of a web application accessible via modern browsers, a mobile application for iOS and Android devices, and an API for integration with Student Information Systems SecureLearn processes student enrollment data, course materials, grades, and communication between instructors and students The system employs role-based access controls with distinct permission sets for administrators, instructors, teaching assistants, and students All data is encrypted in transit using TLS 1.2+ and at rest using AES-256 encryption The solution is designed as a multi-tenant SaaS offering with logical separation between customer environments.

Example Response 2

DataVault is an on-premises research data management platform designed for higher education institutions to securely store, process, and analyze sensitive research data The solution is deployed within the customer's data center and consists of a central storage repository, a processing engine for data transformation and analysis, and a web-based interface for researcher access DataVault supports various data types including genomic sequences, patient health information, and other research datasets that may contain personally identifiable information The system implements granular access controls allowing principal investigators to manage team member permissions All system components communicate over encrypted channels, and the solution integrates with institutional authentication systems via SAML 2.0 DataVault maintains comprehensive audit logs of all data access and manipulation activities to support compliance with research data protection requirements.

Example Response 3

CampusConnect is a student engagement mobile application currently in development by our startup The application will allow students to connect with campus resources, view event calendars, and communicate with student organizations We plan to host the solution on Google Cloud Platform, but our infrastructure architecture is not yet finalized The application will collect basic student profile information and track event attendance, but we have not yet implemented encryption for data at rest or completed our access control model We're a small team of three developers without dedicated security personnel, though we plan to engage a security consultant before launch We recognize that our current security posture does not meet higher education standards, and we're seeking guidance on prioritizing security enhancements as we complete development over the next six months.

Context

Tab
Product
Category
General Information

ResponseHub is the product I wish I had when I was a CTO

Previously I was co-founder and CTO of Progression, a VC backed HR-tech startup used by some of the biggest names in tech.

As our sales grew, security questionnaires quickly became one of my biggest pain-points. They were confusing, hard to delegate and arrived like London busses - 3 at a time!

I'm building ResponseHub so that other teams don't have to go through this. Leave the security questionnaires to us so you can get back to closing deals, shipping product and building your team.

Signature
Neil Cameron
Founder, ResponseHub
Neil Cameron