Cloud Vendor Assessment Tool

The Higher Education Cloud Vendor Assessment Tool, and the lightweight version (with a shorter set of questions for review in low-risk situations), was created by the Higher Education Information Security Council (HEISC) Shared Assessments Working Group. Its purpose is to provide a starting point for the assessment of third-party provided cloud services and resources. Over time, the Shared Assessments Working Group hopes to create a framework that will establish a community resource where institutions and cloud services providers will share completed assessments. 

Western Michigan University has chosen to participate with this project for the assessment of cloud services requested by WMU faculty and staff as part of a product review.

The product review requester should:

  1. Submit the link to this page ( to their cloud service vendor.
  2. After the vendor fills out and sends the appropriate form back, email it to

The vendor should:

  1.  Follow the link below to Higher Education Cloud Vendor Assessment Tool.
  2. Download the Lightweight Version  (if the product involves HIPPA or PCI, the Assessment Tool should be downloaded).
  3. Fill out the form, save it and email it back to the requester. 
  4. Higher Education Cloud Vendor Assessment Tool