Request edit access
Middlebury Information Security Survey for Canvas LTIs
We ask all potential vendors providing Canvas LTI options to complete our Security Survey.  This survey is required prior to acceptance and implementation.  
Sign in to Google to save your progress. Learn more
Educause HECVAT Survey
If you have completed the Educause HECVAT Survey, you may send a copy to dlinq@middlebury.edu in lieu of providing links to statements and policies. Note that you will still need to complete this survey.
Product Name *
Company Name *
Business Contact *
Email *
Phone *
Application / Service Description *
Please provide a basic overview of what the application or service is and does. Please include the Canvas features that this service integrates with, and how data is shared and used between Canvas and the service.
Middlebury Contact *
Who is the contact person that you are working with at Middlebury?
Does this application or service PROCESS, STORE, or TRANSMIT any REGULATED DATA? *
Examples of regulated data include: PII / Personally Identifiable Information, PCI / Payment Card Information, HRI / Health Records Information, FERPA / Academic Records. See https://en.wikipedia.org/wiki/Personally_identifiable_information for more information about PII or the links below for more information about other regulated data types.
If this application or service processes, stores, or transmits regulated data, is the REGULATED DATA ENCRYPTED both IN-TRANSIT and AT-REST? *
Does your solution transmit, process, or store any payment card data (PCI DATA) or redirect to a payment processor for payment card processing? *
PCI data means Payment Card Information. See https://www.pcisecuritystandards.org for more information.
If the application or service processes, stores, or transmits Academic data, is the application or service FERPA COMPLIANT? *
Academic data includes Grades and Student Financial Information. See http://www2.ed.gov/policy/gen/guid/fpco/ferpa/index.html for more information.
Please provide a link to your FERPA COMPLIANCE STATEMENT if you answered "Yes" to the question above.
Does your solution meet W3C WCAG 2.1 GUIDELINES?   *
If the application or service processes, stores, or transmits HRI, is the application or service HIPAA / HITECH COMPLIANT? *
HRI means Health Records Information. See http://www.hhs.gov/ocr/privacy/ for more information.
Please provide a link to your HIPAA/HITECH COMPLIANCE STATEMENT if you answered "Yes" to the question above.
Is ANTI-VIRUS software ENABLED to protect hosting and supporting systems for the application or service? *
Does the LTI leverage BEST-PRACTICE ACCESS CONTROLS? *
Examples of regulated data include: PII / Personally Identifiable Information, PCI / Payment Card Information, HRI / Health Records Information, FERPA / Academic Records. See https://en.wikipedia.org/wiki/Personally_identifiable_information for more information about PII or the links below for more information about other regulated data types.
Is client data in the application or service protected by a FORMAL DATA BACKUP & RECOVERY PROGRAM? *
What CANVAS LTI PRIVACY LEVEL does your LTI use? *
Is client data in the application or service governed by FORMAL PRIVACY & SECURITY POLICIES? *
Please provide a link to your PRIVACY & SECURITY POLICIES if you answered "Yes" to the question above.
Please provide a link to your LTI TERMS OF USE. *
If you have a separate TERMS OF USE for your service, please provide a link.
Is client data in the application or service protected by a FORMAL BREACH NOTIFICATION POLICY? *
Please provide a link to your BREACH NOTIFICATION POLICY if you answered "Yes" to the question above.
Please describe how instructors and students can remove their data and work from the service at the end of the semester. *
Submit
Clear form
Never submit passwords through Google Forms.
This form was created inside of Middlebury. Report Abuse