How a Public Research University Strengthened Vendor Compliance with SmartSuite-Powered HECVAT

^Problem

Disconnected Systems + Manual Risk Workflows Slowed Down Procurement and IT Security Reviews

A public research university faced a growing challenge in managing vendor risk assessments. With the rise of third-party software and increasingly strict cybersecurity compliance standards, the institution’s process for conducting HECVAT (Higher Education Community Vendor Assessment Tool) reviews had become a major bottleneck.

The existing workflow relied heavily on spreadsheets, static documents, and ticketing systems to track assessments and vendor responses. Information was scattered, difficult to access, and lacked consistency. The security team often struggled to locate the most current version of a HECVAT or determine the status of a review.

"Finding the most recent HECVAT submission used to mean digging through tickets."

Manual follow-ups and vendor confusion further delayed evaluations. Multiple teams tracked vendor data differently, and there was no central location to manage records, communication, and decisions. As the volume of vendor engagements continued to grow, this fragmented system became increasingly unsustainable.

Q1

‍

^Solution

An End-to-End, No-Code HECVAT Workflow Built in SmartSuite

The public research university adopted SmartSuite to unify its entire HECVAT review process—digitizing intake, review, scoring, documentation, and reporting.

The implementation team, composed of university staff and SmartSuite GRC specialists, co-developed a tailored system that included:

External vendor forms for both HECVAT Light and Full versions, equipped with conditional logic to guide accurate responses
Automated workflows to trigger notifications, track due dates, and route submissions to the appropriate reviewers
Dynamic scoring of HECVAT results based on institution-specific weighting and risk thresholds
Role-based permissions and custom views to enable secure collaboration across procurement, IT security, accessibility, and other internal teams
A centralized vendor portal to manage profiles, submissions, past assessments, contracts, and key contacts

Instead of relying on static file uploads in a legacy ticketing system, the university now manages every step—from vendor intake to internal approval—within SmartSuite’s relational, no-code platform.

Q2

‍

^Results

100% Visibility, Streamlined Workflows, and Foundation for Expansion

The new system delivered immediate value. The university replaced spreadsheets and fragmented tracking tools with a live, integrated solution that:

Reduced the time required to send, receive, and review HECVATs by over 50%
Centralized vendor risk assessments across departments, establishing a single source of truth
Enabled asynchronous collaboration through in-record comments and automated workflow triggers
Automatically generated PDFs and dashboards tailored for procurement, IT security, and audit needs
Laid the foundation to expand into broader GRC workflows, including business continuity planning, risk acceptances, NDAs, and more

According to security and IT leadership, the institution is no longer just completing risk assessments—they’re managing the entire process from start to finish.

How a Public Research University Strengthened Vendor Compliance with SmartSuite-Powered HECVAT

Disconnected Systems + Manual Risk Workflows Slowed Down Procurement and IT Security Reviews

An End-to-End, No-Code HECVAT Workflow Built in SmartSuite

100% Visibility, Streamlined Workflows, and Foundation for Expansion

More Customer Stories

Lipps Electric

150+

Elegant Music Group

1,500+

Brightways

12+

Acuity

100+

Black Label Services

100+

CryoFuture

1

Quality Counts

10+

So Cal Classic Car Storage

50%

Gillette Children's

8

Roadchef Projects

70%

Food Truck League

700+

Grupo AFAL

+$17,000

Office Express

100%

PlantBasedTreaty

100%

Ratio Christi

70%+

Active3D

$100K+

CornholeATL

60+

SWAGBOX

3

Canterbury Consulting

25%

Apple Bank

5+

Cryogenic Industrial Solutions

10s

F AIR

20+

Agape Christian Bar Prep

98%

Progettiamo Autonomia

20+

BUCS Engineering

3

Analytic Vizion

90%

UCLA Student Affairs

3x

MediaLab 3D Solutions

$40,000+

Enablence Technologies

5 days

Waypoint Centre

4+

MGT (Layer3 Communications)

150+

Andex Kitchens

1

Parsons Counseling

1,500+

Allforce

55%

Weev

75%

Unicontrol

Team scaled 4.6x

UCLA Anderson

250+

Georgetown University