Feel free to send them the template below. Just replace "[Vendor]" with the name of your vendor and send it off to your point of contact:
"I have been notified by our Information Security team that due to the data your service handles, a review is required by UVA policy. Our Information Security team has implemented a new process for conducting these reviews which allows for an easier and more secure means for transmitting documentation.
Requests for [Vendor]’s review will be sent from “UVA IT Compliance <[email protected]>” with the words “Assessment Assigned” in the subject line. The email will include information and instructions for completing the review.
UVA Information Security uses the Higher Education Cloud Vendor Assessment Tool (HECVAT) for reviews. If you organization already maintains a completed copy of the HECVAT, then you only need to complete through the Documentation section – then hit the button that says “Submit” at the bottom right. If you do not have an up to date HECVAT, then please complete the full form.
Please let me know if you are not the appropriate person to receive this request. Otherwise, thank you for your assistance in helping us to comply with the University’s Vendor Security Review Standard."