A request for VPAT is being tracked already:
Issue 2314 – Voluntary Product Accessibility Template (VPAT) document
You can vote for it there.

I do not know HECVAT nor SOC2.

---

Your questions are bit ambiguous for a file transfer client. After all it's a software to manipulate data on a remote machine. It saves the data to where you connect it to with. We have no control over that. We do know know how do you use it. You do. WinSCP does not save any data remotely anywhere on its own behind your back, if that's what you ask about. The same about roles. WinSCP does not have any roles. The server you authenticate to with WinSCP might have roles, but that under your/server's control. Not ours.

Hello all,
I am trying to get approval for this to be used at Chemeketa Community College. To do this, I need the following documents, if there exist: CyberSecurity docs (HECVAT, SOC2), and Accessibility documents (VPAT). Do they exist?

I also have a few questions:

1. Does this app save to the users computer, or to the cloud?
   
2. Is there a list of fields from MBS for the data moved from MBS to Banner? (our use, anyway)
   
3. Do you know how that connection is secured? (e.g. Encrypted File, SFTP, etc)
   
4. Are there specific roles for people using WinSCP?
   
5. Does this system generate an audit log, and if so can that be exported to out security team?
   

That's it – thanks!
Bill Arndt
Chemeketa Community College