Skip to content
MarketScale
‹ Back to IndustriesEducation Technology

3 Tips for Selecting Education Vendors

Cybersecurity continues to be top of mind in new ways that we might not have considered during “normal” times. One area that needed our attention then and now is vendor management. Especially with the mad dash over the summer to get many districts ready for at least some remote learning, there are a lot of…

This story was produced through MarketScale. See how Education Technology teams put it to work with Executive Thought Leadership.

Share
3 Tips for Selecting Education Vendors

Cybersecurity continues to be top of mind in new ways that we might not have considered during “normal” times. One area that needed our attention then and now is vendor management. Especially with the mad dash over the summer to get many districts ready for at least some remote learning, there are a lot of new third-party vendors on the scene.

Pre-COVID, third-party vendors for schools and universities meant everything from transportation systems and student information platforms to applications like PowerSchool, Quizlet, and Google Classroom. Post-COVID, the term references all of that–plus things like COVID tracking and tracing programs.

Regardless of whether we are talking pre- or post-pandemic, third-party vendor risk is a serious topic. Ponemon Institute found that in the United States, 61 percent of data breaches were caused by third parties and vendors.

Are you wondering if you should get rid of third-party vendors? There’s no need to take such a dramatic step, but you should plan to get more focused on knowing what third-party vendors bring to the table when working with your institution.

Let the vetting begin

Vetting third-party vendors is like asking a teenager if they cleaned their room. As long as you don’t look under the bed or in the closet, everything looks good. The problem is, when you’re in education, you have to really dig into those dark places no one wants to look.

It doesn’t matter if you are hiring a new vendor or examining one that the institution has worked with for 30 years–the best way to get a baseline on a vendor is to run a risk assessment on them. Just like you assess physical risks to your school, best practice dictates that you apply the same rigor to the companies you work with and that have access to student or stakeholder data.

While it won’t help you make sure the vendor contract is written fairly, a well-executed vendor risk assessment will help you understand how every vendor handle security and privacy. It will also uncover those vendors who will act as true partners that want to work with you if something goes awry.

3 key areas to focus your efforts

Once you’ve done a complete risk assessment and know who brings what to the table, there are three critical areas you need to focus your attention on to help minimize vendor risk:

1. The Contract: Your institution is not going to cut a check to any vendor without first having a contract in place. But, when it comes to data privacy and breach specifics, what’s in that contract? Who owns stakeholder data? If something does go wrong, what responsibilities do you have vs. the vendor?

Questions such as these are critical to understand and agree upon before moving forward. State privacy laws vary, and you need to understand yours because they define what the institution’s obligation looks like. For instance, in some states, if a data breach occurs, the party that notifies individuals of the breach is financially responsible for things like annual credit monitoring for the victims. This type of financial outlay can get very expensive for a you very quickly, so it is critical that you denote in your contract what obligations your vendor has should a data violation occur.

2. Disaster Recovery: All of us have had the internet go out during a critical task. The same will happen at some point with your vendors. There is nothing wrong with asking – and in fact, you should ask – what happens if your service/product goes out? What’s the alternative? You want to depend on your vendors, so work with vendors to create a responsible expectation for when services will be restored.

3. Data Destruction: Taking a page from Europe’s book, many U.S. states have adopted data privacy laws much like GDPR. California, Delaware, Illinois, Louisiana, Maine, and Texas are among those recognized as having the toughest data privacy laws in the country, and most have requirements stipulating that if data needs to be destroyed, it be destroyed everywhere – including with vendors and in backups. Work into your contracts that if data needs to be destroyed, you get it back from the vendor and do it yourself, or, if the vendor destroys it, they do so pursuant to NIST Special Publication 800- 88 guidelines. Either way, make sure there is proof that the data has been destroyed properly.

Third-party vendors help your educational institution offer fantastic services to your stakeholders. However, the fact that third-party vendor risk is one of the fastest-growing cybersecurity threats in the industry means that vetting your partners is more important than ever. You want partners that are in the arena with you, not just collecting a check. First and foremost, you have to assess the risk a vendor brings to your school. Then you have to get into the weeds to understand how they handle data, service delays and privacy. If a vendor seems too in it for themselves and isn’t showing an interest in making you successful or keeping your students secure, keep looking.

Education Technology: are you visible to AI?

Before they reach out, Education Technology buyers ask AI engines which vendors to trust. See how AI describes your company today, and where competitors show up instead.

Free workspace

You just read one expert. Imagine publishing your whole team.

This article was produced through MarketScale. Create a free workspace and turn your own team's expertise into articles, video, and social posts. No credit card, no demo required.

NPS +73 · 1,000+ creators · 38+ countries

What you get, free

Your own MarketScale Studio workspace
One video edit a month, on us
AI writing, editing, and publishing tools
In-platform coaching to learn the system

More Education Technology Insights

Higher Ed's Seed Round: How Universities Decide Which Programs to Build

Higher Ed's Seed Round: How Universities Decide Which Programs to Build

The decision-making process for universities when choosing which online programs to develop and fund involves strategic considerations. These decisions are influenced by factors such as demand, resources, and institutional goals. Administrators need to weigh these elements to ensure successful and sustainable online education offerings.

  • 01Universities consider demand and resources in online program planning.
  • 02Institutional goals influence the choice of programs to fund.
  • 03Strategic decision-making is crucial for successful online education.

Jun 30, 2026

Teacher Stress Is Still at Crisis Levels in 2026. EdTech Vendors Selling Into Schools Need to Understand Why That Matters.

Teacher Stress Is Still at Crisis Levels in 2026. EdTech Vendors Selling Into Schools Need to Understand Why That Matters.

In 2026, more than half of US teachers continue to face significant job-related stress. This ongoing issue poses a primary adoption barrier for EdTech vendors and enterprise L&D teams targeting school districts. Understanding and addressing teacher stress is crucial for the successful implementation of educational technology.

  • 01Over half of US teachers experience high stress levels in 2026.
  • 02Teacher stress is a major barrier for EdTech adoption.
  • 03EdTech solutions must address stress to succeed in schools.

Jun 29, 2026

How Raptor's StudentSafe tackles behavioral threat assessment and student well-being

How Raptor's StudentSafe tackles behavioral threat assessment and student well-being

Raptor Technologies has transitioned from visitor management to enhancing student well-being with its StudentSafe platform. This move addresses school district needs for improved behavioral threat assessment. StudentSafe is designed to bolster educational security and student safety.

  • 01Raptor Technologies is expanding into student well-being.
  • 02The StudentSafe platform focuses on behavioral threat assessment.
  • 03StudentSafe responds to demands from school district customers.

Jun 26, 2026

Explore More Education Technology Insights

Read more expert perspectives from across Education Technology.

Browse Education Technology Hub

For B2B teams

Your experts could be publishing here

Stories like this one run on content MarketScale captures from real practitioners. See how your team's expertise becomes coverage in Education Technology and beyond.

Book a 15-minute demo

Or call us. No forms required. We pick up. 214-945-2512