Vendor Risk Assessment Program | Welcome

Stylized image of a binder with the words "Risk Assessment" written on the binding edge. 

Find solution providers that fit your third-party risk management initiatives.

Part of your role may be to manage and assess the cybersecurity risk of third-party vendors that are responsible for critical business functions at your institution.

To help you more quickly and easily find solution providers whose risk has been validated and that match your organization’s needs, we’ve established the new EDUCAUSE Vendor Risk Assessment Program.


What Is the Vendor Risk Assessment Program?

The Vendor Risk Assessment Program is a standardized and thorough way for higher education institutions to streamline their purchasing process and vendor review and onboarding. The program is focused on addressing consistency of vendor questionnaires and validation of a company’s cybersecurity posture, while leveraging the HECVAT, to help you more quickly and easily work with companies that serve the higher education community.

EDUCAUSE institutional members have access to completed vendor risk assessments, allowing you to:


  • icon: clock

    Save Time

    Reduce your time spent searching for new vendors that meet your needs

  • Work Efficiently

    Work Efficiently

    Quickly and easily review and assess a vendor’s risk

  • Find Trusted Partners

    Find Trusted Partners

    Choose your third-party vendors with confidence



Are you with a company that serves higher education IT? Interested in participating in this program? Find out how you can get involved.


Access Vendor Risk Assessments

As a benefit of EDUCAUSE membership, anyone from a member higher education institution will have access to the risk assessments provided on the Vendor Risk Assessment Program Reports Hub.

Reports are coming soon. Stay tuned!