This announcement follows a competitive procurement process that selected UpGuard to participate in the NET+ Service Evaluation Process.
The evaluation addresses a pressing need in higher education. In the 2024 EDUCAUSE QuickPoll on Third-Party Risk Management (TPRM), only 35% of institutions reported having a formal TPRM program, while 58% rely on informal, ad-hoc processes, and 5% have no program at all.
Respondents cited the complexity and volume of vendor relationships, limited visibility into security practices, and inconsistent review processes as top pain points.
How We Got Here
Recognizing this community need, Internet2 convened a working group of research and education (R&E) institutions to explore solutions, define R&E-specific requirements, and guide a competitive procurement process. Internet2 then released a Request for Proposal (RFP) in late 2024.
This process reflects the NET+ commitment to solving community-identified needs with shared, scalable solutions in emerging technology areas.
Following the competitive procurement, Internet2 NET+ awarded the RFP to UpGuard Vendor Risk, conditional upon final approval by Internet2 and the successful negotiation of a contract.
The RFP team, composed of R&E community members, chose UpGuard based on their evaluation of the technical and business requirements from the RFP.
What’s Next: NET+ Service Evaluation Process
UpGuard Vendor Risk is a comprehensive third-party risk management solution that helps organizations identify, assess, and monitor security risks across their vendor ecosystems.
The platform offers continuous security monitoring, automated risk scoring, and enterprise-scale supply chain visibility.
Through UpGuard Vendor Risk, institutions can utilize AI-powered assessments and real-time scanning to streamline what has traditionally been a manual, time-intensive process.
Internet2 has launched the community-led Service Evaluation phase to negotiate the contract.
The Service Evaluation process further follows our established NET+ methodology to ensure thorough vetting of each service:
- Technical Assessment: Evaluation of architecture, security, and integration capabilities based on community user experiences
- Compliance: Assessment of security and accessibility through the Higher Education Community Vendor Assessment Toolkit (HECVAT) and VPAT reviews, with commitments to relevant laws and standards like FERPA, HIPAA, and WCAG
- Contract Negotiation: Development of favorable terms for R&E, business model, and pricing
- Deployment: Comprehensive documentation to support adoption
This Service Evaluation effort is led by a group of eight public and private institutions. The Service Evaluation team includes an academic medical center, multiple public flagship universities, and an Ivy League institution.
Working Together to Reduce Vendor Risk in Higher Education
Through the Internet2 NET+ program, the R&E community works together to evaluate and manage cloud services at scale.
The Cloud Scorecard helps institutions discover technologies, like UpGuard, that meet higher education standards, while our portfolio of over 20 actively managed NET+ services provides trusted, vetted solutions.
NET+ also actively supports community initiatives such as HECVAT, which streamlines vendor risk assessments; the NET+ Third-Party Risk Management Working Group; and the Vendor Management Community of Practice.
When your institution adopts a NET+ service, you’re not just choosing a secure, community-vetted solution — you’re also investing back into the collective effort to strengthen cybersecurity, improve vendor accountability, and protect the mission of research and education.
Get Involved
Email us to learn more about this Service Evaluation and join the NET+ TPRM Working Group to receive relevant updates or ask additional questions.