Internet2 NET+ Launches NET+ UpGuard Service for Scaling Third-Party Risk Management

By Nick Lewis - Internet2 Senior Program Manager

Internet2 is excited to announce the launch of the NET+ UpGuard program. UpGuard is a leading provider of third-party risk management technology.

The new NET+ UpGuard service brings simplified deployment, competitive pricing, and research-ready flexibility to research and higher education (R&E) institutions. Internet2 selected this service through a competitive procurement process and evaluated it through the Internet2 NET+ Service Evaluation process. 

Institutions have told Internet2 how challenging it is to manage all of their third-party vendors because of the distributed nature of higher education and the number of third-party vendors in use by their institutions. This third-party risk management (TPRM) tool enables institutions to strengthen and scale their TPRM programs to effectively manage third-party vendors and reduce risk.

The NET+ UpGuard program can be used as part of institutional workflows to coordinate among institutional stakeholders and document due diligence using HECVAT, covering IT accessibility, privacy, legal, and other aspects of the institution. Having a tool for this workflow can help institutions streamline many manual and email-based processes into repeatable processes to regularly assess third-party vendors.

UpGuard Vendor Risk is a platform that delivers continuous vendor insights, 360-degree assessments, and efficient AI-powered workflows. An institution can coordinate reviews across the workflow, store documentation for each third-party vendor, and share information internally with stakeholders to support comprehensive reviews of high-risk third-party vendors or less resource-intensive reviews of lower-risk third-party vendors. You can learn more about UpGuard on the UpGuard website.

Want to learn more about the benefits of NET+ UpGuard? Join us for the launch webinar on May 13 at 12 p.m. ET.

Sign Up for the Webinar (opens in a new window)

Community-Driven Evaluation

In 2023, the R&E community asked NET+ to identify tools institutions can use to scale their TPRM programs.

In response, Internet2 NET+ worked with eight R&E institutions to conduct a competitive procurement process, ultimately awarding the Request for Proposal (RFP) to UpGuard. The Internet2 NET+ team then convened a service evaluation group of representatives from seven R&E institutions to review the UpGuard solution.

The input from the service evaluation group shaped the NET+ UpGuard service and ensured it aligns with higher education priorities. Those priorities include IT accessibility, completing a HECVAT, and tiering third parties. 

Institutions can tier their vendors based on the type of data stored, the number of users, or the criticality of the third-party vendor. Additionally, vendors can be placed in tiers with different assessments or more frequent assessments.  

Continuous risk monitoring also provides ongoing visibility into changes in vendor risk, enabling institutions to identify and respond to emerging issues between assessment cycles. 

The NET+ UpGuard offering reflects more than a year of community-driven work, including developing requirements, negotiating a business model and contract, and evaluating the technology.

In all, the service evaluation process covered:

• Functional Assessment – Institutions discussed use cases for workflows and stakeholder inclusion.
• Technical Integration – This process included integrations with Jira and APIs.
• Security & Compliance – Institutions reviewed UpGuard’s HECVAT and accessibility documentation.

Why It Matters for R&E

Institutions increasingly face challenges when inventorying and assessing third parties.

• Institutions are more commonly outsourcing or using third parties. Institutional teams often identify third parties in use on their institutions through manual investigation, reviews, workflows, and engagement with their internal community. Institutions can now use NET+ UpGuard to streamline manual workflows and document the reviews.
• Once an institution is aware of the third-party vendor, many struggle to determine what level of due diligence is required to manage the risks. Using NET+ UpGuard to tier third-party vendors will help determine what is necessary for due diligence. 
• Few institutions have the resources to conduct labor-intensive assessments for all of their third-party vendors. Using NET+ UpGuard to tier their third parties can help institutions focus their efforts on high-risk third parties.
• R&E institutions are under pressure from laws, regulations, and security incidents to devote more resources to managing third-party risks. Institutions can utilize NET+ UpGuard to track data types and compliance requirements for third-party vendors, so they know where to check when there’s a change in the law or a security incident.    

During the NET+ Service Evaluation, evaluators negotiated a simplified pricing model that is more accessible to R&E institutions compared to commercial rates.

Join the NET+ UpGuard Launch Webinar

We invite the entire R&E community to hear directly from their peers who have shaped this service. UpGuard representatives will also be on hand to discuss how the new service works in practice.

NET+ UpGuard Launch Webinar – May 13, 2026, at 12 p.m. ET

Speakers include:

• Steven Lovaas, CISO at Colorado State University
• Ramon Delacruz, Senior Manager of Information Security & Data Privacy at Harvard University 
• Greg Pollock, Director of Research and Insights at UpGuard
• Nick Lewis, NET+ Senior Program Manager, Internet2

Learn More

The Internet2 NET+ service portfolio is a selection of cloud solutions requested, evaluated, and advanced by the R&E community.

The addition of NET+ UpGuard now expands options for third-party risk management innovation. Reach out to us at netplus@internet2.edu to learn more about the newest NET+ service.

Additional Resources

• NET+ UpGuard
• NET+ UpGuard Program Wiki

About the Internet2 NET+ Program

The Internet2 NET+ program delivers cloud services vetted by higher education institutions for research and education. With over 20 services subscribed to by 600+ institutions, NET+ ensures solutions are optimized for functionality, security, compliance, pricing, and ease of deployment.

For more information, visit the Internet2 NET+ home page.

About UpGuard

UpGuard helps businesses manage cybersecurity risk. UpGuard’s integrated risk platform combines third-party security ratings, security assessment questionnaires, and threat intelligence capabilities to give businesses a full and comprehensive view of their risk surface. To learn more, visit www.upguard.com.