What is the K-12CVAT?

For K-12 Schools and Districts

  • The CoSN K-12 Community Vendor Assessment Tool or K-12CVAT, is a questionnaire framework specifically designed for K-12 schools, districts and education service districts to measure vendor risk. Before you purchase a third-party solution, ask the solution provider to complete a K-12CVAT tool to confirm that information, data, and cybersecurity policies are in place to protect your sensitive school system information and constituents’ PII. It is recommended that you use the K-12CVAT as part of procurement processes, including having potential solution providers complete the questionnaire as part of RFP processes and purchase evaluations.

For K-12 Solution Providers

  • The K-12CVAT offers a consistent and single questionnaire for solution providers to complete for potential and current K-12 organization clients to support evaluation and understanding of the risks and opportunities of your product. The advantage of the K-12CVAT is that, once completed, your assessment can be used by multiple K-12 organizations to streamline procurement processes with your K-12 clients
  • The K-12CVAT is based off the Educause Higher Education Community Vendor Assessment Tool – Lite (HECVAT-Lite), however, the questions are geared specifically towards K-12 education. Please make sure to use the K-12 questionnaire for your K-12 clients.

The K-12CVAT provides our district with a new view of our vendors and affords us the ability to make better informed decisions due to the easy-to-understand Summary Report generated when the vendor completes it. It highlights areas of strength and weakness and will allow us to perform a higher quality risk assessment prior to engaging with the vendor. This is because the vendor information provided on the K12-CVAT is not always covered in our normal RFP process and includes areas such as their approach to securing their data center, the application/system and access to our data by their employees; their overall security policy and procedures; and, their disaster recovery, business continuity and change management procedures. Ultimately, it provides me with greater confidence in the decision-making process – whether I’m recommending that we select or reject the vendor.”

Deborah Ketring, CETL
CIO, Rockwood School District (MO)
CoSN Cybersecurity Advisory