The 10 “must have” Requirements When Choosing an EdTech Supplier: Prioritising Security and Privacy
As the CEO of pixevety, I am currently attending the Consortium for School Networking (CoSN) 2025 annual conference on AI in Seattle where there is an intense focus on AI and data security. CoSN’s most recent survey of district tech leaders highlighted the uphill battle schools are facing in protecting student data, including educating the broader teacher community about how to vet EdTech technologies.
With that in mind, and with my usual privacy-by-design expert hat on, I’d like take the opportunity today to share my learnings as an EdTech supplier who, for over a decade now, has been dedicated to securing children’s data, and to highlight that this evolving supplier vetting process is not only essential, but critical, for a school to ensure the safety and privacy of student data.
In my previous article, I shared why securing school photos should be a major part of any school’s cyber safety strategy in 2025. With increasing cybersecurity threats and stricter regulations, schools in 2025 must thoroughly re-evaluate their existing technology providers and break away from any supplier who blatantly or inadvertently puts school/student data at risk.
What schools should lookout for in an EdTech supplier to make the right choice
When deciding on a supplier, I believe there are ‘10 “Must Have” requirements’ which I have compiled into the below checklist to help guide schools during the vendor selection process in 2025. Obviously, I created this checklist from my own experiences in the EdTech industry (would you be surprised to hear its over 13 years now) – seeking advice from various legal, cyber, data security and privacy experts from around the world – to ensure that my own service – pixevety – ticked all the right boxes. I share these findings today with schools so they can ask the right questions and to ensure other suppliers can answer them, having also invested in becoming responsible school data processors in this era of cyber security and privacy due diligence.
Edtech supplier checklist – The 10 “Must Have” Requirements
The key areas are:
- Is the vendor aware of their responsibilities as a data processor? Have they documented what they are?
- Do they have stringent data protection measures in place to protect children’s data?
- Are they compliant with regulatory requirements? Have they registered with the local regulator?
- Do they have the appropriate security measures in place to help prevent any cyber security incident? Do they have a process in place for managing a data breach?
- Do they have a strong reputation in privacy and security, and have they had any incidents in the past?
- Do they provide a transparent contract that protects the school’s interest, and provides fair termination clauses?
Final thoughts
Choosing the right EdTech supplier today is a decision that impacts not only school outcomes but also the safety and privacy of your students. If you need even more incentive, do it for your parents!
By using the above checklist and asking the right questions, schools can confidently select a provider that prioritises security, complies with regulations, and aligns with their values.
Remember, safeguarding student data isn’t just a legal obligation—it’s a critical part of building trust with students, parents, and the wider community—and selecting the right partner in your data processing is no longer a “nice to have” it is a “MUST HAVE!”