Central Piedmont Community College



Similar documents
Software as a Service (SaaS) Requirements

This document and the information contained herein are the property of Bowman Systems L.L.C. and should be considered business sensitive.

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

Supplier IT Security Guide

System Security Plan University of Texas Health Science Center School of Public Health

SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

MCSE SYLLABUS. Exam : Managing and Maintaining a Microsoft Windows Server 2003:

BEFORE THE BOARD OF COUNTY COMMISSIONERS FOR MULTNOMAH COUNTY, OREGON RESOLUTION NO

Why SaaS (Software as a Service) and not COTS (Commercial Off The Shelf software)?

An Oracle White Paper December Leveraging Oracle Enterprise Single Sign-On Suite Plus to Achieve HIPAA Compliance

Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH)

Microsoft Online Subscription Agreement/Open Program License Amendment Microsoft Online Services Security Amendment Amendment ID MOS10

HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT

Network Security Policy

The data which you put into our systems is yours, and we believe it should stay that way. We think that means three key things.

Cloud Computing: Legal Risks and Best Practices

CHIS, Inc. Privacy General Guidelines

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

INFORMATION SECURITY GOVERNANCE ASSESSMENT TOOL FOR HIGHER EDUCATION

Enrollment for Education Solutions Addendum Microsoft Online Services Agreement Amendment 10 EES

MIT s Information Security Program for Protecting Personal Information Requiring Notification. (Revision date: 2/26/10)

enicq 5 System Administrator s Guide

Solutions for Health Insurance Portability and Accountability Act (HIPAA) Compliance

White Paper on Financial Institution Vendor Management

IT General Controls Domain COBIT Domain Control Objective Control Activity Test Plan Test of Controls Results

<Choose> Addendum Windows Azure Data Processing Agreement Amendment ID M129

ICE SDR SERVICE DISCLOSURE DOCUMENT

Medical Privacy Version Standard. Business Associate Agreement. 1. Definitions

Microsoft Technologies

Preemptive security solutions for healthcare

SRA International Managed Information Systems Internal Audit Report

White Paper. BD Assurity Linc Software Security. Overview

SCHOOL DISTRICT OF BLACK RIVER FALLS HIPAA PRIVACY AND SECURITY POLICY

MICROSOFT CERTIFIED SYSTEMS ENGINEER Windows 2003 Track

Information Security Program Management Standard

MANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE

FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.

SHARED WEB AND MAIL HOSTING SERVICE LEVEL AGREEMENT (SLA) 2010

IBX Business Network Platform Information Security Controls Document Classification [Public]

HIPAA Security Alert

Newcastle University Information Security Procedures Version 3

Linux Technologies QUARTER 1 DESKTOP APPLICATIONS - ESSENTIALS QUARTER 2 NETWORKING AND OPERATING SYSTEMS ESSENTIALS. Module 1 - Office Applications

T146 Electro Mechanical Engineering Technician MTCU Code Program Learning Outcomes

Iowa Student Loan Online Privacy Statement

MCSA Security + Certification Program

Intel Enhanced Data Security Assessment Form

I. EXECUTIVE SUMMARY. Date: June 30, Sabina Sitaru, Chief Innovation Officer, Metro Hartford Innovation Services

HIPAA BUSINESS ASSOCIATE AGREEMENT

MCOLES Information and Tracking Network. Security Policy. Version 2.0

UNIVERSITY OF MAINE SYSTEM STANDARDS FOR SAFEGUARDING INFORMATION ATTACHMENT C

Table of Contents. Introduction. Audience. At Course Completion

Empowering the Enterprise Through Unified Communications & Managed Services Solutions

Remote Deposit Terms of Use and Procedures

Donna S. Sheperis, PhD, LPC, NCC, CCMHC, ACS Sue Sadik, PhD, LPC, NCC, BC-HSP Carl Sheperis, PhD, LPC, NCC, MAC, ACS

Network & Information Security Policy

Top Ten Technology Risks Facing Colleges and Universities

PLCs and SCADA Systems

Secure Frequently Asked Questions

Management Standards for Information Security Measures for the Central Government Computer Systems

IBM Cognos TM1 on Cloud Solution scalability with rapid time to value

Altius IT Policy Collection Compliance and Standards Matrix

Data Management Policies. Sage ERP Online

Heather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc.

Managing and Maintaining Windows Server 2008 Servers

Central Agency for Information Technology

HIPAA PRIVACY AND SECURITY AWARENESS

Ensuring HIPAA Compliance with AcclaimVault Online Backup and Archiving Services

Domain 5 Information Security Governance and Risk Management

Protecting Your Organisation from Targeted Cyber Intrusion

University System of Maryland University of Maryland, College Park Division of Information Technology

Overview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin

M6430a Planning and Administering Windows Server 2008 Servers

Addressing Cloud Computing Security Considerations

Office 365 Data Processing Agreement with Model Clauses

Wellesley College Written Information Security Program

167 th Air Wing Fast Track Cyber Program Blue Ridge Community and Technical College

FINAL May Guideline on Security Systems for Safeguarding Customer Information

FormFire Application and IT Security. White Paper

Indiana University of Pennsylvania Information Assurance Guidelines. Approved by the Technology Utilities Council 27-SEP-2002

EVALUATION REPORT. Weaknesses Identified During the FY 2014 Federal Information Security Management Act Review. March 13, 2015 REPORT NUMBER 15-07

Using Managed Services As A Software Delivery Model In Canadian Health Care

Retention & Destruction

Industrial Communications Training

HIPAA Transaction ANSI X Companion Guide

California State University, Sacramento INFORMATION SECURITY PROGRAM

University of Pittsburgh Security Assessment Questionnaire (v1.5)

WHITE PAPER. Managed File Transfer: When Data Loss Prevention Is Not Enough Moving Beyond Stopping Leaks and Protecting

Information Technology Cluster

BUSINESS ASSOCIATE AGREEMENT

One LAR Course Credits: 3. Page 4

Compliance and Industry Regulations

Music Recording Studio Security Program Security Assessment Version 1.1

Transcription:

Central Piedmont Community College Request for Information (RFI) Mechatronics Re-Envisioned: A Department of Labor TAACCCT Grant Supporting the Digitization of Advanced Manufacturing Curriculum 1 P age

TABLE OF CONTENTS 1. Summary and Background...3 2. Purpose of the RFI...3 3. Submission Guidelines...4 4. Request for Information Timeline and Review...4 5. Request for Information Submission/Contact Information...4 6. Appendix A/Course Descriptions.. 5 7. Appendix B/CPCC Hosted Solution Requirements...6 2 P age

1. Summary and Background The Mechatronics Re-Envisioned project will provide a vital educational resource that contributes to the growth and globalization of the Southeast s energy sector and the advanced manufacturing industry partners that form the region s energy cluster. Initiated at Central Piedmont Community College located in Charlotte, North Carolina, Mechatronics Re-Envisioned will engage key workforce and economic development leaders, regional employers, secondary, two year and four year education partners, and national industry partners to address key issues and explore pedagogical approaches within the field of Mechatronics identified as an emerging and growing field by the US Department of Labor. Mechatronics Re-Envisioned will meet the rising workforce requirements in the Charlotte Region s Energy sector and slow the growth of skill mismatches that are hampering the State s efforts to globalize and progress economically. Energy and Advanced Manufacturing have been identified as target industries for jobs attraction and retention (based on wage rate and projected growth analytics) and Mechatronics Re-Envisioned supports efforts to catalyze and enhance training targeted to these industries. Mechatronics Re-Envisioned also aligns with the North Carolina Jobs Plan (December 2013) goal of Developing and retaining a globally competitive workforce with the knowledge and skills for high quality, sustainable North Carolina jobs. CPCC championed the development and State Board approval of the original Mechatronics AAS degree and assisted the US DOL in the development of the Mechatronics career cluster competency model. Building on this work, the college will lead a gap analysis of the current curriculum, facilitate consensus on updating course content, establish lab standards, and modernize the delivery method. CPCC will also work with four year institutions across the State to establish articulation agreements and ensure credits earned at the community college transfer to four year degree programs. Employer partners will also play a critical role in the creation of Mechatronics career pathways that will lead to employment in a variety of positions in the growing energy industry sector. 2. Purpose of the RFI The purpose of this RFI is to contract with a qualified digital publishing firm to work with our subject matter experts at Central Piedmont Community College to modularize and digitize course materials included in ten curriculum courses in our Mechatronics Engineering Technology program and one accelerated Industrial Maintenance Fast Track course. Digitized courses should include engaging curriculum, simulations, high-quality video, assessments, and other electronic tools that ensure students meet the course competencies. The curriculum courses to be modularized and digitized are as follows: ATR 112 Introduction to Automation ELC 130 Advanced Motor and Controls ELC 131 Circuit Analysis I ELN 133 Digital Electronics ELN 260 Programmable Logic Controllers ISC 112 Industrial Safety MEC 130 Mechanisms MEC 180 Engineering Materials MEC 265 Fluid Mechanics PHY 131 Physics-Mechanics Industrial Maintenance Fast Track The majority of the courses above will be digitized within the 2015/2016 academic year with minor revisions being made in the following year. See Appendix A for course descriptions. 3 P age

All courses digitized must meet the approved Central Piedmont Community College Technology Standard. See Appendix B for approved CPCC Technology Standard. 3. Submission Guidelines CPCC wishes to evaluate all responses equally. To ensure consideration for this Request for Information, your submission should include all of the following: Cover Letter Company Profile Describe your interest in this project and the unique advantage your firm and team brings. List a maximum of five (5) relevant, similar projects, either currently in progress or having been completed in the past five (5) years, containing work comparable to this specific project, including any projects with CPCC. Discuss the firm s understanding of the Mechatronics Re-Envisioned project and describe the proposed project approach to deliver the services in an effective, timely, economical and professional manner. Provide an organization chart and curriculum vitae of all key team members who will be directly involved in providing services, including any subcontractors, to be assigned specifically to this project. Identify the Project Manager who will be empowered to make decisions for and act on behalf of the firm. Outline the project plans, structure and services to be provided and how and when these services shall be provided. Describe any support needed from CPCC staff in order to execute the Services. Describe the course delivery process including authentication, accessibility, and user experience. If the delivery process includes a hosted solution please ensure that the requirements in appendix B are followed. 4. Request for Information Timeline and Review All responses to this RFI are due no later than 5pm EST July 1, 2015. Evaluation of responses will be conducted from July 2, 2015 thru July 14, 2015. Interviews/Presentations will be held with firms on July 13 and 14 based on the recommendation of the selection committee. All parties will be notified of the committee selection within 30 days after the contract award. 5. Request for Information Submission/Contact Information Respondents should submit their entry to the address below by July 1, 2015 at 5pm EST. Submissions may also be sent via email to mike.hogan@cpcc.edu. Central Piedmont Community College P.O. Box 35009 Charlotte, NC 28235-5009 Attention: Mike Hogan, Associate Dean, STEM 4 P age

Appendix A Course Descriptions ATR 112 Introduction to Automation This course introduces the basic principles of automated systems and describes the tasks that technicians perform on the job. Topics include the history, development, and current applications of robots and automated systems including their configuration, operation, components, and controls. Upon completion, students should be able to understand the basic concepts of automation and robotic systems. ELC 130 Advanced Motor and Controls This course covers motors concepts, construction and characteristics and provides a foundation in motor controls. Topics include motor control ladder logic, starters, timers, overload protection, braking, reduced voltage starting, SCR control, AC/DC drives, system and component level troubleshooting. Upon completion, students should be able to specify, connect, control, troubleshoot, and maintain motors and motor control systems. ELC 131 Circuit Analysis I This course introduces DC and AC electricity with an emphasis on circuit analysis, measurements, and operation of test equipment. Topics include DC and AC principles, circuit analysis laws and theorems, components, test equipment operation, circuit simulation, and other related topics. Upon completion, students should be able to interpret circuit schematics; design, construct, verify, and analyze DC/AC circuits; and properly use test equipment. ELN 133 Digital Electronics This course covers combinational and sequential logic circuits. Topics include number systems, Boolean algebra, logic families, medium scale integration (MSI) and large scale integration (LSI) circuits, analog to digital (AD) and digital to analog (DA) conversion, and other related topics. Upon completion, students should be able to construct, analyze, verify, and troubleshoot digital circuits using appropriate techniques and test equipment. ELN 260 Programmable Logic Controllers This course provides a detailed study of PLC applications, with a focus on design of industrial controls using the PLC. Topics include PLC components, memory organization, math instructions, documentation, input/output devices, and applying PLCs in industrial control systems. Upon completion, students should be able to select and program a PLC system to perform a wide variety of industrial control functions. ISC 112 Industrial Safety This course introduces the principles of industrial safety. Emphasis is placed on industrial safety and OSHA regulations. Upon completion, students should be able to demonstrate knowledge of a safe working environment and OSHA compliance. MEC 130 Mechanisms This course introduces the purpose and action of various mechanical devices. Topics include cams, cables, gear trains, differentials, screws, belts, pulleys, shafts, levers, lubricants, and other devices. Upon completion, students should be able to analyze, maintain, and troubleshoot the components of mechanical systems. MEC 180 Engineering Materials This course introduces the physical and mechanical properties of materials. Topics include materials testing, pre- and post-manufacturing processes, and material selection of ferrous and non-ferrous metals, plastics, composites, and non-conventional materials. Upon completion, students should be able to utilize basic material property tests and select appropriate materials for applications. 5 P age

MEC 265 Fluid Mechanics This course covers the physical behavior of fluids and fluid systems. Topics include fluid statics and dynamics, laminar and turbulent flow, Bernoulli's Equation, components, applications, and other related topics. Upon completion, students should be able to apply fluid power principles to practical applications. PHY 131 Physics-Mechanics This Algebra/Trigonometry-Based course introduces fundamental physical concepts as applied to engineering technology fields. Topics include systems of units, problem-solving methods, graphical analysis, vectors, motion, forces, Newton's laws of motion, work, energy, power, momentum, and properties of matter. Upon completion, students should be able to apply the principles studied to applications in engineering technology fields. Credit by exam for PHS 151 can be obtained by request upon completion. 6 P age

Appendix B Introduction Hosted Solution Requirements Central Piedmont Community College Hosted Solution refers to the software service model whereas an application is hosted by a service provider to customers across the Internet. By eliminating the need to install and run the application on the customer's own servers and network, hosted solutions alleviates the customer's burden of software maintenance, ongoing operation, and support. While the technical needs for servicing the application is no longer needed, the burden of meeting CPCC s technology standards, security standards, service standards, and regulatory policies must be held. This document provides the basis of these requirements. General Services Authentication Environment CPCC has a strict policy requiring Hosted Solution vendors to provide authentication through CPCC s authentication solution. Service providers must be able to interface with CAS (Central Authentication Service) version 3.3 utilized at CPCC. CAS is an open source, token-based authentication system, that is a JA-SIG project. CAS provides a single-sign on authentication system. Additional information may be obtained through http://www.ja-sig.org/products/cas/. Providers are expected to support the currently supported versions of the CAS protocol, as identified on the JA-SIG web site, or the current supported version of the SAML protocol. In the event that a provider is not able to interface with CAS, a letter of exception must be approved by CPCC ITS. Service Authorization Services provided by the Hosted Solution must provide authorization capabilities internally within the application. These services must be documented and provided to ITS along with all information stored by the Hosted Solution provider related to individuals, groups, and authorization schemas. Reporting Services In the event that regular data extraction is not available for the use of developing reports with CPCC reporting solutions, then a description of available reporting services must be provided. Details with regards to documentation and training should be included. Customization Capabilities Services provided by the Hosted Solution provider may not meet all the requirements of CPCC. Therefore, customizations may be required to meet these requirements. However, customizations may 7 P age

be provided in various ways and with limitations. Customizations should be categorized as the following and the requirements must be met Configuration: pre-determined options available to CPCC with the ability to easily modify. Typically, provided through either a configuration file or settings in a database table. Requirement: It must be clear as to when changing a configuration after the services has been started can potentially lead to a problem with service or with the history of the data. Fixed Customizations: pre-determined and limited features CPCC can customize either by modifying an existing file, new file, or through an application programming interface (API). Requirements: Documentation detailing the ability to customize the file or about the API. Information regarding how future upgrades may impact these customizations. Open Customizations: source code is either partially or fully available for CPCC to customize the code as needed. Requirements Documentation regarding the code available for customization. Documentation regarding coding methodology, if one exists. Information regarding how future upgrades may impact these customizations and equivalent documentation if code-merge is required. Change-Request Customizations: customizations that has been reviewed and approved between CPCC and the Hosted Solution provider that will be conducted and maintained by the provider. Requirements Documentation regarding the process to request customizations. Cost estimate for requested customizations. Information regarding how future upgrades may impact these customizations. Customizations may be a great benefit to CPCC in meeting most, if not all, the specific needs. However, it must be weighed against the cost of maintenance, especially if it leads to potential downtime of services. End User Training Training provided to the College should be reviewed in a partnership with ITS to ensure compliance with the College s Information Technology Standards. Service Level Agreements SLAs Agreements regarding software and/or applications should be review in conjunction with ITS to ensure compliance with the College s Information Technology Standards. Data Storage All data stored by the Hosted Solution provider must be secured in a manner which prevents unauthorized access from internal and external parties. If possible, data should be encrypted. 8 P age

Data Storage Location The Hosted Solution provider must locate all stored data in the United States of America unless given express permission by CPCC. Backups The Hosted Solution provider must provide proof of their Business Continuity / Disaster Recovery plan including details on backups and retention periods. Backups that are stored offsite must be encrypted. Migration Strategies Migration strategies are required in preparation of any event requiring the transition of the data to a different Hosted Solution provider or internally to CPCC for continued service. If no such strategy is available, then procedures and documentation, including ER diagrams or equivalent diagrams, for a complete extraction of data is required. Data Retention / Release In the event of termination of contract, all data will be returned to CPCC ITS in a suitable standard format and wiped from the Hosted Solution provider s systems. This may also include the removal of backup data from tapes if the retention period is too long for aging to occur naturally. The Hosted Solution provider must adhere to any and all data retention / removal policies stipulated by the College. System Requirements Browser Requirements Any online services provided are required to be compatible with college supported browsers. Any online service should also pass the w3.org validator test (http://www.w3.org/qa/tools/) and be compatible with federally regulated accessibility standards (Section 508, http://www.section508.gov/). Client Requirements As a rule any service provided online should not require the use of a client installed component (e.g. activex, java). If a client is required for the service the provider must agree in writing to maintain client compatibility and must provide in writing any data that will be transmitted using the client component. Any client software must be compatible with Windows XP (service pack 2 and above), Windows Vista (all versions), and Windows 7 (all versions). It is highly recommended that client components also be compatible with the Mac OSX platform. Hosted Solution providers must agree to periodic audits of transmitted information by both CPCC ITS and state auditors as requested. 9 P age

Data Transfer All data transfers will be encrypted using 128bit (or higher) SSL for HTTP traffic and SSH version 2 for any batch or real time non-http transfers. Furthermore, SSL certificates must be signed by a trusted third party; no self-signed certificates will be considered. Inbound or outbound batch transfers must occur between endpoints that have a firewall policy that allows only the two endpoints to exchange data. DNS / Domain Registration Where possible, all Hosted Solution provided services will use the following format: services.cpcc.edu/hostedprovidername The service name will be negotiated between CPCC ITS, the provider, and the CPCC requesting entity. The Hosted Solution will provide CPCC with the IP(s) to resolve the address and they will configure this information on CPCC s DNS servers. Any changes must be communicated to CPCC ITS in a timely manner to prevent service interruptions. If a new domain is registered, it will be procured and administered by CPCC ITS. Email Requirements CPCC will, as a rule, not allow the Hosted Solution provider to spoof its domains in the envelope sender. Other headers (From, Reply-To, etc.) must be used instead. In certain circumstances, spoofing will be allowed but only if mail from the provider is directed to CPCC staff or faculty and never to non-cpcc entities or CPCC students. In such cases, a small number of MTA IP addresses will be provided to CPCC ITS for use in white-listing. If changes are made afterwards, they must be communicated to CPCC ITS in a timely manner to prevent service interruptions. In circumstances where email is directed to students, the provider must verify that they meet Google s Acceptable Use Policies. Workstation Environment Desktop applications should operate using current versions of Microsoft Windows and/or Apple Operating Systems. Data Integration Integration Requirements Hosted Solutions providing services that either require real-time data from the ERP system or update data into the ERP system must have an interface that have been developed with Colleague Studio or any other tools approved by Ellucian. Any other interfaces, including the use of an integration broker, must have details disclosed to insure proper operations without compromising services, security, and 10 P age

corruption of data. These interfaces should be available for CPCC to review and properly maintain. In the event that an integration broker is hosted by a third-party company, then all requirements apply to this company as well. Enterprise Application Environment The primary enterprise level application deployed and supported at Central Piedmont Community College (CPCC) is the Educational Enterprise Resource Planning (ERP) system which includes the Student Information Systems, Human Resource Management, and Financial Resource Management. The current ERP system is Colleague, a product and service selected by the North Carolina Community College System (NCCCS). Colleague is currently deployed using a propriety language known as Envision which uses IBM s Universe package as the foundation. In addition to using Unibasic as part of the Universe package, Unidata is used as the primary database for Colleague. While Colleague is the implemented ERP system, the Unidata database is the single source of data for the majority of information. In addition, to support other related systems, such as a Learning Management System (LMS), CPCC developed an Operational Data Store (ODS) using Microsoft SQL Server where data is stored through a locally developed ETL (Extract, transform, and load) tool. In addition, CPCC deployed several REST based API s to allow for data extraction from the ODS and other internal services. Policies/Regulations Data Ownership Unless there is a written agreement between CPCC and the provider with regards to data ownership, all data is exclusively owned by CPCC and a written agreement is required if the Hosted Solution provider will use the data other than the primary purposes of providing all agreed services. All data must be handled and secured according to the Security and Data Protection section. Security and Data Protection The following set of statements will be a component of any contract or other instrument that results from evaluation of responses to RFPs: Vendor shall treat all data that it receives from Central Piedmont Community College (CPCC), or is otherwise exposed to within CPCC data systems, with the highest degree of confidentiality and in compliance with all applicable federal and state laws and regulations and University policies. Vendor shall employ commercial best practices for ensuring the security of all CPCC electronic and paper data accessed, used, maintained, or disposed of in the course of Vendor's performance under this Agreement. Vendor shall only use such data for the purpose of fulfilling its duties under this Agreement and shall not further disclose such data to any third party without the prior written consent of CPCC or as otherwise required by law. 11 P age

Without limiting the foregoing, in the course of performing its duties under this Agreement Vendor MA Y receive, or be exposed to, the following types of data: student education records; financial information as that term is defined in the Financial Modernization Act of 1999; protected health information as that term is defined in the Health Insurance Portability and Accountability Act; and various items of personal identifying information including but not limited to Social Security Numbers, credit card numbers, financial account numbers and corresponding security or access codes and passwords, driver s license numbers, and Indiana state identification card numbers. Vendor shall employ sufficient administrative, physical, and technical data security measures to meet the requirements under the specific federal and state laws applicable to those data, including but not limited to: Student Education Records: The Family Education Rights and Privacy Act (FERPA), 20 USC 1232g et seq., and related regulations at 34 CFR Part 99; Financial Information including credit card and financial account numbers: The Financial Modernization Act of 1999, 15 USC 1681 et seq.; the Safeguards Rule at 16 CFR Part 314; and Indiana Code 4-1-11 and 24-4-9. Protected Health Information: The Health Insurance Portability and Accountability Act ("HIPAA'), 42 USC 1320d-2 (note); implementing privacy and security regulations at 45 CFR Parts 160 and 164, and related agency guidance; and the terms of any Business Associate Agreement or LOS agreement between CPCC and Vendor; Immediately upon becoming aware of a breach of the Vendor's security that reasonably may have resulted in unauthorized access to CPCC data, Vendor shall notify CPCC and shall cooperate fully with CPCC's investigation of and response to the incident. Except as otherwise required by law, Vendor shall not provide notice of the incident directly to the persons whose data were involved, without prior written permission from CPCC. Vendor acknowledges and agrees that CPCC is subject to North Carolina's Open Records law, and that disclosure of some or all of confidential information provided pursuant to this Agreement, or the Agreement itself, may be compelled pursuant to that law. CPCC agrees that, upon receipt of a request for confidential information made pursuant to the North Carolina Open Records law, it shall a) promptly notify Vendor of the fact and content of the request, b) consult with Vendor regarding any legitimate basis on which it might resist or narrow its response to the request, and c) disclose only information that CPCC, in the opinion of its legal counsel, is legally compelled to disclose." Further, CPCC has a robust and active technology security Office and program. The information at http://www.cpcc.edu/its/faculty-staff/its-security gives a further over overview of the laws mentioned above, and also outlines those security implementations considered by CPCC to be "best practices" for protection of sensitive institutional and personal data. Regulatory Compliance Along with the specified requirements for privacy and security of information as described in the Security and Data Protection section, CPCC will minimally request a copy of the Statement on Auditing Standards No. 70 (SAS 70) report. Cyber Insurance Cyber insurance is designed to mitigate losses from a variety of cyber incidents, including data breaches, business interruption, and network damage. The Department of Commerce has 12 P age

described it as an effective, market-driven way of increasing cyber-security because it may help reduce the number of successful cyber attacks by promoting the adoption of preventative measures; encouraging the implementation of best practices by basing premiums on an insured s level of self-protection; and limiting the level of losses that companies face following an attack. Hosted Solutions should carry cyber insurance to not only cover liability, but to promote confidence with security through preventive measures. Other Requirements ITS Implementation Scheduling Following standards may help with reducing implementation timelines, but still require implementation efforts. The overall timeline will depend on the complexity and integration needs. Therefore, a standard boilerplate project plan with fixed timelines cannot be used in isolation. ITS must be involved in reviewing integration process and with the project plan schedule. 13 P age

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information