The Vendor is required to provide to assist in the enhancement and development of each entity's overall information security and technology maturity, thereby reinforcing the collective capabilities of the partnership.
- Scalable security services – institutions will have access to tiered support models, allowing them to leverage core shared services while also benefiting from institution-specific enhancements as needed.
- Role virtualization & consolidation – in cases where dedicated personnel may not be feasible, key security functions can be centralized, virtualized, or consolidated.
- Optimized resource allocation – smaller colleges will benefit from pooled expertise, gaining access to cybersecurity engineers, compliance specialists, and security architects without the need for full-time in-house staff.
- IT-as-a-service (ITAAS) for remediation & configuration – to further enhance security readiness, services will include on-demand technical support for security remediation, system hardening, and ongoing configuration management.
- Review and refine the existing documentation of information security roles and responsibilities.
- This includes identifying key roles such as the security officer, information security manager, system owners, data owners, and other relevant positions.
- Defining the overall philosophy and intent of acceptable use, emphasizing responsible and ethical use of IT resources.
- This will include statements about business use prioritization, user accountability, respect for intellectual property, and protection of sensitive information.
- Providing detailed guidelines on acceptable use of specific it resources, including email, internet, social media, data handling, password management, and BYOD (if applicable).
- System of record (inventory): requiring the maintenance of a comprehensive inventory of all systems and data, linked to their respective data classifications.
- This inventory will be used to track and manage data throughout its lifecycle.
- Data protection and handling: defining specific controls and procedures for protecting data at each classification level.
- This will include requirements for access control, encryption, data masking, data loss prevention, and other safeguards to ensure confidentiality, integrity, and availability.
- Data disposal: establishing secure data disposal procedures to ensure that data is properly destroyed or sanitized when no longer needed, in compliance with organizational policies and regulatory requirements.
- Contract Period/Term: 2 years
- Non-Mandatory Pre-Proposal Date: May 15, 2025
- Questions/Inquires Deadline: May 19, 2025