The vendor is required to provide for an integrated electronic training and learning management system (LMS) for the public university system, which includes six universities and two k-12 special schools.
- Requirements:
• Provide an executive summary outlining the contractor’s organization and the services provided.
• Provide certification of compliance with provide a certification of compliance with all applicable federal, state, and local laws, rules, regulations and statutes.
• The capability for integration with Ellucian banner, HRFIS and SIS.
• Contractor will identify the costs, if any, to implement integration features.
• Provide a full list of curricula available for students, volunteers, and employees, including, but not limited to trainings to comply with federal regulations as outlined
• The vendor adjusts curriculum in response to new, or changing, federal regulations as outlined
• Serve as a centralized system that supports six distinct universities, central board office and two special schools, with the ability to differentiate access and security at each university and school within the system.
• Must be compliant with all federal accessibility requirements, including the ability to deliver all applicable services and products in reasonable compliance with applicable standards.
• The ability to modify, brand and edit delivered training modules to ensure compliance with statutory requirements.
• The ability to upload customized videos and training presentations to provide to students and employees at the institutional and departmental level.
• Content must be available and accessible on smartphones, tablets, and other mobile devices (please identify the brands and models of mobile devices, operating systems, and internet browsers that are compatible with your LMS).
• Be accessed using the latest version of the most used browser on any operating system (microsoft edge, Mozilla Firefox, safari, chrome)
• Store, broadcast, and track courses produced in widely varying digital formats, especially digitized video, and courses with multiple digital files in differing formats.
• Organize courses into a catalog searchable by subject, keywords, and/or title.
• Provide reporting tools to easily track and monitor training progress at the individual, institution, and department levels.
• Provide information on the ability to utilize automated issuance for specific training to all new hires and new students without manual issuance based on employment or student status.
• The process to grant access to new hires and new students into the system through automated file transfers.
• The ability to establish training plans for students and employees.
• Contractor must be able to support single sign on (SSO) integration with each institution.
• Contractor must be willing to comply with all regulatory posting and retention requirements, including that all materials used to train title ix coordinators, investigators, decision-makers, and any person who facilitates an informal resolution process.
• Such training materials must also be kept for seven years.
• Contractor should describe customer service and technical support resources available.
• Vendor must be able to provide transcripts of training offerings for investigative purposes.
- Data security, privacy, and compliance requirements
• The contractor acknowledges that all rights, including intellectual property rights, to customer data belongs to the board
• The contractor is granted a limited, non-exclusive license to use customer data solely for fulfilling obligations under the agreement.
• The contractor must use customer data only for fulfilling duties under the agreement and must not disclose it without prior written consent from board.
• Protected customer data must not be stored outside the country without prior written consent from board.
• Access to such data is limited to employees and subcontractors with a legitimate need to know and proper training.
• The contractor must comply with all relevant federal and state laws and standards, including the family educational rights and privacy act (FERPA), health insurance portability and accountability act (HIPAA), Gramm-leach-Bliley act (GLBA), and payment card industry data security standards (PCI-DSS).
• Compliance should cover data privacy, security, and appropriate data handling practices.
• The contractor must maintain security controls to ensure the integrity, availability, and confidentiality of customer data using commercial best practices.
• If storing or processing protected customer data, the contractor must comply with NIST SP 800-171 or ISO/IEC 27002 standards, including encryption requirements for data at rest and in transit.
• Multi-factor authentication (MFA) must be implemented for any account accessing customer data.
• The contractor must ensure that employees with access to customer data have passed background checks and are not debarred or sanctioned.
• The contractor must ensure that any artificial intelligence (ai) systems used in the delivery of services securely manage and process personally identifiable information (PII) and customer intellectual property (IP).
• The contractor must not store or use customer data, including PII or IP, in any ai model or sub-system without explicit written consent from board.
• Ai systems must not retain, repurpose, or train utilizing customer data without prior approval from board.
• The contractor must regularly monitor ai system performance, accuracy, and bias. any issues impacting customer data or outputs must be promptly communicated to board.
• In the event of a security breach involving customer data, the contractor must immediately, no later than 48 hours after discovery, notify board and fully cooperate in the investigation and resolution efforts.
• If a breach occurs that involves ai systems and exposes customer data the contractor must report it promptly and take corrective actions.
• When a breach is caused by the contractor’s actions or negligence, the contractor will bear the cost, excluding consideration for limitation of liability, of breach-related remediation, including notifications, credit monitoring, and legal fees.
• Alternatively, the contractor may maintain an appropriate level of cyber liability insurance, as negotiated with board, to cover such costs.
• Following a breach, the contractor must provide a breach investigation report detailing the root cause, corrective actions, and long-term preventive measures implemented.
• Upon termination or expiration of the agreement, the contractor must securely transfer or destroy all customer data as directed by board and provide documentation of the data destruction.
• Board reserves the right to conduct security audits to ensure compliance with the agreement.
•  As an alternative, the contractor may provide a current, compliant soc-2 or iso 27001 report, including third-party security audit results, vulnerability scans, and penetration testing reports as required.
• The contractor must immediately notify board of any subpoenas, warrants, or legal demands for customer data.
• The contractor must consult with board regarding responses and cooperate fully in responding to any such orders.
• Security provisions related to customer data must survive the termination of the agreement until all data has been returned or securely destroyed.
- Contract Period/Term: 3 years
- Questions/Inquires Deadline: March 26, 2025