NC State Information Security Plan -Selection of Appropriate Service Providers

Overview

Selection of Appropriate Service Providers

Due to the specialized expertise needed to design, implement, and service new technologies, vendors may be needed to provide resources that NC State College determines not to provide on its own. In the process of choosing a service provider that will maintain or regularly access covered data and information, the evaluation process shall include the ability of the service provider to safeguard confidential financial information. Contracts with service providers may include the following provisions:

An explicit acknowledgement that the contract allows the contract partner access to confidential information;
A specific definition or description of the confidential information being provided;
A stipulation that the confidential information will be held in strict confidence and accessed only for the explicit business purpose of the contract;
An assurance from the contract partner that the partner will protect the confidential information it receives according to commercially acceptable standards and no less rigorously than it protects Information Technology’s own confidential information;
A provision providing for the return or destruction of all confidential information received by the contract provider upon completion or termination of the contract;
An agreement that any violation of the contract's confidentiality conditions may constitute a material breach of the contract and entitles NC State College to terminate the contract without penalty; and
A provision ensuring that the contract's confidentiality requirements shall survive any termination agreement.

VII. Continuing Evaluation and Adjustment

NC State Information Security Plan - Selection of Appropriate Service Providers

NC State Information Security Plan -
Selection of Appropriate Service Providers