Metropolitan Community College

Buyer seeks an Information Technology contractor who can provide services while maintaining strict compliance with privacy laws and information security requirements. Contractor must safeguard personal information of MCC Community Members according to FERPA, GLBA, and other privacy regulations. The agreement requires implementation of comprehensive security protocols, regular audits, and immediate breach notifications. Buyer emphasizes protection of student and employee data with robust confidentiality measures.

• 5/2/2025 - Proposal Due Date

• Ability to protect Personal Information according to commercial standards
• Maintain control over any subservicers used
• Have cyber-liability insurance with $1M per occurrence/$2M aggregate
• Ability to comply with FERPA, GLBA, and other Privacy Laws

• Implement FERPA-compliant data security measures
• Maintain a formal security and privacy program
• Establish security control frameworks linked to risk management
• Undergo penetration tests and vulnerability assessments
• Complete annual SOC1 and SOC2 Type 2 audits
• Develop formal security incident response capabilities
• Notify MCC of security breaches within 24 hours
• Participate in MCC's audit processes
• Respond to annual due diligence questionnaires
• Maintain cyber-liability insurance coverage