- Lexington City Schools
- Business and Finance
- 3rd-Party Vendor Purchasing Contract Requirements
Departments
Page Navigation
- Home
- Business and Finance
- School Nutrition
- Elementary Curriculum
- Facilities and Maintenance
-
Human Resources
- Employment Opportunities
- Frontline Substitute Request System
- LCS Job Board: TalentEd
- Substitute Information and Employment
- Lexington City Schools Employee Handbook
- Professional Development/Renewal Credit Resources
- Look Up Your Renewal Credits and UID Number
- NC Public Schools Benefits & Employment Policy Manual
- License Renewal Requirements
- Secondary Curriculum
- Special Programs
-
Technology & Media Services
- Apex Learning
- AR
- Canvas for Teachers
- Canvas for Students
- Clever
- Classroom and Schoolwork Apps
- Data Privacy
- Digital Learning Competencies
- Digital Resources K-12
- Digital Tools PK-6
- DLC Pathways
- Elementary Coding & Robotics
- HMH SAM
- ISTE Standards
- iPad & MacBook Certification & Badges
- ISTE
- Make Your iPad Accessible
- NC K-12 Open Ed Resources
- NC TIES
- Password Change/Reset
- SAMR Model
- Schoolnet Resources
- Support Staff
- Submit a Tech Ticket
- Technology Knowledgebase
- Tech Tips & Troubleshooting Guide
- Transportation
-
Third-Party Vendor Purchasing Contracts when requiring PII from Lexington City Schools
Lexington City Schools (LCS) is mandated to safeguard student data in accordance with North Carolina's General Statute 115C, Article 29. Given the exponential increases in the use of online classroom tools coupled with the heightened cybersecurity threats, the North Carolina Department of Public Instruction is setting new standards starting January 1, 2024, aimed at preventing unauthorized student PII (Personal Identifiable Information) breaches.
Third-party entities seeking student PII from LCS must undergo a detailed vetting procedure. This procedure is extensive, demanding significant time and resources from the third-party company. The findings from this procedure will help assess the robustness of a third-party's IT infrastructure, which directly affects their capability to secure LCS student data. Both LCS and NC DPI's strict measures underscore the critical importance they place on student data protection.
The guidelines to follow are primarily rooted in the state's IT protocols as stipulated by the North Carolina Division of Information Technology (NC DIT), which in turn are based on the NIST 800-53 framework.
To comply, third-party companies should adhere to the detailed steps provided. After all documentation is submitted, LCS will evaluate and provide feedback. Once approved, the documents will be sent to DPI for a final decision.
It's important to note: Contracts signed before January 1, 2024, get a grace period of one year to meet these standards. Contracts signed from January 1, 2024, onwards must ensure full compliance before LCS can share student data.
Steps for Third Party Vendors requiring access to PII
Related Content:
