Skip to main content

PSU Third-Party Vendor Integration

As of January 1, 2024, NCDPI has implemented a new process for PSU third-party vendor integration to strengthen security and privacy protections. The new process aligns with the NC Department of Information Technology (DIT) data security standards for third-party integrations with state systems. This new process is designed to ensure that PSUs have the resources they need to adequately evaluate the security readiness of vendor partners, provide alignment with the State of North Carolina Information Security Manual and the NIST 800-53 framework, as well as provide a more streamlined process that allows PSUs to implement a third-party application more quickly.

 

For all Third Party Vendors that share, send, or receive data from the PSU, it is required that: 

 

Once all the required documentation has been obtained, the PSU shall review to ensure that the documentation meets all applicable security standards. *Please turn in this documentation to a member of the tech team.  The PSU shall then upload a copy of the signed Data Confidentiality and Security Agreement and Third Party Data Collection Reporting Worksheet into the PSU Third Party Data Integration Reporting form provided by NCDPI. Once complete, PSUs may begin exchanging data.

 

Below, you can access the Data Confidentiality and Sharing Agreement & the Data Collection Reporting Worksheets for you to share with any vendor that you are considering making a purchase with. If the third party vendor shares, sends, or receives data from the PSU, these documents must be completed by the vendor before making the purchase.  

 

If you would like more information on this process, please see the link shared by North Carolina Department of Public Instruction -->   https://www.dpi.nc.gov/about-dpi/technology-services/third-party-data-integration.