Purpose:
To ensure protection of DSCC’s Information Technology assets and DSCC data that are accessible by vendors through the review, modification and/or termination of agreements with third-party vendors.
Scope:
The policy applies to all potential and current vendors of IT related products and services.
Policy:
The Vice President for Technology will establish a vendor management procedure to ensure vendor performance capabilities are sufficient to meet IT requirements and to protect DSCC networks and confidentiality.
Contracts or relationships with outside vendors that involve College data or information shall be reviewed and approved by the Vice President for Technology. The Vice President for Technology will coordinate with the Director of Administrative Services on all third-party contracts where access to information may be involved.
Third parties requesting access to electronic networks, device and data will assure compliance to all laws including those pertaining to accessibility, DSCC policies, TBR policies and standards such as confidentiality, integrity and availability, to protect the systems and information of DSCC. The Vice President will examine for risk the proposed access by the third party before approving any access. The granting of access will typically be for a limited time and be revocable. Vendor Monitoring:
- All contact and interactions with vendors will be done in accordance with DSCC and TBR policies governing procurement procedures and in consultation with the Director of Administrative Services.
- IT will monitor the vendor’s performance for those vendors who provide goods and/or services. IT will report issues of performance or confidentiality violations to the Director of Administrative Services.
- While the preferred method of IT procurement is to use existing contracts, IT will provide the Director of Administrative services with a list of IT vendors when it is necessary to issue an RFP or create a local contract.
- IT will provide technical and confidentiality language recommendations for RFP’s and contracts related to the purchase of IT goods and services including those which involve DSCC data. Sample language is included in the IT Standards and Procedures Manual. Non-disclosure agreements may be required if there is a special need for confidentiality of the information.
Compliance:
All DSCC employees are expected to abide by this policy. Any employee found to have violated this policy may be subject to disciplinary action, up to and including termination of employment or suspension.
Definitions:
Application software – Software that performs a group of functions such as Microsoft Office, Internet Explorer, Adobe Acrobat.
IT – Information technology
IT Standards and Procedures Manual – Official document of the IT department that contains the standards and procedures used in the management and daily operations of the IT environment.
Network infrastructure – Hardware and software resources which form a communications network. This includes but is not limited to switches, routers, filters, access points, etc.
TBR – Tennessee Board of Regents
Technology resource – Any type of computing, telecommunications, or instructional technological resource in classrooms, offices or open areas. This includes computers, tablets, projector, wireless presenters, printers, monitors, phones, etc.
User – Faculty, staff, student or community member who is using the technology resources of the college
Revision History:
New policy approved by Admin Council on July 29, 2016.