PSU Third-Party Vendor Integration

As of January 1, 2024, NCDPI has implemented a new process for PSU third-party vendor integration to strengthen security and privacy protections. The new process aligns with the NC Department of Information Technology (DIT) data security standards for third- party integrations with state systems. This new process is designed to ensure that PSUs have the resources they need to adequately evaluate the security readiness of vendor partners, provide alignment with the State of North Carolina Information Security Manual and the NIST 800-53 framework, as well as provide a more streamlined process that allows PSUs to implement a third-party application more quickly.

Overview

The purpose of the process is to ensure PSUs (Public School Units) have the resources to evaluate vendor security readiness and to provide a streamlined path for approving third-party applications that share, send, or receive PSU data.

Required Actions for Vendors

For all Third Party Vendors that share, send, or receive data from the PSU, it is required that:

Submission & Review

Once all required documentation has been obtained, the PSU shall review it to ensure compliance with all applicable security standards. Submit this documentation to a member of the technology team. The PSU shall then upload a copy of the signed Data Confidentiality and Security Agreement and Third Party Data Collection Reporting Worksheet into the PSU Third Party Data Integration Reporting form provided by NCDPI. Once complete, PSUs may begin exchanging data.

If you would like more information on this process, please see the link shared by the North Carolina Department of Public Instruction:

North Carolina Department of Public Instruction – Third Party Data Integration

Helpful Links & Downloads

Data Confidentiality & Sec. Agreement
Data Collection Reporting Worksheet
Third Party Vendor Integration Checklist
Third Party Process Overview Flow Chart