3.4.1 DATA ENCRYPTION a) Vendor’s platform must employ encryption algorithms to safeguard sensitive data at all times. 3.4.2 CYBER RESILIENCE a) Vendor must attain a Bitsight score of 700 or higher. b) Vendor’s platform must integrate with third-party applications or services securely, utilizing authentication, authorization, and data encryption best practices. c) Vendor must maintain regular data backups and robust disaster recovery mechanisms to uphold data integrity and availability. d) Vendor must conduct regular independent security assessments to detect and mitigate vulnerabilities, including thorough due diligence on third-party services or subcontractors. 3.4.3 INCIDENT RESPONSE a) Vendor must have a comprehensive incident response plan and procedure for detecting, responding to, and recovering from security incidents. b) Vendor must have the capability to promptly notify the college of any security issues, updates, or reports concerning the platform and the college’s data within it. c) Vendor must have Disaster Recovery and Business Continuity plans in place, to include data backup strategies and failover procedures...
