Colorado School of Mines

Buyer requires implementation of comprehensive data protection measures for handling sensitive university data. Buyer needs strict security controls, privacy safeguards, and compliance with applicable laws for all data processing activities. Buyer mandates specific incident reporting protocols and insurance requirements for data breaches. Buyer requires proper data handling by all contractors and subcontractors following contract termination.

• 5/30/2025 - Proposal Due Date

• Implement strong access controls for authorized employees
• Perform background checks on employees with access to data
• Securely handle and protect education records under FERPA
• Maintain security controls per CIS Critical Security Controls framework
• Respond to and report security incidents and breaches
• Securely destroy or return data upon contract termination
• Provide secure data download capability when requested
• Conduct annual SOC2 Type II audits
• Maintain Network Security and Privacy Liability insurance
• Document data handling by subcontractors
• Ensure data storage complies with NIST SP 800-171
• Implement data encryption in transit and storage
• Support individual requests to review or correct PII
• Develop contingency plan for business cessation
• Respond to legal orders seeking university data
• Prevent unauthorized data mining or scanning
• Ensure no storage of data outside continental US
• Certify compliance with Colorado data protection laws
• Prevent use of data for marketing or commercial purposes
• Establish proper data transmission protocols