Vendor Overview

  • Charlotte-Mecklenburg Schools (CMS) must protect staff and student data according to NC General Statute Article 29 §115C. New requirements, effective January 1, 2024, aim to enhance cybersecurity for staff and student personal data. Third-party companies receiving staff and student data from CMS must complete a rigorous process, reflecting the importance placed on data security.

    These requirements are based on NC DIT security policies which follow the NIST 800-53 framework. Third-parties must follow specific steps, outlined below, before CMS will review and approve sharing data with third-parties.


  • Step 1 - Identify the Shared Data

  • Step 2 - Agree to Terms & Conditions

  • Step 3 - Complete a Self-assessment

  • Step 4 - Provide Evidence of a Third-party Assessment/Audit