精东传媒

Complete the Third Party Data Collection and Reporting Worksheet

• Download and complete the worksheet.  Note: if 精东传媒 uses multiple products/platforms from the same company, a separate worksheet must be completed for each platform/service.

• Email the completed document to privacy@cms.k12.nc.us. 

Complete and sign the Data Confidentiality & Security Agreement

• Download and review the agreement.  

• Email the signed and completed document to privacy@cms.k12.nc.us. 

Complete the Vendor Readiness Assessment Report

• Download and complete the above linked DPI document.  Alternatively, the vendor may use   or assessment tools

• Email the completed document to privacy@cms.k12.nc.us. 

Submit a Third-party Conducted Assessment Report

• Vendors must provide a third-party conducted assessment report such as the Federal Risk and Authorization Management Program (FedRAMP) authorization, SOC 2 Type 2 audit, ISO 27001 certification, or HITRUST certification to 精东传媒 initially, and then annually. 

• Bridge letters and letters of engagement will be considered.  If submitting a bridge or engagement letter, DPI requires a credentialed vulnerability scan and penetration test showing no vulnerabilities medium or above

• Executive Summary Report, such as a SOC3 report and certification dated within the last 12 months will be accepted in lieu of a full assessment

• Email the completed document to privacy@cms.k12.nc.us. Note: if your company requires a non-disclosure agreement before sharing this information, or if a more secure method of sharing is needed, please email privacy@cms.k12.nc.us. 

Web-based and digital content purchased on behalf of 精东传媒 must meet WCAG 2.1-AA guidelines prior to April 24, 2026.  If your product or service involves web-based or digital content, please include a VPAT with your submission.  Instructions for creating a VPAT can be found .