GCPS Partner Principles Agreement
The information below details the expectations for organizations that are interested in partnering with GCPS.
GCPS Partner Principles
The Gwinnett County Public Schools system is in some cases required by federal law to exercise direct control over our vendors’ collection and use of personal information relating to members of the GCPS community. We require vendors interested in engaging in discussions with GCPS concerning a potential relationship with GCPS to be willing to adhere to at least the following basic principles:
- The vendor must be willing to agree to access and collect Protected Data only to the extent necessary to perform the services;
- The vendor must be willing to agree not to use Protected Data for a commercial purpose, included targeted advertising, except as necessary to perform the services or as otherwise expressly authorized in writing by GCPS;
- The vendor must be willing to agree to provide GCPS access to Protected Data so that GCPS can respond to FERPA requests within 45 days;
- The vendor must be willing to agree to have in place a comprehensive information security program based on industry best practices and in compliance with applicable law. In accordance with such information security program, the vendor must be willing to agree to implement and maintain reasonable administrative, physical, and technical safeguards, and to conduct, for example, regular risk assessments, internal and external penetration testing, and vulnerability testing and to share with GCPS summaries of the results of such assessments and testing;
- The vendor must be willing to agree to comply with all applicable law, which may include the Children’s Online Privacy Protection Act (COPPA), Family Educational Rights and Privacy Act, and the Georgia Student Data Privacy, Accessibility, and Transparency Act; and
- The vendor must be willing to agree to ensure its personnel and subcontractors meet the same standards that GCPS requires of its vendors.