Policies and Procedures

1. Kaskaskia Preferences

• Vendors that have a representative assigned to the College who understands the institution's mission, challenges, and limitations of higher education.
• Long-term relationships with responsible vendors.
• Kaskaskia College will follow procurement of services, equipment, and projects in accordance with the IL Public Community College Act -- 110 ILCS 805/3-27.1 and all other applicable state and federal regulations.
• Kaskaskia will challenge prices from vendors when prices deviate significantly and consistently from past patterns.
• IT contracts are generally centralized into the IT Department for better cost control, efficiency, management, and support. A copy of all contracts will be stored in the college's Procurement Office.
  
  

2. Definitions

Vendor: Any third-party entity providing goods or services.

Vendor Management: The process of overseeing vendor relationships from selection to termination.

Procurement Office: The department responsible for overseeing vendor selection, contract negotiation, and compliance.

Statement of Work (SOW): A document that clearly describes the scope of services provided under the contract or purchase order.

3. Roles and Responsibilities

Procurement Office: Oversees vendor selection, contract negotiation, and compliance.

Department Heads: Ensure vendors meet performance expectations.

IT and Legal Teams: Review contracts for data security and legal compliance.

4. Contract Management

Contracts that include the exchange of sensitive data must require state confidentiality agreements to be executed by the vendor, must identify applicable state and federal policies and procedures to which the vendor is subjected, and must identify security incident reporting requirements.

Contracts must include:

• Scope of work
• Payment terms
• Performance metrics
• Termination clauses
• Data protection and breach notification terms

Renewal and Termination:

• Contracts are reviewed before expiration.
• Renewal decisions based on performance and continued need.
• Termination procedures include:
  • Final performance review
  • Return of institutional property/data
  • Final payment and closure documentation

5. Performance Monitoring

• Regular reviews based on Key Performance Indicators (e.g., delivery time, quality, support)
• Issues are documented and addressed promptly

Ensuring the 3 R's below:

1. Responsibility
2. Responsiveness
3. Reliability
   
   

6. Risk Management

• Maintain a vendor risk register
• Ensure compliance with:
  • FERPA, HIPAA, GDPR (if applicable)
  • Conflict of interest disclosures
• Classify vendors by risk level (e.g., high-risk vendors handling sensitive data)
• Evaluate vendors' prior partnerships with the institution's 3 R's performance monitoring
• Conduct periodic audits and compliance checks

7. Policy Review and Updates

Annual review of vendor management procedures.

Incorporate feedback from departments and vendors.

Update procedures based on regulatory or institutional changes.

8. Contact Information

For assistance with implementing this policy, contact:

• Procurement Office: procurement@kaskaskia.edu
• IT Department: helpdesk@kaskaskia.edu
• Policy Questions: privacy@kaskaskia.edu

Adopted: 10/22/2025