CARDS (CSE Agreement Review for Data Security) is a comprehensive service request process implemented in Team Dynamics (TDX) that facilitates a thorough review of agreements by the Information Security (ISEC) Governance, Risk, and Compliance (GRC) team at Chico State.
The system features an intuitive front-end portal where requesters from both campus departments and auxiliaries like CSE can document critical agreement information, including:
- Internal campus program contacts from both stateside and auxiliary units
- External stakeholders and partners
- Project summary with detailed data overview
- Scope of confidential information
- Specific locations of IT, confidentiality, and privacy requirements within agreements
- Personnel requiring access to confidential data
- Data sharing arrangements
- IT signature requirements and associated timelines
The robust back-end process empowers the ISEC GRC team to:
- Maintain transparent review status tracking (visible to requesters)
- Document and track security actions
- Perform thorough confidentiality assessments
- Apply appropriate data classification levels
- Identify and document all IT and confidentiality requirements
- Conduct a comprehensive gap analysis between contractual requirements and institutional capabilities
- Assess and communicate overall risk levels
CARDS serves the dual purpose of ensuring Chico State and its auxiliaries can fulfill all security and IT obligations while also identifying requirements that might exceed current capabilities. This balanced approach prevents both compliance failures and over-commitment to unattainable standards (such as specific NIST frameworks), particularly in high-value contracts. By implementing this proactive review process, the university maintains compliance integrity while making informed decisions about technical and security commitments.