Scientia Consulting Group (SCG)
is now part of
Added expertise. More technology solutions.
Same commitment to your organization’s technology journey.
Learn more about our new capabilities and colleagues at
The State Board’s Technology Support and Infrastructure Division sought to engage the professional services of an independent, qualified to conduct a multi-phased Comprehensive Risk Assessment. This assessment should include an Information Technology (IT) policy, program, and architectural Risk Assessment to identify risks, create a sound policy foundation, and develop a mitigation plan covering privacy, confidentiality, and security practices of a student, employee, and educational data systems. In addition, the assessment should cover security controls around hard copy data, specifically data containing Personal Identifiable Information (PII). During the Presentation Phase, the Vendor will make recommendations to key ISBE personnel that cover governance, security plans, policies, and procedures; system and applications architecture review; risk management and information security programs; and technical, management, and operational security controls.
The State’s Board is reliant on electronic infrastructure. There are over 150 applications, networks and interconnections to local education agencies (LEAs), schools, universities, and nonprofits. In recent years, ISBE has internally developed critical systems that collect and store confidential information at the district-, school-, educator- and student-level, and has developed a statewide longitudinal data system (LDS), hosted by a third-party vendor. The LDS is used by a variety of constituents and also includes public-facing portals. The State Board’s security and protection of private and confidential data is a paramount responsibility.
While the State Board’s electronic infrastructure is extensive, hard copy data is present and remains in-use throughout the agency. Protecting this data, particularly any data containing PII, is of high importance to the agency. The Vendor will provide recommendations to the State Board for any necessary revisions and/or formulation of new data controls that specifically address any risk from policy or practice identified during the assessment.
SDI as a Subcontractor to Crowe LLP will deliver the following services:
