Process Insight

Practices around data security, vendor management, and risk assessments are being refined and formalized. Some of this is driven out of compliance requirements, but much of it is simply tied to due care with respect to processing University data.

This process and the Data Usage Form (DUF) itself serve as an important piece in the overall effort to ensure such data is collected, stored, and used in known, approved, and secure ways.

Process Summary

The following steps represent a more complete statement of process steps managed by the Information Security Office (ISO) for the Data Usage Form (DUF) document:

1. A requestor completes the Data Usage Form (DUF) and submits it.
2. An ISO member will review the submission for completeness
3. An ISO member will compile relevant data protection practices and policies if applicable
4. An ISO member will complete a risk assessment based off the described data usage, vendor terms, and other available information
5. An ISO member will obtain data steward approval of the described data usage when necessary
6. An ISO member will submit the results of the review and assessment to Purchasing for further action when necessary

Further Reading

Data Usage Form (DUF) Procedure

Data Usage Form (DUF)

Data Usage Form (DUF) Qualtrics Form Instructions