Information Security
Data Usage Form (DUF) Process
Last modified 11/27/2023
Process Insight
Practices around data security, vendor management, and risk assessments are being refined and formalized. Some of this is driven out of compliance requirements, but much of it is simply tied to due care with respect to processing University data.
This process and the Data Usage Form (DUF) itself serve as an important piece in the overall effort to ensure such data is collected, stored, and used in known, approved, and secure ways.
Process Summary
The following steps represent a more complete statement of process steps managed by the Information Security Office (ISO) for the Data Usage Form (DUF) document:
- A requestor completes the Data Usage Form (DUF) and submits it.
- An ISO member will review the submission for completeness
- An ISO member will compile relevant data protection practices and policies if applicable
- An ISO member will complete a risk assessment based off the described data usage, vendor terms, and other available information
- An ISO member will obtain data steward approval of the described data usage when necessary
- An ISO member will submit the results of the review and assessment to Purchasing for further action when necessary
Further Reading
Data Usage Form (DUF) Procedure
Data Usage Form (DUF) Qualtrics Form Instructions