Data Usage Form (DUF) Procedure
Last modified 5/11/2022
The Information Security Office fulfills Data Usage Form (DUF) requests for software purchases where a party outside of the university would receive or otherwise process institutional data.. The procedure below should be followed when a Data Usage Form (DUF) is needed.
This procedure should be followed when a Data Usage Form (DUF) is needed.
- A requestor completes and submits the Data Usage Form (DUF) in Qualtrics.
- Once submitted, a confirmation email will be sent to the requestor and a ticket will be created in the ISO Cherwell ticket queue.
- An ISO member will review the submission for completeness and fill in any missing fields, if necessary.
- The ISO member will then complete a risk assessment of the described data usage, vendor terms, and other available information.
- The ISO member will then send the ticket to the Chief Information Security Officer for final review.
- The CISO will review the DUF and the risk assessment. This step may be delayed if more information is needed.
- The CISO obtains data steward approval for the described data usage, if necessary.
- If approved, the CISO will submit the review and assessment to Purchasing for further action. The customer will also receive a notification that the DUF has been completed.
Getting DUF Status Updates
- Once an ISO member begins processing your DUF request, you will receive an email with a link to view the ticket in the Cherwell customer portal.
- After logging in, you may click "Track My Issues & Request" under the Illinois State University Logo to locate your ticking. The email you received will have the Ticket Service Request number in the email subject.
- The current status of your DUF will be noted within the Journal Notes of the ticket. To view the journal notes, click on the Journal Notes tab at the bottom of the ticket.